Towards trapping wily intruders in the large

8 years 10 months ago
Towards trapping wily intruders in the large
The rapid increase in network bandwidth from mega bits per second to giga bits per second and potentially to tera bits per second, is making it increasingly difficult to carry out in a timely and accurate manner, the analysis required to detect network abusers. The problem is made even more difficult with the devious techniques (e.g. spoofing) used by the hackers. Intrusions are in general preceded by some noise or indication of the intruder groping for a door, trying (unsuccessfully) a key etc. In the network context these signals may be seen in the TCP-RESET packets and the ICMP echo-response or destination/port unreachable packets. But neither all TCP-RESETS nor all ICMP packets are indicative of attempted intrusions. Analysis of network traffic has shown that the profiles of such TCP-RESETs due to intrusion attempts are distinctly different from those due unintentional mistakes. The same profiling can be carried out for ICMP unreachable packets to detect attempts at intrusion. By ...
Glenn Mansfield
Added 04 Aug 2010
Updated 04 Aug 2010
Type Conference
Year 1999
Where RAID
Authors Glenn Mansfield
Comments (0)