Passive fingerprinting of computer network reconnaissance tools
Approved for public release, distribution unlimited === This thesis examines the feasibility of passively fingerprinting network reconnaissance tools. Detecting reconnaissance is a key early indication and warning of an adversary's impending attack or intelligence gathering effort against a n...
| Main Author: | |
|---|---|
| Other Authors: | |
| Published: |
Monterey, California: Naval Postgraduate School
2012
|
| Online Access: | http://hdl.handle.net/10945/4649 |
| id |
ndltd-nps.edu-oai-calhoun.nps.edu-10945-4649 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-nps.edu-oai-calhoun.nps.edu-10945-46492014-12-04T04:08:47Z Passive fingerprinting of computer network reconnaissance tools Beecroft, Alexander J. Michael, James B. Buettner, Raymond R. Naval Postgraduate School (U.S.) Approved for public release, distribution unlimited This thesis examines the feasibility of passively fingerprinting network reconnaissance tools. Detecting reconnaissance is a key early indication and warning of an adversary's impending attack or intelligence gathering effort against a network. Current network defense tools provide little capability to detect, and much less specifically identify, network reconnaissance. This thesis introduces a methodology for identifying a network reconnaissance tool's unique fingerprint. The methodology confirmed the utility of previous research on visual fingerprints, produced characteristic summary tables, and introduced the application of TCP sequence number analysis to reconnaissance tool fingerprinting. We demonstrate the use of these methods to fingerprint network reconnaissance tools used in a real-world Cyber Defense Exercise scenario. 2012-03-14T17:42:33Z 2012-03-14T17:42:33Z 2009-09 Thesis http://hdl.handle.net/10945/4649 463493347 Monterey, California: Naval Postgraduate School |
| collection |
NDLTD |
| sources |
NDLTD |
| description |
Approved for public release, distribution unlimited === This thesis examines the feasibility of passively fingerprinting network reconnaissance tools. Detecting reconnaissance is a key early indication and warning of an adversary's impending attack or intelligence gathering effort against a network. Current network defense tools provide little capability to detect, and much less specifically identify, network reconnaissance. This thesis introduces a methodology for identifying a network reconnaissance tool's unique fingerprint. The methodology confirmed the utility of previous research on visual fingerprints, produced characteristic summary tables, and introduced the application of TCP sequence number analysis to reconnaissance tool fingerprinting. We demonstrate the use of these methods to fingerprint network reconnaissance tools used in a real-world Cyber Defense Exercise scenario. |
| author2 |
Michael, James B. |
| author_facet |
Michael, James B. Beecroft, Alexander J. |
| author |
Beecroft, Alexander J. |
| spellingShingle |
Beecroft, Alexander J. Passive fingerprinting of computer network reconnaissance tools |
| author_sort |
Beecroft, Alexander J. |
| title |
Passive fingerprinting of computer network reconnaissance tools |
| title_short |
Passive fingerprinting of computer network reconnaissance tools |
| title_full |
Passive fingerprinting of computer network reconnaissance tools |
| title_fullStr |
Passive fingerprinting of computer network reconnaissance tools |
| title_full_unstemmed |
Passive fingerprinting of computer network reconnaissance tools |
| title_sort |
passive fingerprinting of computer network reconnaissance tools |
| publisher |
Monterey, California: Naval Postgraduate School |
| publishDate |
2012 |
| url |
http://hdl.handle.net/10945/4649 |
| work_keys_str_mv |
AT beecroftalexanderj passivefingerprintingofcomputernetworkreconnaissancetools |
| _version_ |
1716726308215455744 |