Last Updated on April 30, 2021 by Admin
What information must an IPS track in order to detect attacks matching a composite signature?
- the total number of packets in the attack
- the state of packets related to the attack
- the attacking period used by the attacker
- the network bandwidth consumed by all packets
Answers Explanation & Hints:
A composite signature is called a stateful signature. It identifies a sequence of operations distributed across multiple hosts over an arbitrary period of time. Because this type of attack involves multiple packets, an IPS sensor must maintain the state information. However, an IPS sensor cannot maintain the state information indefinitely. A composite signature is configured with a time period to maintain the state for the specific attack when it is first detected. Thus, an IPS may not be able to maintain all the information related to an attack such as total number of packets, total length of attack time, and the amount of bandwidth consumed by the attack.