Investigating the detection of multi-homed devices independent of operating systems
Rhinehart, Javan A.
McEachen, John C.
Martin, Bryan J.
MetadataShow full item record
Networks protected by firewalls and physical separation schemes are threatened by multi-homed devices. The purpose of this study is to detect multi-homed devices on a computer network. More specifically, the goal is to evaluate passive detection of multi-homed devices running various operating systems while communicating on a network. TCP timestamp data was used to estimate clock skews using linear regression and linear optimization methods. Analysis revealed that detection depends on the consistency of the estimated clock skew. Through vertical testing, it was also shown that clock skew consistency depends on the installed operating system. The linear programming and linear regression methods agree with one another when clock skews are consistent, indicating that linear regression is sufficient to identify multi-homed hosts in networks with low network delay. Further analysis showed inconsistencies of clock skew estimation on newer versions of OS X and freeBSD 12.0; the clock skews from these operating systems prevented multi-homed fingerprinting using the proposed detection scheme.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Ardohain, Christopher M. (Monterey, California: Naval Postgraduate School, 2016-06);More than half of all U.S. casualties in Iraq and Afghanistan were caused by improvised explosive devices (IEDs). Despite the spending of over $75 billion to combat this threat, intelligence analysts still lack efficient ...
Martin, Bryan J.; Tummala, Murali; McEachen, John C. (The United States of America, as represented by the Secretary of the Navy, Washington, DC (US), 2018-08-14);The disclosure provides an apparatus and method for the detection of multi-homed hosts on a computer network utilizing a network comprising a plurality of host computers and a central host. Each host computer has one or ...
Martin, Bryan; Tummala, Murali; McEachen, John (IEEE, 2018-01-29);The aim of this paper was to determine the feasibility of identifying a device connected to the Internet through multiple interfaces (i.e., multi-homed) using the information provided by passively observing network traffic. ...