A cop on the beat: collecting and appraising intrusion evidence
Communications of the ACM
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Review: TCP/IP security threats and attack methods
Computer Communications
| Hi-index | 0.00 |
Network scanning is an increasing threat to network security. This paper classifies and analyzes current scanning methods, and draws a conclusion that the current detection and protection of scanning mainly aim at information concealment. A novel system of the detectionand protection named IEDP is presented in this paper. Its concept is discussed and its implementation is described in details. Compared with the current approaches, the concept of IEDP can be recapitulated in one word: "impartation". When detecting a scanning, IEDP gives the scanner bogus information to spoof and confuse him/her. So, for example, when scanning ports, the scanner will find that all ports are listening and can't tell which port is really open. IEDP also adopts a new mechanism called error steering to spoof the scanner.IEDP randomly steers errors in communication with the scanner, let the scanner believe that the communication is unstable and give up scanning. Experiments show that IEDP system is efficient.