Communications of the ACM
With microscope and tweezers: the worm from MIT's perspective
Communications of the ACM
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Computer related risks
TCP/IP network administration (2nd ed.)
TCP/IP network administration (2nd ed.)
Windows NT event logging
Internetworking with TCP/IP: Principles, Protocols, and Architecture
Internetworking with TCP/IP: Principles, Protocols, and Architecture
Vulnerabilities of network control protocols: an example
ACM SIGSOFT Software Engineering Notes
Hi-index | 0.00 |
The vulnerability of network infrastructure was illustrated in 1996 when the Internet Domain Name entry for East Timor was removed from various DNS servers. The net effect of this attack was that to all intents and purposes East Timor was removed from the Internet. Now imagine a time a few years in the further when the USA and Europe are all doing business online and imagine what would happen if all .com entries vanished from the Internet. Modern IDS systems simply log events, they do very little else with the data. In this paper, I will demonstrate how network traffic can be analysed to produce a system that is capable of performing real-time (or near-real time) threat analysis of an attack as it happens. This type of analysis offers us the ability to eventually deploy countermeasures thus stopping, or limiting, an attack.