The responses to a network security monitoring attack needs to be based on an assessment of the method of the attack that is being leveled against the network and its security monitoring, and thus can be as varied and complex as the attacks themselves (Bejtlich, 2004). Two tactics or tools that an attacker might use to attack network security monitoring are an attack from a stepping stone or an attacking using a spoofed source address. Both of these are methods by which the attacker uses tools and processes to hide their location and identity, making it more difficult to trace the origin of the malicious activity and thus to end it and also causing problems when it comes to the legal end of proving and prosecuting crimes. There are numerous methods of addressing attacks that...

An attack might also focus on the client rather than the server, attempting to move through the server as ordinary traffic and only become recognizable as malicious further into the network. Addressing this type of attack must involve some method of tracking the malicious activity forward rather than backwards, and again there are multiple ways to accomplish this (Bejtlich, 2004).
References

Bjetlich, R. (2004). The Tao of Network Security Monitoring: Beyond Intrusion

Detection. New York: Pearson.