Stoll, C. Stalking the Wily Hacker. Communications of the ACM 31, 5 (1988), 484-- 497.  Home/Search   Document Not in Database   Summary   ACM   TOC   Related Articles   Check

....newsgroups. Intruders can often easily exploit and gain unauthorized access simply by executing a downloaded C program or UNIX shell script. Other intruders are somewhat more insidious and indirect, hiding their activities and rarely taking part in extended periods of strange or unusual behavior [21]. Simple network probing experiments [4] suggest that there are many more intrusions taking place than are being reported or noticed by administrators on the Internet. 1.1 Intrusion Detection It is therefore imperative to detect these unseen system attacks in an automated monitoring environment. ....

Clifford Stoll. Stalking the Wily Hacker. Communications of the ACM, 31(5):484-497, May 1988

....to be a higher priority than confidentiality. If any of these goals is compromised in a computer system (either accidentally or intentionally) a security breach occurs. Such breaches should be detected by the system (an excellent account of the detection of an intruder is described in [11]) and steps must be taken to rectify the effects of the breach and also to ensure that this security loophole will not be exploited again. The consequences of a breach vary with the severity and type of breach, and may not be easily quantified with monetary values. Figure 1.1 gives a general ....

Clifford Stoll. Stalking the wily hacker. Communications of the ACM, 31(5):484--497, May 1988.

....to match patterns in some of these classes are described. A generalized model for matching intrusion signatures based on Colored Petri Nets is presented, and some of its properties are derived. 1 Introduction Computer break ins and their misuse have become common features [Met87, Bos88, Sto88, Mar88, Rei87, SSH93] The number, as well as sophistication, of attacks on computer systems is on the rise. Often, network intruders have easily overcome the password authentication mechanism designed to protect the system. With an increased understanding of how systems work, intruders have ....

....them to obtain unauthorized privileges. Intruders also use patterns of intrusion that are often difficult to trace and identify. They use several levels of indirection before breaking into target systems and rarely indulge in sudden bursts of suspicious or anomalous activity, for example in [Sto88] If an account on a target system is compromised, intruders may carefully cover their tracks so as not to arouse suspicion, as in [Spa89] Furthermore, threats like viruses and worms do not need human supervision and are capable of replicating and traveling to connected computer systems. ....

Clifford Stoll. Stalking the Wily Hacker. Communications of the ACM, 31(5):484--497, May 1988.

....In particular, interconnection at the datagram level is an all or none mechanism, allowing outsiders access to all the hosts and applications of an organization on the internetwork. The magnitude of this threat has been underscored by several incidents affecting large internetworked communities [19, 22, 24, 25]. To completely protect against penetration, every host within an organization must be made secure, no small feat when it involves tens of thousands of poorly managed workstations and PCs. One alternative, perhaps less secure but certainly more feasible, is to block certain kinds of packets at the ....

Clifford Stoll. Stalking The Wily Hacker. Communications of the ACM 31(5):484-497, May, 1988.

....five years in prison and a 250,000 fine [Schu90] Sentencing is scheduled for May 4, 1990. 1. 3 SPIES AND ESPIONAGE In August 1986, the Lawrence Berkeley Laboratory, an unclassified research laboratory at the University of California at Berkeley, was attacked by an unauthorized computer intruder [Stol88, Stol89]. Instead of immediately closing the holes the intruder was using, the system administrator, Clifford Stoll, elected to watch the intruder and document the weaknesses he exploited. Over the next 10 months, Stoll watched the intruder attack over 400 computers around the world, and successfully ....

....elected to watch the intruder and document the weaknesses he exploited. Over the next 10 months, Stoll watched the intruder attack over 400 computers around the world, and successfully enter about 30. The computers broken into were located at universities, military bases, and defense contractors [Stol88]. ############### Sun 3 systems from Sun Microsystems and VAX systems from Digital Equipment Corp. both running variants of 4.x BSD UNIX from the University of California at Berkeley. Unlike many intruders seen on the Internet, who typically enter systems and browse around to see what they ....

[Article contains additional citation context not shown here]

Stoll, Clifford. "Stalking the Wily Hacker." Communications of the ACM , 31 (5): 484-497, May 1988.

No context found.

Stoll, C. Stalking the Wily Hacker. Communications of the ACM 31, 5 (1988), 484-- 497.

No context found.

Stoll, C. Stalking the Wily Hacker. Communications of the ACM 31, 5 (1988), 484-- 497.

No context found.

C. Stoll. "Stalking the Wily Hacker". Communications of the ACM, 31(5):484---497, May 1988. 15

No context found.

C. Stoll, "Stalking the Wily Hacker," Communications of the ACM, vol. 31, pp. 484--497, May 1988.

No context found.

C. Stoll, "Stalking the Wily Hacker", Communications of the ACM, Vol. 31, No. 5, Pgs. 484-497, ACM, New York, NY, May 1988.

No context found.

C. Stoll. Stalking the Wily Hacker. Communications of the ACM, 31:???, 1988.

No context found.

C. Stoll, "Stalking the Wily Hacker", Communications of the ACM, May 1988, pp. 484-497.

No context found.

Stoll, Clifford. "Stalking the Wily Hacker." Communications of the , 31

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC