Network Intrusion Detection (3rd Edition)

版权声明：原创作品，允许转载，转载时请务必以超链接形式标明文章原始出版、作者信息和本声明。否则将追究法律责任。 http://blog.youkuaiyun.com/topmvp - topmvp

Network Intrusion Detection: An Analyst's Handbook explains some of what you need to know to prevent unauthorized accesses of your networked computers and minimize the damage intruders can do. It emphasizes, though, proven techniques for recognizing attacks while they're underway. Without placing too much emphasis (or blame, for that matter) on any operating system or other software product, author Stephen Northcutt explains ways to spot suspicious behavior and deal with it, both automatically and manually.

The case studies, large and small, are the best part of this book. Northcutt opens with a technical brief on the methods used by Kevin Mitnick in his attack upon Tsutomu Shimomura's server. In documenting that famous attack, Northcutt explains SYN flooding and TCP hijacking with clarity and detail: readers get a precise picture of what Mitnick did and how Shimomura's machine reacted. A former security expert for the U.S. Department of Defense, Northcutt explains how a system administrator would detect and defeat an attack like Mitnick's. Another case study appears later in the book, this one in the form of a line-by-line analysis of a .history file that shows how a bad guy with root privileges attacked a Domain Name System (DNS) server. Reading Northcutt's analysis is like reading a play-by-play account of a football match. Network Intrusion Detection is one of the most readable technical books around.

http://rapidshare.com/files/50542831/0735712654.rar