Problem solve Get help with specific problems with your technologies, process and projects.

The benefits of packet-based IDS

What benefits do packet-based network IDS have over signature-based IDS?

Packet-based IDS use rules that define protocols, not a static vulnerability signature. Where as you could create a new vulnerability and get around signatures, the same is not true for packet-based IDS.

Here's an example in real simple terms:
When police use radar guns on the highways, they don't care if you are a truck, motorcycle or car (packet-based). Thus, you are simply a packet carrying some sort of information. But a truck weight station looks for trucks (signatures) of so many axles, thus the truck fits a pattern or signature. The radar gun would look at trucks, cars and all vehicles, but the weight station would only stop trucks.

For more information on this topic, visit these other SearchSecurity.com resources:
Online Event Archive: Intrusion-detection systems with Ed Yakabovicz
Tech Tip: Intrusion detection rules of thumb
Tech Tip: Inspect files and directories for unexpected changes

This was last published in February 2002

Dig Deeper on Network intrusion detection and prevention (IDS-IPS)

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.