Passive fingerprinting of computer network reconnaissance tools
Loading...
Authors
Beecroft, Alexander J.
Subjects
Advisors
Michael, James B.
Date of Issue
2009-09
Date
Publisher
Monterey, California: Naval Postgraduate School
Language
Abstract
This thesis examines the feasibility of passively fingerprinting network reconnaissance tools. Detecting reconnaissance is a key early indication and warning of an adversary's impending attack or intelligence gathering effort against a network. Current network defense tools provide little capability to detect, and much less specifically identify, network reconnaissance. This thesis introduces a methodology for identifying a network reconnaissance tool's unique fingerprint. The methodology confirmed the utility of previous research on visual fingerprints, produced characteristic summary tables, and introduced the application of TCP sequence number analysis to reconnaissance tool fingerprinting. We demonstrate the use of these methods to fingerprint network reconnaissance tools used in a real-world Cyber Defense Exercise scenario.
Type
Thesis
Description
Series/Report No
Department
Information Warfare Systems Engineering
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
xiv, 71 p. : ill. ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.