427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet263/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   259   260   261   262   263   264   265   266   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
Advanced Ourmon Techniques • Chapter 9
323
Continued
427_Botnet_09.qxd 1/8/07 4:45 PM Page 323

the maximum Ethernet packet size of around 1500 bytes, we only get
81,300 pps. These days your garden-variety PC can handle 81,300 pps, so
a hacker is not going to send 1500-byte packets. 
The implications here are clear. Small packets are nasty for the
receiving host or network. NICs on the receiving side and host operating
systems could be overwhelmed due to interrupts and other problems.
Intermediate smaller systems like routers, wireless access points, and the
like, if not robust enough, might also have severe problems. Although
this won’t help everyone, Cisco has some suggestions for making its sys-
tems more robust, including using its TCP intercept feature. For example,
see http://cio.cisco.com/warp/public/707/4.html or http://cio.cisco.com/
univercd/cc/td/doc/product/software/ios113ed/113ed_cr/secur_c/scprt3/
scdenial.htm.
In general, dealing with these kinds of attacks is very difficult, and
it is a problem that’s far from being solved.
Ourmon Event Log
In this section we briefly discuss the ourmon 
event log,
which we introduced
in the previous section. Ourmon stores various front-end probe and back-end
“events” of interest in the event log. For the most part, events are either
important security events or important system events such as probe reboots. A
daily log of events is created and placed on the Web for reference.The event
log can be found on the main Web page. Refer back to Figure 7.1 and note
that the daily event log and yesterday’s event log are available for quick refer-
ence under the 
important security and availability reports/web pages 
heading.The
week’s worth of event logs is available at the bottom of the main page as
shown in Figure 7.3. Like every other log in ourmon, the event log is also
saved for a week and rotated at midnight.
Roughly anything that is deemed highly important is put in the event log,
including the following types of events:

Important probe events like reboots and trigger-on and -off messages

Back-end software problems, including taking too much time to pro-
cess the 30-second probe outputs

Back-end anomaly detection events

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   259   260   261   262   263   264   265   266   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish