Burglar AlarmsforDetecting IntrusionsMarcus J. Ranum<mjr at nfr.net>
Disclaimer
Burglar Alarms
Burglar Alarms (cont)
Burglar Alarms (cont)
Burglar Alarms (cont)
Burglar Alarms: Pro
Burglar Alarms: Con
The Right Thing to Do
Simple Burglar Alarm
Simple Burglar Alarm (cont)
Simple Burglar Alarm (cont)
Simple Burglar Alarm: 2
IDS and firewalls
IDS Firewall Alarm
IDS Firewall Alarm 2
Building: Burglar alarms
Building a Scan Alarm
A Scan Alarm
Building a Scan Alarm (cont)
Building a Scan Alarm (cont)
Trapping Actions
Trapping Actions (cont)
Trapping Actions (cont)
Chroot-a-nono
ls-o-matic
Shared-Library boobytrap
Nit-pick
File-change-o
File shrinkener
Stupid Hacker Tricks
Terrify Suzy*
Fake Hacktools
Roto-Router
Scan Slower
Phat Warez
Redirector
Socket Stuffer
Auditor Biter
Rat Poison Files
Noset Executable
No Exec Stack
Fake Holes
DumDum Users
Summary