Loading...
Please wait, while we are loading the content...
Finding and Containing Enemies Within the Walls with Self-securing Network Interfaces (CMU-CS-03-109)
| Content Provider | Semantic Scholar |
|---|---|
| Author | Ganger, Gregory R. Economou, Gregg Bielski, Stanley M. |
| Copyright Year | 2003 |
| Abstract | Self-securing network interfaces (NIs) examine the packets that they move between network links and host software, looking for and potentially blocking malicious network activity. This paper describes how self-securing network interfaces can help administrators to identify and contain compromised machines within their intranet. By shadowing host state, self-securing NIs can better identify suspicious traffic originating from that host, including many explicitly designed to defeat network intrusion detection systems. With normalization and detection-triggered throttling, selfsecuring NIs can reduce the ability of compromised hosts to launch attacks on other systems inside (or outside) the intranet. We describe a prototype self-securing NI and example scanners for detecting such things as TTL abuse, fragmentation abuse, “SYN bomb” attacks, and random-propagation worms like Code-Red. We thank the members and companies of the PDL Consortium (including EMC, Hewlett-Packard, Hitachi, IBM, Intel, Network Appliance, Panasas, Seagate, Sun, and Veritas) for their interest, insights, feedback, and support. We thank IBM and Intel for hardware grants supporting our research efforts. This material is based on research sponsored by the Air Force Research Laboratory, under agreement number F49620-01-1-0433. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Air Force Research Laboratory or the U.S. Government. |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | http://reports-archive.adm.cs.cmu.edu/anon/2003/CMU-CS-03-109.pdf |
| Alternate Webpage(s) | http://reports-archive.adm.cs.cmu.edu/anon/2003/CMU-CS-03-109.ps |
| Alternate Webpage(s) | http://www.dtic.mil/dtic/tr/fulltext/u2/a490126.pdf |
| Alternate Webpage(s) | http://repository.cmu.edu/cgi/viewcontent.cgi?article=3148&context=compsci |
| Alternate Webpage(s) | http://repository.cmu.edu/cgi/viewcontent.cgi?article=1097&context=pdl |
| Alternate Webpage(s) | http://www.pdl.cmu.edu/PDL-FTP/Secure/CMU-CS-03-109.pdf |
| Alternate Webpage(s) | http://www.pdl.cmu.edu/PDL-FTP/Secure/CMU-CS-03-109.ps |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
