当然那些IT Networking的专业人士,他们真得很厉害,比起那些说得天花乱坠,理论多过道理的人还要佩服。
Henry的答案,虽然说我也看不懂什么东西,不过他的答案,让高手一看就知道是个高手。
|
1). If I ping from host A to host B, using ICMP Type 8 code 0, this ICMP packet will goes to which port?
2). Based on this information=handshake2.txt point out the handshake packets 3). What kind of event that you can derive from this trace file :trace1.pdf 4). And what kind of event that you can derive from this trace file? : trace2.pdf 5). Based on this alerts information :alerts.pdf , can you identify any possible irregular behaviour of the traffic?(traffic_a.pdf) 6). With the existence of IPS, what do you think on the relevance of IDS. |
Henry的答案
| 1) switch port la.
2) look for all those packets with syn – syn ack – ack. this is the tcp handshake 3) syn portscan. u can use nmap run with the syn scan option and run wireshark to try on your own notebook. 4) looks like a stealthed portscan 5) i know it is establishingconnection with 443 (https) but wtf is it doing, cannot verity. needmore packet dumps. maybe just some stupid SSL exploit that works bcosthe server not patched. 6) well this one, each personhas their own view. i feel that with IPS, the concept has made IDSirrelevant because, theoretically, an IPS is an IDS with automatedprevention. However, practically, IDS are better suited to certainenvironments, including information gathering, but if u turn off theautomated prevention features of an IPS, u practically have an IDS… |
这些问题是我在MSN问的,在论坛上几乎没人回答这个问题,不知道是没人看到还是不想说,我可以肯定的是,当我问henry这个问题是,他可以直接一题一题的答复我。这是我最佩服的地方
当然,Cari的高手也很多,而且深藏不漏的高手云集,每次去那里看看偷师,虽然看不懂他们说什么,不过去Google一下就懂很多鸟!!!!!
