You are here: silicon.com > Resources > White Papers > Networking and Communications > Network Technologies > TCP - IP

TCP - IP White Papers

Matching TCP/IP Packets to Detect Stepping-Stone Intrusion

Tags:
tcp - ip

Overview This paper proposes a "Step-Function" method to detect network attackers from using a long connection chain to hide their identities when they launch attacks. The objective of the method is to estimate the length of a connection chain based on the changes in packet round trip times. The key point to compute the round trip time of a connection chain is to match a Send and its corresponding Echo packet. The paper propose a conservative and a greedy matching algorithm to match TCP/IP packets in real-time. The first algorithm matches fewer packets but the quality of the matching is high. The second one matches more packets with some uncertainty on the correctness.

Further White Paper Details
Publisher	University of Houston	File Format	PDF
Date Published	October 2006
Format	White Papers
Topics	TCP - IP, Intrusion Detection Systems

Did you find this white paper useful?

Signing up the competition - have digital signatures met their match?

If it finds a signature that matches, it sounds a hacker alert. It certainly takes longer to detect a hack than a virus, because viruses are spread between machines and they usually crash them. Marc Dacier, manager of IBM's Global Security Analysis...

Channel:
Comment & Analysis

Slammer time - SQL worm brings net to its knees over weekend

While this makes it easy to remove - a computer simply has to be rebooted - it also makes it difficult for anti-virus software to detect it, said Messagelabs. Anti-virus firm F-Secure said the effects were so marked because the worm generates...

Channel:
Security Strategy

What are IP VPNs good for?

Because IPSec encrypts data before forwarding it over the IP VPN and then decrypting it, there's a delay that makes using these apps together tough, and practically prohibits voice packets. Infonet is now saying that businesses can buy packet...

Can I be your MSN Messenger buddy? And look at your hard drive too…

If an attacker sent a particular sequence of packets to a server running Media Services 4.1, it could interrupt any video streams. However, most people block that function, so random attacks will likely be rare, he said.

Channel:
Desktops

Worms dodge Internet sensors

In a pair of papers presented at the Usenix Security Symposium in Baltimore, US on Thursday, computer scientists said would-be attackers can locate such sensors, which act as trip wires that detect unusual activity.

Cracked: The Great Firewall of China

If an attacker generated 100 triggering packets per second, and each packet caused 20 minutes of disruption, 120,000 pairs of endpoints could be prevented from communicating at any one time. If you drop all the reset packets at both ends of the...

Live Webcast: Telecoms 2.0 - Where is telecoms heading?

In this webcast, our panel of experts will review where we are with next generation telecoms in the UK, working through the concept of 'Telecoms 2.0': - Realising the potential of Next Generation Networks - why it isn't just about the technology? - What attributes should firms be looking for in their telco partner? - Is the relationship between telco provider and customer changing? - What things need to happen to make next generation services a reality? - You say you want the supplier to change. Do you want to change too? - What is Telecoms 2.0?

Publisher:
ZDNet UK

Telecom 2.0: Mind over matter

ntl:Telewest Business believes that the role of the telco is evolving. Gone are the days when it was enough to simply focus on circuits and minutes, customers now need a far higher degree of interaction and look for suppliers who will talk business solutions with them.

Publisher:
ntl:Telewest Business

IBM Information Server Change Data Capture

In today's fast-paced world, access to real-time data has never been more important. To be successful, organizations need to be able to report and analyze corporate data quickly and easily, regardless of what applications created the data, what platform they're running on, or what database they're stored in.

Publisher:
IBM

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

This white paper provides a starting point for organizations contemplating server consolidation. It includes an overview of server consolidation concepts and techniques and provides guidance on methodologies. It also looks at the potential cost savings associated with server consolidation and offers information on how organizations can sustain the advantage they have gained by consolidating their servers.

Publisher:
IBM

Also on silicon.com

Site Navigation:

TCP - IP White Papers

Matching TCP/IP Packets to Detect Stepping-Stone Intrusion

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific