Detecting spoofed packets

Proceedings - DARPA Information Survivability Conference and Exposition, DISCEX 2003

Volumn 1, Issue , 2003, Pages 164-175

  Templeton, S J ^a   Levitt, K E ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Computer science; Ethernet networks; Intrusion detection; Probes; Protocols; Routing; Telecommunication traffic

Indexed keywords

COMPUTER NETWORKS; COMPUTER SCIENCE; ETHERNET; INTERNET PROTOCOLS; MERCURY (METAL); NETWORK PROTOCOLS; PROBES; TELECOMMUNICATION TRAFFIC;

ETHERNET NETWORKS; FALSE POSITIVE; INTRUSION DETECTION SYSTEMS; IP ADDRESSS; NETWORK TRAFFIC; PASSIVE METHODS; ROUTING; SOURCE ADDRESS;

INTRUSION DETECTION;

EID: 84942239729     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/DISCEX.2003.1194882     Document Type: Conference Paper

References (33)

1. antirez. New tcp scan method. BugTraq, http://www.securityfocus.com/archive/1/11581, February 2001.
2. ARPwatch. Lawrence Berkely National Labs Network Research Group, http://ftp.ee.lbl.gov.
3. T. Aura and P. Nikander. Stateless connections. Proc. International Conference on Information and Communications Security (ICICS'97), Beijing, China, 1997.
4. S. Bellovin. Using the Domain Name System for System Break-ins. Proc. of the 5th UNIX Security Symposium, pp.199-208, June 1995.
5. S. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communications Review, vol. 19, no. 2, pp. 32-48, April 1989.
6. S. Bellovin. RFC 1948: Defending Against Sequence Number Attacks. http://www.ietf.org/rfc/rfc1948.txt, May 1996.
7. H. Chang, R. Narayan, S. Wu, B. Vetter, X. Wang, M. Brown, J. Yuill, C. Sargor, F. Jou, and F. Gong. DECIDUOUS: decentralized source identification for network-based intrusions. Proc. of the Sixth IFIP/IEEE International Symposium on Integrated Network Management, May 1999.
8. CERT Coordination Center. Smurf IP denial-of-service attacks. CERT Advisory CA-1998-01, Computer Emergency Response Team, http://www.cert.org/advisories/CA-1998-01.html, January 1998.
9. H. Chang, S. Wu and Y. Jou. "Real-Time Protocol Analysis for Detecting Link-State Routing Protocol Attacks". ACM Transaction on Information and System Security (TISSEC), Feb. 2001.
10. Computer Incident Advisory Committee (CIAC). Advisory Notice F-08 Internet Spoofing and Hijacked Session Attacks. 1995.
11. CERT Coordination Center. Spoofed/Forged Email. http://www.cert.org/tech-tips/email-spoofing.html, April 1999.
12. Daemon9. IP Spoofing Demystified. Phrack Magazine Review, Vol 7, No. 48, 48-14, June 1996.
13. R. Deraison. Nessus Security Scanner. http://www.nessus.org, 1998.
14. R. Droms. RFC 2131: Dynamic Host Configuration Protocol. http://www.ietf.org/rfc/rfc2131, March 1997.
15. T. Dunigan. Backtracking spoofed packets. http://www.epm.ornl.gov/~dunigan/oci/back.ps, 2000.
16. L. T. Heberlein and M. Bishop. Attack Class: Address Spoofing. Proc. of the 19th National Information Systems Security Conference, pages 371-377, October 1996.
17. L. Joncheray. A Simple Active Attack Against TCP. Proc. Fifth Usenix UNIX Security Symposium, 1995.
18. S. Kent and R. Atkinson. Security architecture for the Internet protocol. RFC 2401: Internet Engineering Task Force, November 1998.
19. F. Lau, S. H. Rubin, M. H. Smith, and Lj. Trajkovic. Distributed denial of service attacks. Proc. 2000 IEEE Int. Conf. on Systems, Man, and Cybernetics, Nashville, TN, pp. 2275-2280, October 2000.
20. L0pht Heavy Industries. Antisniff Technical Documentation. http://www.l0pht.com/antisniff/techaper.html, October 2000.
21. V. Paxson. End-to-end Routing Behavior in the Internet. to appear in Proc. SIGCOMM '96, August 1996.
22. J. Postel. RFC 791: DARPA Internet Program Protocol Specification. http://www.ietf.org/rfc/rfc791, September 1981.
23. J. Postel. Transmission Control Protocol. RFC 793. http://www.ietf.org/rfc/rfc793.txt, September 1981.
24. S. Savage, D. Wetherall, A. Karlin, and T. Anderson. Practical network support for IP traceback. Proc. of the 2000 ACM SIGCOMM Conference, August 2000.
25. C. Schuba and E. Spafford. Countering abuse of name-based authentication. Proc. 22nd Annual Telecommunications Policy Research Conference, 1996.
26. W. Richard Stevens. TCP/IP Illustrated. Volume I - The Protocols. Addison-Wesley. 1st edition. December 1994.
27. D. Schnackenberg, K. Djahandari., and D. Sterne. Infrastructure for Intrusion Detection and Response. Proc. of the DARPA Information Survivability Conference and Exposition (DISCEX '00), 2000.
28. S. Staniford-Chen and L. T. Heberlein. Holding Intruders Accountable on the Internet. Proc. of the 1995 IEEE Symposium on Security and Privacy, Oakland, CA, pages 39-49, May 1995.
29. S. Templeton and K. Levitt. A Requires/Provides Model for Computer Attacks. Proc. of the New Security Paradigms Workshop 2000, Cork Ireland, September 2000.
30. S. Whalen. An Introduction to ARP Spoofing. http://packetstorm.securify.com/papers/protocols/intro-to-arp-spoofing.pdf, June 2001.
31. S. Wu, H. Chang, et al. JiNao: Design and Implementation of a Scalable Intrusion Detection System for the OSPF Routing Protocol. Journal of Computer Networks and ISDN Systems, 1999.
32. M. Zalewski. Strange Attractors and TCP/IP Sequence Number Analysis. http://razor.bindview.com/publish/papers/tcpseq.html, 2001.
33. S. Staniford, J. Hoagland, and J. McAlerney. Practical Automated Detection of Stealthy Portscans. To be published, Journal of Computer Security. http://www.silicondefense.com/pptntext/Spice-JCS.pdf