Data Networks, IP and the Internet: Networks, Protocols, Design and Operation
Data Networks, IP and the Internet: Networks, Protocols, Design and Operation
Finding a Connection Chain for Tracing Intruders
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Holding intruders accountable on the Internet
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Matching TCP Packets and Its Application to the Detection of Long Connection Chains on the Internet
AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 1
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
SSH: secure login connections over the internet
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
| Hi-index | 0.00 |
This paper proposes RTT-thumbprint to traceback intruders, and to detect stepping-stone intrusion; RTT-thumbprint is a sequence of timestamp pairs of a send packet and its corresponding echoed packets. Each pair of timestamps represents a round trip time (RTT) of a packet. Besides the advantages of efficiency, secrecy, and robustness, RTT-thumbprint has the ability to defeat intruder's random delay and chaff manipulation. An exhaustive and a heuristic algorithm are proposed to correlate RTT-thumbprints. The results showed that the heuristic algorithm performs as good as the exhaustive one but is more efficient