Passive Fingerprinting Of Computer Network Reconnaissance Tools
NAVAL POSTGRADUATE SCHOOL MONTEREY CA
Pagination or Media Count:
This thesis examines the feasibility of passively fingerprinting network reconnaissance tools. Detecting reconnaissance is a key early indication and warning of an adversarys impending attack or intelligence gathering effort against a network. Current network defense tools provide little capability to detect, and much less specifically identify, network reconnaissance. This thesis introduces a methodology for identifying a network reconnaissance tools unique fingerprint. The methodology confirmed the utility of previous research on visual fingerprints, produced characteristic summary tables, and introduced the application of TCP sequence number analysis to reconnaissance tool fingerprinting. We demonstrate the use of these methods to fingerprint network reconnaissance tools used in a real-world Cyber Defense Exercise scenario.
- Anatomy and Physiology
- Computer Systems
- Machinery and Tools