Who is the maker of Taliban

Who is the maker of Taliban

America is the maker of Taliban from the start and still he is making Taliban. In Start he support Taliban and Usama Bin Laden against Russia. When he get the result and break the Russian federation.

When American fulfill his desires then he don’t need any more Taliban support. He Attack on Afghanastan. In this attack million of Muslims where killed by American forces and the result is same he make more Taliban and Antiamerican. In Afghanastan attack Musharaf Government support America. This is big mistake by musharaf Government After support the Suicide Attack start in Pakistan.

All the American media hide the truth from innocent American peoples. Actually the main target of America and Israel are Muslim Countries one by one Afghanistan, Iraq, Libya, and now the next target is Yaman, Sham and all other Muslim Countries in American list.

Now through Drown Attack he is making more Taliban and anti American form Wazirastan (Pakistan).

Mumbai attacker Ajmal Kasab pleading BHAGWAN

"Bhagwan mujhay maaf nahi karay ga". Is he even a muslim? Listen to his and Police officer's accent, they are same. KPK, GB, Sindh, Baluchistan, Punjab, this accent is NOT found in Pakistan, take my words.

if Pakistani are Taliban who are you Indians

See the Real Face of Indian media, Pakistan have one case
and India have several cases but no international media
can see this what happening in india.


Signature Engine AIC Atomic ARP meta Engine

1.1.1.1 Signature Engine

A signature engine is a part of the IPS that is designed to support many signatures in a specific category. Every engine has a set of factors that have acceptable ranges or sets of values.

IPS 6.0 consist of the following signature engines:

AIC (Application Inspection of Control) Engine that provides by analysis of web traffic. The AIC engine provides control over HTTP sessions to prevent harmful traffic of the HTTP protocol. It has the ability of administrative control over different software, such as instant messaging etc. AIC can also be used to inspect FTP (File Transfer Protocol) traffic and control the commands being issued.

There are two AIC engines:

F AIC FTP

F AIC HTTP

Atomic Engine these engines are now combined into two engines with more than one level selection. Layer 3 and Layer 4 attributes can also be combined within one signature, such as IP and TCP.

Atomic ARP Engine is used to inspects Layer 2 ARP protocol. The Atomic ARP engine is quite different because mostly engines are based on Layer 3 IP protocol. They inspect IP protocol packets and are associated Layer 4 transport protocols.This engine has an option to specify values to match for fields in the IP and Layer 4 headers.

Flood Engine Detects ICMP and UDP floods directed at specific users and networks.

There are two Flood engines:

F Flood Host

F Flood Net

Meta Engine is used to describe events that occur in a related manner within a certain time interval. This engine processes events and alerts instead of packets.

Multi String Engine is used to inspects Layer 4 transport protocols and data by matching several strings for one specific signature.

This engine inspects the following categorizes

F Stream based TCP

F single UDP

F ICMP packets

Normalizer Engine is used to configure how the IP and TCP normalizer operates and provides general configuration for signature events related to the IP and TCP normalizer. It has the ability to enforce RFC compliance.

Service Engine is used to deal with certain specific protocols. Service engine has the following protocol categorizes:

F DNS is used to inspects DNS (TCP and UDP) traffic.

F FTP is used for the inspection of FTP traffic.

F Generic has a function to decode custom service and payload.

F Generic Advanced Analyzes traffic flow based on the mini-applications that are written to check the packets.

F H225 is used for the inspection of VoIP traffic.

State Engine is designed for Stateful searches of strings in protocols such as SMTP.

The state engine consists of the hidden configuration document that is used to define the state transitions so new state definitions can be delivered in a upcoming or updated signature.

String Engine is used to search on Regex strings based on ICMP, TCP, or UDP protocol.

There are three different String engines:

F String ICMP

F String TCP

F String UDP.

Sweep Engine is used to analyze sweeps from a single host (ICMP and TCP), from destination ports (UDP and TCP).

Traffic Anomaly Engine is used for the inspection UDP, TCP, and other traffic for worms or viruses.

Traffic ICMP Engine is used to analyze protocols, such as DDOS. There are only two such type of signatures with configurable parameters.

Trojan Engine is used to analyze traffic from different protocols like UDP. Users are not able to configure these engines.

Signature Detection protect network against attacks

1.1.1.1 Signature Detection

Protecting the network against known attacks.

Attackers often attack networks through tried and tested techniques from previously successful methods. These threats have been analyzed by network security engineers and a listed profile, or specific signature has been created. Signature detection methods examine network by looking for the threat’s fingerprint inside the network traffic and matching against an internal database of known attacks. Once an attack signature is determined, the security device delivers an attack response, mostly in a form of simple alarm or alert.

Success in preventing these threats depends on the minute database of attack signatures, compiled from previous records. The drawback to systems on signature detection is clear: they can only detect threats for which there is a defined signature. If signature detection methods are employed to protect networks, the network is protected against known attacks only.

1.1.1.2 Anomaly Detection

Protecting against unknown attacks.

Anomaly detection techniques are required when hackers find out new security weaknesses and run to develop the new weakness. After that there are no existing threat signatures. For example Code Red virus which could not be sensed through an existing signature. To identify these first strikes, IDS can use anomaly detection methods, in which network traffic is compared with a baseline to recognize irregular and harmful behavior. These anomaly methods are looking for numerical abnormalities in the data, as well as protocol doubts and application activity.

1.1.1.3 Denial of Service (DoS) Detection

Protecting against network and system overload.

DoS and Distributed DoS attacks deny legal users access to serious network services. Attackers achieve this by inducting attacks that consume network bandwidth or host processing cycles or other network resources. DoS attacks is causing some of the biggest brands to let down users and investors as Web sites became unreachable to users and partners sometimes for up to whole day. IDS manufactured goods often compare current traffic activities with adequate normal activity to detect DoS attacks, while normal traffic is distinguished by a set of pre-programmed entries. This can guide to false alarms being missed due to the attack traffic is below the threshold.

Why IDS/IPS should be used

Why IDS/IPS should be used?

F It’s a fact that while every network has a firewall, most still have an effect on network security issues. IT professionals are conscious of the need for extra protective technologies, and network tools vendors are worried to fill in the gap.

F IPS have been endorsed as cost-effective ways to drop malicious activities, to become aware of worm and virus attacks, to be responsible as a network sensing point, to support in fulfillment requirements, and to act as a network disinfecting agent.

In network security firstly consider Firewall. Firewalls is considered as a first level of protection in a network security architecture, acting as an access control application by allowing specific protocols (like HTTP, DNS, SMTP) to pass through a set of source and destination addresses. Essential to access policy enforcement, firewalls usually examine data packet headers to make traffic flow decisions. Generally, they do not inspect the entire data inside the packet and can’t detect or prevent malicious code attached within normal traffic. Moreover routers also offer some basic protection through packet filtering processes.

Firewalls and router based packet filtering are important components of an overall network security; they both are insufficient on their own. Network IDS products inspect the entire data of every packet flowing through the network to detect malicious actions. This data inspection technique provides packet analysis as compared to a router or a firewall. IDS (Intrusion Detection Systems) are effective when malicious threats are embedded in familiar protocols, like an HTTP session, which is not detected by firewall. The processing power required for an Intrusion Detection System is higher, when compared to a firewall application. Networks have made IDS products essential devices as security professionals strive to detect, inspect, and protect networks against malicious activities. Consequently, IDS products are placed outside and inside firewalls and are quickly in best practice secure network implementations.


I get this topic from Thesis of

SECURING CONVERGED NETWORK, USING IDS/IPS