You are examining a packet from an unknown host that was trying to ping one of your protected servers and notice that the packets it sent had an IPLen of 20 byes and DgmLen set to 60 bytes. What type of operating system should you believe this packet came from?

You have found a user in your organization who has managed to gain access to a system that this user was not granted the right to use. This user has just provided you with a working example of which of the following?

You are configuring your new IDS machine, where you have recently installed Snort. While you are working with this machine, you wish to create some basic rules to test the ability to log traffic as you desire. Which of the following Snort rules will log any tcp traffic from any host other than 172164050 using any port, to any host in the 100100/24 network using any port?

What step in the process of Intrusion Detection as shown in the exhibit would determine if given alerts were part of a bigger intrusion, or would help discover infrequent attacks?

You are reviewing your company’s IPChains Firewall and see the command (minus the quotes) “ ! 101010216” as part of a rule, what does this mean?