Indications and Warnings Correlation
Welcome to the second half of the network based intrusion detection tutorial, where we
will discuss more advanced analysis techniques based on Indications and Warnings as
well as correlation.
For every attack that really gets our attention, there are twenty or thirty probes or
mapping attempts. Some of the common efforts are DNS zone transfers, DNS queries,
SNMP queries, portmapper access attempts, and NetBIOS name lookups.