Linux network administrator's guide (2nd ed.)
Linux network administrator's guide (2nd ed.)
Cisco IOS 12.0 Switching Services
Cisco IOS 12.0 Switching Services
Remote Physical Device Fingerprinting
IEEE Transactions on Dependable and Secure Computing
On Recognizing Virtual Honeypots and Countermeasures
DASC '06 Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Distributed Evasive Scan Techniques and Countermeasures
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Hi-index | 0.00 |
In an earlier article we examined reconnaissance activity over networks and discussed some of the challenges in detecting such behaviour.^1 One approach to dealing with such activity is false positive response.^2 The purpose of false positive response is to make it difficult for an intruder to distinguish between the operational active address space and the inactive one, and between genuine and decoy hosts. Such an approach is designed to render any reconnaissance information useless and make it difficult to obtain accurate information about a potential target network.