hệ thống hoặc mạng nên bị mất chức năng dần dần, như một chức năng của mức độ nghiêm trọng của cuộc tấn công so với khả năng của mình để bảo vệ chống lại nó."Một phòng thủ tốt bắt đầu với một sự hiểu biết thấu đáo về hành vi phạm tội của đối thủ. | IDS Evasion Chapter 16 705 in any fashion. Most systems are quite simply bait meaning they are designed to be the most attractive target on a network segment. It is the hope of the defender that all attackers would see this easy point of presence and target their attacks in that direction. Although it has been seen that there is cause to have bait systems configured identically to other production systems on the target network hopefully hardened so that if an attacker s presence is detected on the honeynet nobody can transmit any data to this system without detection the defender can be sure vulnerabilities exist in their production configuration. And with the added benefit of detailed logging some low-level forensics will typically reveal the vulnerability information along with any backdoors the intruder used to maintain their foothold. Keep in mind no system is foolproof. Attackers should be able to discern that they are behind a bridge by the lack of Layer 2 traffic and the discrepancy in Media Access Control MAC addresses in the bait system s ARP cache. See http for more details. Using Application Protocol Level Evasion IDS sensors have the ability to inspect the protocol internals of a communications stream to aid in the detection process. There are two basic strategies vendors employ application protocol decoding where the IDS will attempt to parse the network input to determine the legitimacy of the service request and simple signature matching. Both of these approaches have their own unique challenges and benefits we will see that most IDSs probably implement a hybrid of these solutions. Opportunities to evade detection are available at every layer of the protocol stack. Security as an Afterthought Application developers are typically motivated by features and dollars. We all know that the end user is the ultimate decision maker on the success or failure of software. In an effort to please end users provide maximum compatibility and .