The Tripwire system calculates all the hashes for all execut

The “Tripwire” system calculates all the hashes for all executable files on a clean computer and then compares the hashes with the actual files, when the machine is scanned, to ensure nothing has changed and no malware is hiding as legitimate programs.

1) What kind of attacks will not be detectable by such a scheme?

2) What attack will render the above strategy useless (i.e. will not find infected files, even if they exist).

Solution

1) Tripware system not detactable attacks are:

Buffer overflows,Denial of service TCP/IP attacks distributed DOS attacks, port scans,Real time logging and alerting

2) Buffer overflows are useless attack

because of a buffer overflow is an anomaly where a program, while writing data a buffer, overruns thebuffer\'s boundary and overwrites adjacent memory locations. This is a special case of the violation of memory safety.