• Documents
  • Authors
  • Tables
  • Other Seers ▼
    RefSeer AckSeer CollabSeer SeerSeer
  • Log in
  • Sign up
  • MetaCart

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations | Disambiguate

Detecting Stepping Stones (2000)

Cached

  • Download as a PDF

Download Links

  • [www.cs.utexas.edu]
  • [www.cs.utexas.edu]
  • [www.icir.org]
  • [www-cse.ucsd.edu]
  • [www.usenix.org]
  • [www.aciri.org]

  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Yin Zhang , Vern Paxson
Citations:129 - 7 self
  • Summary
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

BibTeX

@MISC{Zhang00detectingstepping,
    author = {Yin Zhang and Vern Paxson},
    title = {Detecting Stepping Stones},
    year = {2000}
}

Years of Citing Articles

Bookmark

citeulike Connotea Bibsonomy Del.icio.us Digg Reddit

OpenURL

 

Abstract

One widely-used technique by which network attackers attain anonymity and complicate their apprehension is by employing stepping stones: they launch attacks not from their own computer but from intermediary hosts that they previously compromised. We develop an efficient algorithm for detecting stepping stones by monitoring a site’s Internet access link. The algorithm is based on the distinctive characteristics (packet size, timing) of interactive traffic, and not on connection contents, and hence can be used to find stepping stones even when the traffic is encrypted. We evaluate the algorithm on large Internet access traces and find that it performs quite well. However, the success of the algorithm is tempered by the discovery that large sites have many users who routinely traverse stepping stones for a variety of legitimate reasons. Hence, stepping-stone detection also requires a significant policy component for separating allowable stepping-stone pairs from surreptitious access.

Citations

1254 Wide area traffic: The failure of Poisson modeling - Paxson, Floyd - 1995
562 Bro: A system for detecting network intruders in real-time - Paxson - 1999
245 Insertion, evasion, and denial of service: Eluding network intrusion detection - Ptacek, Newsham - 1998
241 The synchronization of periodic routing messages - Floyd, Jacobson - 1994
97 Bro: A System for Detecting Network - Paxson - 1998
95 Holding intruders accountable on the internet - Staniford-Chen, Heberlein - 1995
86 An empirical workload model for driving wide-area tcp/ip network simulations, Internetworking: Research and Experience 3 - Danzig, Jamin, et al. - 1992
41 The finger user information protocol - Zimmerman - 1991
35 D.: RFC 1459: Internet Relay Chat Protocol - Oikarinen, Reed - 1993
22 Telnet Option Specifications - Postel, Reynolds - 1983
10 Telnet Linemode Option - Borman - 1990
9 SSH transport layer protocol - Ylonen - 2003
3 Telnet Environment Option - Alexander - 1994
3 Internet Relay Chat - Oikarinen, Reed - 1993
The National Science Foundation
  • About CiteSeerX
  • Submit Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2010 The Pennsylvania State University