Which IDS/IPS signature alarm will look for packets that are destined to or from a particular port?
- honey pot-based
Explanation: Cisco IDS and IPS sensors can use four types of signature alarms or triggers:
– Pattern-based detection – also known as signature-based detection, searches for a specific and pre-defined pattern. In most cases, the pattern is matched to the signature only if the suspect packet is associated with a particular service or destined to or from particular ports.
– Anomaly-based detection – also known as profile-based detection, involves first defining a profile of what is considered normal for the network or host. After defining normal activity, the signature triggers an action if excessive activity occurs beyond a specified threshold that is not included in the normal profile.
– Policy-based detection – also known as behavior-based detection, is similar to pattern-based detection, but instead of trying to define specific patterns, the administrator defines behaviors that are suspicious based on historical analysis.
– Honey pot-based detection – uses a dummy server to attract attacks.