Mark
Crosbie,
Detect a SATAN scan of your system
Keywords: SATAN scan detector, network monitoring
Abstract: A simple PERL script that will detect a heavy
SATAN scan by monitoring the output of the TCP wrappers package.
You must have TCP wrappers (/pub/tools/unix/tcp_wrappers)
installed to use this.
Steve Chapin, Papers
by Steve Chapin of Purdue University
Abstract: Papers by Steve Chapin from Purdue University,
Indiana.
Gene H. Kim, Papers by
Gene H. Kim
Abstract: Papers by Gene H. Kim from Purdue University,
Indiana. Reports on Tripwire and experiences with Tripwire.
Ivan
Krsul, Papers
by Ivan Krsul (COAST Lab) of Purdue University
Abstract: Papers by Ivan Krsul from Purdue University,
Indiana. Includes Master's thesis on Authorship Analysis.
Sandeep
Kumar, Papers
by Sandeep Kumar (COAST Lab) of Purdue University
Abstract: Papers by Sandeep Kumar from Purdue University,
Indiana. Includes a paper on portable virus scanners and
intrusion detection by pattern matching.
Mark
Crosbie, Papers
by Mark Crosbie (COAST Lab( of Purdue University
Abstract: Papers by Mark Crosbie on using Autonomous
Agents to defend computer systems.
Christoph
L. Schuba, Papers
by Christoph L. Schuba (COAST Lab) of Purdue
University
Abstract: Papers by Christoph L. Schuba from Purdue
University, Indiana. Includes Master's thesis on spoofing DNS
servers and a paper on this.
Christoph
Schuba, Bryan Lyles,
A Reference Model for Firewall technology and its implications
for connection signaling (A related
WWW homepage exists for this item)
Keywords: firewall, signaling, model
Abstract: This paper concentrates on one particular aspect
of providing communication security: firewalls between domains of
trust. We argue that signaling support for providing scalable
security services is a design requirement. On this basis we
outline a reference model for firewall technology. It captures
the current state of the art and proves suitable for
connection-oriented high-performance networksThe architecture is
an improvement in network management and provides a controlled
exposure of the internal network structure to the outside, and
transparency to the user. Its components are endpoint
authentication, call admission control, connection
authentication, audit, and a distributed architecture with
centralized policy. The paper discusses implications of this
reference model for the design of signaling protocols.
Christoph
L. Schuba, Berry
Kercheval, Eugene
H. Spafford,
Classical IP and ARP over ATM
Abstract: This paper gives a self-contained description of
classical IP (internet protocol) and ARP (address resolution
protocol) over ATM (asynchronous transfer mode) and describes a
model facilitating the implementation of the switched virtual
circuit-based local area network ATM subnet model. Its contents
are distilled from the design and implementation of a prototype
of a device driver for this particular subnet model. The work was
conducted at the Computer Science Laboratory (CSL) at the Xerox
Palo Alto Research Center (PARC).
Christoph
L. Schuba, Eugene
H. Spafford,
Countering Abuse of Name--Based Authentication in the Domain Name
System
Abstract: Authentication in distributed systems is usually
based on the identity of participating entities. In some
communications systems, identities are partially or wholly
resolved using hostnames or machine addresses in the underlying
protocol suite. If no cryptographic capabilities are used that
identify subject--object interactions, host identification can be
part of the authentication. A crucial link in the chain of
authentication is therefore the association between hostnames and
their respective protocol addresses. The validity of the
authentication can be trusted only as much as the binding process
itself. In the Internet this name resolution is provided by a
widely--implemented distributed database system: the Domain Name
System (DNS). Dynamic configuration behavior, system efficiency,
and volume of binding requests demand late binding between
hostnames and addresses, and caching of the mappings. This paper
describes problems of name--based authentication requiring late
binding that may result in the spoofing of hostnames. Attacks
based on the discussed vulnerabilities have already been
observed. This paper states the problem in an abstract way and in
the concrete case of the DNS. It analyzes the conditions that
facilitate the exploitation of the problem and explains the
weaknesses that are present. Some possible solutions are
explained, with emphasis on a DNS protocol extension that
utilizes cryptographic methods in the name resolution process.
This paper motivates the necessity to migrate to secure name
resolution as soon as possible.
Eugene
H. Spafford, Papers
by Gene Spafford (COAST Lab) of Purdue University
Abstract: Papers by Gene Spafford (COAST Lab director)
from Purdue University, Indiana. Includes papers on software
forensics, spoofing DNS servers, authorship analysis, COPS
integrity checker, Tripwire file integrity checker, OPUS password
checker, a paper on Viruses as Artificial Life and material on
the Internet Worm.
Stephen Weeber, Papers
by Stephen Weeber of Purdue University
Abstract: Papers by Stephen Weeber from Purdue University,
Indiana. Includes a paper with Eugene H. Spafford on Software
Forensics.
Built by Mark Crosbie and Ivan Krsul.