First page Back Continue Last page Overview Graphics

Classic Techniques

Malformed packets
Pattern matching
Protocol decoders
Statistical analysis

Notes:

Malformed Packets - SYN set with data, other less-used IP options, etc. Firewalls often block these.
Pattern matching - using bitwise comparison, regular expressions, etc.
Protocol Decoders – per protocol parser (HTTP, SMTP, etc).
Statistical analysis – For example, ratio of SYN to SYN-ACK and ACK packets to detect port scanning.
Performance versus complexity trade off

Classic Techniques

Malformed packets

Pattern matching

Protocol decoders

Statistical analysis

Notes: