A Recursive Session Token Protocol for use in Computer Forensics and TCP Traceback
نویسندگان
چکیده
We introduce a new protocol designed to assist in the forensic investigation of malicious network-based activity, specifically addressing the stepping-stone scenario in which an attacker uses a chain of connections through many hosts to hide his or her identity. Our protocol, the Session TOken Protocol (STOP), enhances the Identification Protocol (ident) infrastructure by sending recursive requests to previous hosts on the connection chain. The protocol has been designed to protect user’s privacy by returning a token that is a hash of connection information; a system administrator can later decide whether to release the information relating to the token depending on the circumstances of the request.
منابع مشابه
Session Based Logging (SBL) for IP-Traceback on Network Forensics
The widely acknowledged problem of reliably identifying the origin of information in cyberspace has been the subject of much research. Due to the nature of the Internet protocol, the source IP can be easily falsified which results in numerous problems including infamous denial of service attacks. The combination of smart devices with powerful processing capabilities once observed only in mainfr...
متن کاملSession Based Packet Marking and Auditing for Network Forensics
The widely acknowledged problem of reliably identifying the origin of network data has been the subject of many research works. Due to the nature of Internet Protocol, a source IP can be easily falsified which results in numerous problems, including the infamous denial of service attacks. In this paper, two light-weight novel approaches are proposed to solve this problem by providing simple and...
متن کاملOn Teaching TCP/IP Protocol Analysis to Computer Forensics Examiners
Digital investigators have an increasing need to examine data network logs and traffic, either as part of criminal or civil investigations or when responding to information security incidents. To truly understand the contents of the logs and the data packets, examiners need to have a good foundation in the protocols comprising the Transmission Control Protocol/Internet Protocol (TCP/IP) suite. ...
متن کاملATTENTION: ATTackEr Traceback Using MAC Layer AbNormality DetecTION
Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks can cause serious problems in wireless networks due to limited network and host resources. Attacker traceback is a promising solution to take a proper countermeasure near the attack origins, to discourage attackers from launching attacks, and for forensics. However, attacker traceback in Mobile Ad-hoc Networks (MANETs) is a challenging ...
متن کاملCATCH: A protocol framework for cross-layer attacker traceback in mobile multi-hop networks
1570-8705/$ see front matter 2009 Elsevier B.V doi:10.1016/j.adhoc.2009.07.002 * Corresponding author. Tel.: +1 858 740 4505. E-mail addresses: [email protected], v2 Kim), [email protected] (A. Helmy). Flooding-type Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks can cause serious problems in mobile multi-hop networks due to its limited network/host resources. Attacker traceback...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2002