You are here: silicon.com > Resources > White Papers > Security > Intrusion - Tampering > Anti-Hacking

Anti-Hacking White Papers

Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics

Overview A fundamental problem for network intrusion detection systems is the ability of a skilled attacker to evade detection by exploiting ambiguities in the traffic stream as seen by the monitor. We discuss the viability of addressing this problem by introducing a new network forwarding element called a traffic normalizer. The normalizer sits directly in the path of traffic into a site and patches up the packet stream to eliminate potential ambiguities before the traffic is seen by the monitor, removing evasion opportunities. We examine a number of tradeoffs in designing a normalizer, emphasizing the important question of the degree to which normalizations undermine end-to-end protocol semantics. We discuss the key practical issues of "cold start" and attacks on the normalizer, and develop a methodology for systematically examining the ambiguities present in a protocol based on walking the protocol's header. We then present norm, a publicly available user-level implementation of a normalizer that can normalize a TCP traffic stream at 100,000 pkts/sec in memory-to-memory copies, suggesting that a kernel implementation using PC hardware could keep pace with a bidirectional 100 Mbps link with sufficient headroom to weather a high-speed flooding attack of small packets.

Further White Paper Details
Publisher	ICIR (The ICSI Center for Internet Research)	File Format	HTML
Date Published	May 2001	Downloads	6
Format	White Papers
Topics	Anti-Hacking, Network Security

Did you find this white paper useful? 1 out of 2 users found this white paper useful

Total Endpoint Protection: Lower Costs and Increase Compliance

Publisher:
McAfee

Tags:
firewalls

Applications, virtualization and devices: taking back control

Publisher:
Sophos

Tags:
anti-hacking

Does Size Matter? The security challenge of the SMB

Publisher:
McAfee

Tags:
anti-hacking

CISSP Exam Tips

Publisher:
Global Knowledge

Tags:
anti-hacking

Sophos Security Threat Report: Mid-Year Update

Publisher:
Sophos

MPLS: The icing on the networking cake?

If all packets are sent using IP, the shortest points between popular destinations can become bottlenecks making the possibility of providing time-delay sensitive services - such as video or voice - difficult.

Channel:
Comment & Analysis

Slammer time - SQL worm brings net to its knees over weekend

Anti-virus firm F-Secure said the effects were so marked because the worm generates massive amounts of network packets, overloading servers and routers and slowing down network traffic. Microsoft said it became aware several hours later at 00.30...

Channel:
Security Strategy

Broadband 'increases security risk fivefold'

UK ISP Star Internet, which commissioned the report, says it is vital for firms to install a firewall to manage the flow of data in and out of their network, an antivirus product that should ideally monitor emails and Web traffic, and intrusion...

Cisco battles Juniper with worms

Platon said the company is working on a product that sits in line with the traffic, looking at the content of the packets. A new element in the updated IOS is improved protection against denial of service attacks, which flood networks with millions...

Channel:
Security Strategy

VoIP primer: How it works - and what the jargon means

Just as a web page can be broken up into 'packets', audio can be sampled with a digital signal processor (DSP), 'packetised' and sent out over an IP-based network as another data stream. The packets that make up the audio stream may take different...

Channel:
VoIP
Tags:
voip

The dos and don'ts of VoIP security

Additional tools that will help networks in case of any attack are intrusion detection and prevention systems, which scan for rogue incoming packets, and straightforward antivirus software which can help prevent any known threats from disrupting...

Live Webcast: Telecoms 2.0 - Where is telecoms heading?

In this webcast, our panel of experts will review where we are with next generation telecoms in the UK, working through the concept of 'Telecoms 2.0': - Realising the potential of Next Generation Networks - why it isn't just about the technology? - What attributes should firms be looking for in their telco partner? - Is the relationship between telco provider and customer changing? - What things need to happen to make next generation services a reality? - You say you want the supplier to change. Do you want to change too? - What is Telecoms 2.0?

Publisher:
ZDNet UK

Telecom 2.0: Mind over matter

ntl:Telewest Business believes that the role of the telco is evolving. Gone are the days when it was enough to simply focus on circuits and minutes, customers now need a far higher degree of interaction and look for suppliers who will talk business solutions with them.

Publisher:
ntl:Telewest Business

IBM Information Server Change Data Capture

In today's fast-paced world, access to real-time data has never been more important. To be successful, organizations need to be able to report and analyze corporate data quickly and easily, regardless of what applications created the data, what platform they're running on, or what database they're stored in.

Publisher:
IBM

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

This white paper provides a starting point for organizations contemplating server consolidation. It includes an overview of server consolidation concepts and techniques and provides guidance on methodologies. It also looks at the potential cost savings associated with server consolidation and offers information on how organizations can sustain the advantage they have gained by consolidating their servers.

Publisher:
IBM

Also on silicon.com

Site Navigation:

Anti-Hacking White Papers

Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific