ARDA research into "Intelligent Trace-Back"
A colleague, Gadi Evron, forwarded a link to a post that merits attention:
We seek to develop tools and techniques for the traceback of attacks carried out over information networks to their originating source. Attacks on information assets of the Intelligence Community (IC) can occur over restricted or open networks using the Internet Protocol (IP). These attacks begin with an originating host, may involve passing information through various stepping stone hosts to reach a controller node, which in turn might control a number of zombie hosts that have malicious software implanted within them (most often without their knowledge or consent). Upon a signal, these zombies may attack one or more target machines, to perform either a denial of service attack or to modify or exfiltrate information from them. In between participating hosts, the packet stream may transit many network devices such as routers, switches or network address translation (NAT) devices. (The distinguishing feature of a network device is that it does not initiate or terminate packet streams, but merely directs or modifies them. When an attack packet stream transits one of these devices, it becomes a "Router on Path" or a "NAT on Path". For the purposes of this document, routers and switches will be referred to as routers.)
posted by Fergie @ 5/01/2005 04:06:00 PM
0 Comments:
Post a Comment
<< Home