Signature Engine AIC Atomic ARP meta Engine

-

1.1.1.1 Signature Engine

A signature engine is a part of the IPS that is designed to support many signatures in a specific category. Every engine has a set of factors that have acceptable ranges or sets of values.

IPS 6.0 consist of the following signature engines:

AIC (Application Inspection of Control) Engine that provides by analysis of web traffic. The AIC engine provides control over HTTP sessions to prevent harmful traffic of the HTTP protocol. It has the ability of administrative control over different software, such as instant messaging etc. AIC can also be used to inspect FTP (File Transfer Protocol) traffic and control the commands being issued.

There are two AIC engines:

F AIC FTP

F AIC HTTP

Atomic Engine these engines are now combined into two engines with more than one level selection. Layer 3 and Layer 4 attributes can also be combined within one signature, such as IP and TCP.

Atomic ARP Engine is used to inspects Layer 2 ARP protocol. The Atomic ARP engine is quite different because mostly engines are based on Layer 3 IP protocol. They inspect IP protocol packets and are associated Layer 4 transport protocols.This engine has an option to specify values to match for fields in the IP and Layer 4 headers.

Flood Engine Detects ICMP and UDP floods directed at specific users and networks.

There are two Flood engines:

F Flood Host

F Flood Net

Meta Engine is used to describe events that occur in a related manner within a certain time interval. This engine processes events and alerts instead of packets.

Multi String Engine is used to inspects Layer 4 transport protocols and data by matching several strings for one specific signature.

This engine inspects the following categorizes

F Stream based TCP

F single UDP

F ICMP packets

Normalizer Engine is used to configure how the IP and TCP normalizer operates and provides general configuration for signature events related to the IP and TCP normalizer. It has the ability to enforce RFC compliance.

Service Engine is used to deal with certain specific protocols. Service engine has the following protocol categorizes:

F DNS is used to inspects DNS (TCP and UDP) traffic.

F FTP is used for the inspection of FTP traffic.

F Generic has a function to decode custom service and payload.

F Generic Advanced Analyzes traffic flow based on the mini-applications that are written to check the packets.

F H225 is used for the inspection of VoIP traffic.

State Engine is designed for Stateful searches of strings in protocols such as SMTP.

The state engine consists of the hidden configuration document that is used to define the state transitions so new state definitions can be delivered in a upcoming or updated signature.

String Engine is used to search on Regex strings based on ICMP, TCP, or UDP protocol.

There are three different String engines:

F String ICMP

F String TCP

F String UDP.

Sweep Engine is used to analyze sweeps from a single host (ICMP and TCP), from destination ports (UDP and TCP).

Traffic Anomaly Engine is used for the inspection UDP, TCP, and other traffic for worms or viruses.

Traffic ICMP Engine is used to analyze protocols, such as DDOS. There are only two such type of signatures with configurable parameters.

Trojan Engine is used to analyze traffic from different protocols like UDP. Users are not able to configure these engines.

Popular posts from this blog

Open Blocked Web Site in any Country

-
How to Open Blocked Web Site Like Youtube, if any web site blocked in any Country by using proxy address you can open web site in your country i have some sample proxy address free for you. use it and enjoy it Thanks 061244235034.static.ctinets.com:3128 112.65.135.54:8080 114.143.12.28:8080 118.175.12.178:3128 118.228.148.52:3128 118.98.169.50:80 119.147.113.116:80 119.167.219.78:80 119.180.24.12:8080 119.245.230.164:80 119.62.128.38:80 119.70.40.101:8080 119.70.40.102:8080 121.10.120.214:80 121.14.158.76:80 121.30.255.38:8080 122.139.57.46:80 122.139.60.102:8080 122.224.33.10:80 122.224.33.4:80 125.64.96.21:8008 147.91.193.101:80 173-203-206-253.static.cloud-ips.com:80 174.142.104.57:3128 174.142.24.201:3128 174.142.24.203:3128 174.142.24.205:3128 174.142.24.206:3128 187.51.150.2:8080 189.115.161.205.static.gvt.net.br:8080 189.3.177.146:8080 189.3.47.146:3128 189.3.50.34:3128 196.12.52.2:80 196.38.158.197:80 201.45.216.115:3128 201.73.223.150:8080 202.51.105.10:3128 202.51.107.37:8080
Read more

OPERATION OF STENO PHONE

-
OPERATION OF STENO PHONE 1 EXTENSION WANTS TO TALK TO MAIN STATION Lift the handset at ext. and depress the call push button, buzzer at main station will ring after lifting the handset at main station and by throughing the key at main station to right side, ext can talk with main station. 2 MAIN STATION WANT TO TALK TO EXTENSION Main station through the key towards the right side and depress the pushbutton, the buzzer will ring at ext. Main station can talk with ext when handset is lifted at the ext. 3 INCOMING CALL DURING CONVERSATION BETWEEN MAIN AND EXTENSION The exchange call can only be received at the main station by throughing the key to the middle position, main can talk with exchange. INCOMING CALL 4 MAIN STAION WANTS TO HOLD THE INCOMIN CALL AND CONSULT THE EXTENSION Main station press the pushbutton and through the key again towards the right. 5 MAIN STATION WANTS TO CALL AGAIN WITH EXCHANGE Through the key again back in middle position. 6 EXTENSION WANTS TO GET THE EXCHANG
Read more