Passive fingerprinting of computer network reconnaissance tools
Beecroft, Alexander J.
Michael, James B.
Buettner, Raymond R.
MetadataShow full item record
This thesis examines the feasibility of passively fingerprinting network reconnaissance tools. Detecting reconnaissance is a key early indication and warning of an adversary's impending attack or intelligence gathering effort against a network. Current network defense tools provide little capability to detect, and much less specifically identify, network reconnaissance. This thesis introduces a methodology for identifying a network reconnaissance tool's unique fingerprint. The methodology confirmed the utility of previous research on visual fingerprints, produced characteristic summary tables, and introduced the application of TCP sequence number analysis to reconnaissance tool fingerprinting. We demonstrate the use of these methods to fingerprint network reconnaissance tools used in a real-world Cyber Defense Exercise scenario.
Approved for public release, distribution unlimited
Showing items related by title, author, creator and subject.
Barton, Keith W. (Monterey, California. Naval Postgraduate School, 2003-06);The Naval Construction Force has traditionally depended on outside sources to obtain and analyze engineering data in contingency situations. The Navy has embarked on an initiative to develop Seabee Engineer Reconnaissance ...
Duong, Binh T. (Monterey, California. Naval Postgraduate School, 2006-03);Honeypots are computer systems deliberately designed to be attack targets, mainly to learn about cyber-attacks and attacker behavior. When implemented as part of a security posture, honeypots also protect real networks by ...
West, Austin (Monterey, California: Naval Postgraduate School, 2015-03);Every day, adversaries bombard Department of Defense computer networks with scanning traffic in order to gather information about the target network. This reconnaissance is typically a precursor to attacks designed to ...