Accession Number:

ADA509167

Title:

Passive Fingerprinting Of Computer Network Reconnaissance Tools

Descriptive Note:

Master's thesis

Corporate Author:

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Personal Author(s):

Report Date:

2009-09-01

Pagination or Media Count:

88.0

Abstract:

This thesis examines the feasibility of passively fingerprinting network reconnaissance tools. Detecting reconnaissance is a key early indication and warning of an adversarys impending attack or intelligence gathering effort against a network. Current network defense tools provide little capability to detect, and much less specifically identify, network reconnaissance. This thesis introduces a methodology for identifying a network reconnaissance tools unique fingerprint. The methodology confirmed the utility of previous research on visual fingerprints, produced characteristic summary tables, and introduced the application of TCP sequence number analysis to reconnaissance tool fingerprinting. We demonstrate the use of these methods to fingerprint network reconnaissance tools used in a real-world Cyber Defense Exercise scenario.

Subject Categories:

  • Anatomy and Physiology
  • Computer Systems
  • Machinery and Tools

Distribution Statement:

APPROVED FOR PUBLIC RELEASE