Stalker conveniently groups patterns into classes, such as Trojan Horse. Space does not permit an exhaustive list and description of attacks detected by Stalker. Table 8.1 summarizes this information.
The MD was developed over several years and has a good foundation in intrusion detection research. IDSs use different engines for analyzing attacks. Some, such as CMDS, […]
Stalker is a client-server, heterogeneous IDS for UNIX systems. In addition to providing intrusion and misuse detection, Stalker also can be used for audit reduction to whittle down a collection of audit records into meaningful information.
Stalker employs a client-server model for distributed, heterogeneous UNIX systems. The Stalker Manager software is installed on a central server […]
By far the largest number of attacks detected by IDSs involve a single event. Examples include the following:
A nonprivileged user changes a privileged program by writing to its location on disk.
A nonprivileged user reads a privileged file.
A program deletes too many files in successive operations.
Someone creates a filename with special characters.
A privileged user runs a […]
The favorite attack for a cracker is to look for SUID root programs with exploitable bugs. SUID and SGID programs owned by other users are also important. For example, if a user can crack some SGID mail program, then that person will be able to operate with the group privileges of the mail account. A […]
