S. M. Bellovin. Packets Found on an Internet. Computer Communications Review, 23(3):26--31, 1993.  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... technique should satisfy the following requirements: Scalability: IDSs can trigger well over a million alarms per month (cf. the column Max of Table 1, which indicates for the year 2001 the maximum number of alarms per month) Noise tolerance: Intrusion detection alarms can be very noisy [6, 38]. Multiple attribute types: Intrusion detection alarms can contain numerical, categorical, time, and free text attributes [30] Ideally, a data mining technique should support and use all of these attribute types. Ease of use: The people using the data mining techniques are security rather than ....

S. M. Bellovin. Packets Found on an Internet. Computer Communications Review, 23(3):26--31, 1993.

....to such timing attacks. Another interesting observation is that the mean of the standard deviations of the character pairs is only about 30 milliseconds as shown in our experiments, while the standard deviation of round trip time on the Internet in many cases is less than 10 milliseconds [Bel93] Therefore even when the attacker is far from the SSH client host, he can still get sufficiently precise inter keystroke timing information. This makes the timing attack even more severe. 4 Inferring Character Sequences From Inter Keystroke Timing Information In this section, we describe how ....

Steven M. Bellovin. Packets found on an internet. Computer Communications Review, 23(3):26-- 31, July 1993.

....and runs it may be unaware that he is exposing his entire system. In fact, it is not impossible for a cracker to cause a tampered version of a trusted program to be downloaded even without breaking into an ftp site by attacking the Domain Name Server (DNS) or hijacking the ftp connection [1]. Currently, there is no way for a user to verify that the program he possesses is the original. There are even greater dangers when software is distributed through one of the newsgroups on the Internet such as comp.sources.unix and comp.sources.x. There are over 20 such newsgroups in widespread ....

Steven M. Bellovin. Packets found on an internet. Computer Communications Review, 23(3), July 1993.

....and runs it may be unaware that he is exposing his entire system. In fact, it is not impossible for a cracker to cause a tampered version of a trusted program to be downloaded even without breaking into an ftp site by attacking the Domain Name Server (DNS) or hijacking the ftp connection [1]. Currently, there 1 A cracker refers to a malicious user who dedicates time and effort towards breaking into computer systems and causing harm. is no way for a user to verify that the program he possesses is the original. There are even greater dangers when software is distributed through one ....

Steven M. Bellovin. Packets found on an internet. Computer Communications Review, 23(3), July 1993.

....network. Suspicious Packets Thesedays it is rather simple to find a packet generator using libraries freely available on the Internet. Using these tools, hackers exploit security flaws of the TCP IP protocol suite [37] and weakness of some TCP IP stack implementations [39] hence forge packets [32] for several purposes including, disconnection of active TCP sessions, OS guessing [14] and application OS crash. In general it is difficult to identify when a packet has been forged. Nevertheless it is possible to identify some suspicious situations and report a warning to the network ....

S. Bellovin, Packets Found on an Internet, Computer Communications Review, 23(3), 1993.

....network. Suspicious Packets Thesedays it is rather simple to find a packet generator using libraries freely available on the Internet. Using these tools, hackers exploit security flaws of the TCP IP protocol suite [37] and weakness of some TCP IP stack implementations [39] hence forge packets [32] for several purposes including, disconnection of active TCP sessions, OS guessing [14] and application OS crash. In general it is difficult to identify when a packet has been forged. Nevertheless it is possible to identify some suspicious situations and report a warning to the network ....

S. Bellovin, Packets Found on an Internet, Computer Communications Review, 23(3), 1993.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC