RE: Spoofed scans

From: Jose Nazario (joseat_private)
Date: Wed Jan 09 2002 - 08:58:38 PST

  • Next message: dlaumannat_private: "RE: Machine compromised"

    i believe the normalizations discussed by ven paxson at USENIX Security 01
    can help alleviate the threat of the IP ID scan discussed. another
    excellent discussion of this technique is given in [2].
    
    the openbsd firewall package 'pf' has a scrub action that implements many
    of these normalizations.
    
    1. vern's WAY cool paper.
       http://www.icir.org/vern/papers/norm-usenix-sec-01-html/
    
    2. node in the above paper on IP ID scans:
       http://www.icir.org/vern/papers/norm-usenix-sec-01-html/node8.html
    
    ____________________________
    jose nazario						     joseat_private
    	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
    				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 13:51:05 PST