Site News


A survey, shows that less then 40% of the British public feel they are well informed about science.

New Articles - Earth's Carbon Cycle Ultra Sonic Frogs Environmental Niche & Dinosaurs Seismic Waves Global Warming Life Support Systems Introduction to the Big Bang The Problem of Acid Rain

Our science section is in production with a proposed 1 Mar 07 "Grand launch" date.


The Linux Convert site explains how, even today, building your own linux box can be cheaper than getting an off the shelf Windows PC. There is a new article on why you should use linux there now.

New articles: Firewall Bypass Attack Snort For Newbies Malware and Intrusions Intrusion Detection Systems Malware, Trojans and Virus infections and Infection Removal

If you have any comments or suggestions for topics we should cover under the technology banner then please stop by the discussion board and let us know.

Intrusion Detection Systems

TCP header analysis

An IDs should look at the file headers for the following elements:

Packet size: The TCP header in its entirety should contain all the required data (20 octets). Splitting of TCP packets is sometimes used to pierce firewalls, so a check should be made for short packet length (indicating a possible form of attack ) and zero length packets (which can be a form of flooding or virus attack.)

Port numbers:Source and destination port addresses match. It does not necessarily follow that if port addresses do not match there is an intrusion, but it is suspicious behaviour and will therefore be captured as suspicious use.Multiple port intrusions from the same IP should be identified, as this can indicate a form of overt port sniffing to find open service ports on the network and can also be used in various virus attacks.

TCP flags: Packets are to checked for a correct combination of TCP flags. For instance URG and PSH flags can be used only when a packet contains data. Suspicious flag combinations include invalid combinations of SYN and URG or SYN and PSH flags. The IDS should also check for SYN flooding using both destination port address and ACK NACK flags to check whether a multitude of SYN ACK requests has been sent to a specific port.

The results of running the lightweight IDS on a sample log file from a network known to be compromised were as follows

  • Number of address violations detected :448
  • Number of port violations :273
  • trojan_trojan-active-subseven : Detected : 0 times
  • trojan_trojan-active-codered : Detected : 408 times
  • Broadcast packets detected : 1 times
  • Syn flood packets detected : 859 times
  • Attempt to blind reset connections : 139 times
  • Protos SNMP attack detected : 416 times

Security policy

A security policy is a statement of the security that the system is expected to enforce. Some elements of the policy will be based on the military security model, that is the “hierarchy of sensitivities.” This grades access to resources according to a hierarchy structure, which can be then used in simple set or domain models to determine a user’s needs, both in relation to other users and to the overarching security policy.

Creating access rights and user needs rules will depend on a form of task orientated analysis using event sequencing - i.e. running simulated activities for the day to day tasks of the users. This will help determine normal resource usage and help place them in the hierarchy and provide a comparison of user needs versus security needs.

Page 1 - Page 2 - Page 3 - Page 4

XHTML CSS level 2 W3 Sites Any Browser GEO Url


RSS Feed

News Provided By The BBC