G. R. Malan, D. Watson, F. Jahanian, and P. Howell. Transport and application protocol scrubbing. IEEE INFOCOM (Tel Aviv, Israel, 26--30 March 2000.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....While IP spoofing is not necessary in DDoS attacks, it helps attackers hide the identity of attacking machines so they can reuse them for future attacks. D WARD and many other DDoS prevention mechanisms would benefit from more reliable packet source addresses. Protocol and application scrubbing [15] have been proposed to remove ambiguities from transport and application protocols. Scrubbing can eliminate many vulnerability attacks that use protocol ambiguities to bypass intrusion detection systems. A protocol scrubber could complement DWARD by preventing outgoing vulnerability attacks. 8 ....

G. R. Malan, D. Watson, F. Jahanian, and P. Howell. Transport and application protocol scrubbing. In Proceedings of INFOCOM 2000.

....software on separate hardware, and are in the path of a host s network traffic. Thus, they have all three features above. In addition, because they are in their host s path to the LAN, such NIs will see every packet, can fail closed, can isolate their host if necessary, and can actively normalize [16, 21] the traffic. We refer to NIs extended with intrusion detection and containment functionality as self securing network interfaces. Self securing NIs enjoy the scalability and coverage benefits of recent distributed firewall systems [14, 19, 1] They also offer an excellent vantage point for ....

....positives yields denial of service, and failure to notice false negatives leaves intruders undetected. Like any NIDS component, a self securing NI is subject to a number of attacks [30] Most insertion attacks are either detectable signals (when from the host) and or subject to normalization [16, 21]. DoS attacks on the NI s detection capabilities are converted to DoS on the host; for attacks launched from the host, this is an ideal scenario. As the codebase inside the NI increases, it will inevitably become more vulnerable to many of the same attacks as host systems, such as buffer ....

[Article contains additional citation context not shown here]

G. Robert Malan, David Watson, Farnam Jahanian, and Paul Howell. Transport and application protocol scrubbing. IEEE INFOCOM (Tel Aviv, Israel, 26--30 March 2000.

....information, but we also validate that many of these opportunities can be eliminated through the use of a fully automated, real time, network warden. Further, the modifications that a warden must make on packets are generally no more intrusive than those made by existing packet scrubbers [21, 10], firewalls, and NAT boxes. This paper is organized as follows: In 2, we discuss the threat model and potential consequences. In 3, we summarize the research to date and related work in the relevant areas of steganography and network intrusions. In 4, we explore the concept of Minimal Requisite ....

....known as packet evasion [29, 24] which exploit ambiguities in the semantics of network protocols and differences in perspective between intrusion detection systems and end hosts. Recently, it has been shown that this kind of attack can be defended against through the use of a protocol scrubber [21 ] or a traffic norrealizer [10] which reduces ambiguous traffic to a canonical form that can be more reliably monitored. Similar techniques have been used to limit the amount of information leaked to a system fingerprinting mechanism such as nmap [32] While some of the mechanisms used to perform ....

[Article contains additional citation context not shown here]

G. R. Malan, D. Watson, and F. Jahanian, "Transport and application protocol scrubbing," in Proceedings pi'IEEE lq[bCom, Mar'. 2000.

....is not designed for fail safe or fail secure operation, an application failure will default to service termination and or fail insecure state. What is needed is compartmentalization to limit software faults and attackers ability to do damage analogous to chambers in submarines for survivability. [11] describes the design of a transparent mechanism 6 for removing attacks at the application layer using protocol scrubbing . By modifying a program before execution commences, it may be possible to add checks and prevent program behavior that will violate a specified security policy. The ....

Malan, G., D. Watson, and F. Jahanian. Transport and Application Protocol Scrubbing, INFOCOM 2000.

No context found.

G. R. Malan, D. Watson, F. Jahanian, and P. Howell. Transport and application protocol scrubbing. IEEE INFOCOM (Tel Aviv, Israel, 26--30 March 2000.

No context found.

G. R. Malan, D. Watson, F. Jahanian, and P. Howell. Transport and Application Protocol Scrubbing. In Proceedings of IEEE Infocom Conference, pages 1381--1390, Tel-Aviv, Isreal, Mar. 2000.

No context found.

G. Robert Malan, David Watson, and Farnam Jahanian. Transport and application protocol scrubbing. In Proceedings of IEEE Infocom, 2000.

No context found.

G. R. Malan, D. Watson, F. Jahanian, and P. Howell. Transport and Application Protocol Scrubbing. In Proceedings of INFOCOM 2000.

No context found.

G. R. Malan, D. Watson, F. Jahanian, and P. Howell. Transport and application protocol scrubbing. In Proceedings of INFOCOM 2000.

No context found.

G. R. Malan, D. Watson, F. Jahanian, and P. Howell. "Transport and Application Protocol Scrubbing." In Proceedings of INFOCOM 2000, pp. 1381--1390, 2000.

No context found.

G. R. Malan, D. Watson, F. Jahanian, and P. Howell. Transport and Application Protocol Scrubbing. In Proceedings of INFOCOM 2000.

No context found.

G. R. Malan, D. Watson, F. Jahanian, and P. Howell. Transport and Application Protocol Scrubbing. In Proceedings of INFOCOM 2000.

No context found.

G. R. Malan, D. Watson, F. Jahanian, and P. Howell. Transport and application protocol scrubbing. In Proceedings of INFOCOM 2000.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC