Detect a SATAN scan of your system
Keywords: SATAN scan detector, network monitoring
Abstract: A simple PERL script that will detect a heavy SATAN scan by monitoring the output of the TCP wrappers package. You must have TCP wrappers (/pub/tools/unix/tcp_wrappers) installed to use this.
Steve Chapin, Papers
by Steve Chapin of Purdue University
Abstract: Papers by Steve Chapin from Purdue University, Indiana.
Gene H. Kim, Papers by
Gene H. Kim
Abstract: Papers by Gene H. Kim from Purdue University, Indiana. Reports on Tripwire and experiences with Tripwire.
by Ivan Krsul (COAST Lab) of Purdue University
Abstract: Papers by Ivan Krsul from Purdue University, Indiana. Includes Master's thesis on Authorship Analysis.
by Sandeep Kumar (COAST Lab) of Purdue University
Abstract: Papers by Sandeep Kumar from Purdue University, Indiana. Includes a paper on portable virus scanners and intrusion detection by pattern matching.
by Mark Crosbie (COAST Lab( of Purdue University
Abstract: Papers by Mark Crosbie on using Autonomous Agents to defend computer systems.
L. Schuba, Papers
by Christoph L. Schuba (COAST Lab) of Purdue
Abstract: Papers by Christoph L. Schuba from Purdue University, Indiana. Includes Master's thesis on spoofing DNS servers and a paper on this.
Schuba, Bryan Lyles,
A Reference Model for Firewall technology and its implications
for connection signaling (A related
WWW homepage exists for this item)
Keywords: firewall, signaling, model
Abstract: This paper concentrates on one particular aspect of providing communication security: firewalls between domains of trust. We argue that signaling support for providing scalable security services is a design requirement. On this basis we outline a reference model for firewall technology. It captures the current state of the art and proves suitable for connection-oriented high-performance networksThe architecture is an improvement in network management and provides a controlled exposure of the internal network structure to the outside, and transparency to the user. Its components are endpoint authentication, call admission control, connection authentication, audit, and a distributed architecture with centralized policy. The paper discusses implications of this reference model for the design of signaling protocols.
L. Schuba, Berry
Classical IP and ARP over ATM
Abstract: This paper gives a self-contained description of classical IP (internet protocol) and ARP (address resolution protocol) over ATM (asynchronous transfer mode) and describes a model facilitating the implementation of the switched virtual circuit-based local area network ATM subnet model. Its contents are distilled from the design and implementation of a prototype of a device driver for this particular subnet model. The work was conducted at the Computer Science Laboratory (CSL) at the Xerox Palo Alto Research Center (PARC).
L. Schuba, Eugene
Countering Abuse of Name--Based Authentication in the Domain Name
Abstract: Authentication in distributed systems is usually based on the identity of participating entities. In some communications systems, identities are partially or wholly resolved using hostnames or machine addresses in the underlying protocol suite. If no cryptographic capabilities are used that identify subject--object interactions, host identification can be part of the authentication. A crucial link in the chain of authentication is therefore the association between hostnames and their respective protocol addresses. The validity of the authentication can be trusted only as much as the binding process itself. In the Internet this name resolution is provided by a widely--implemented distributed database system: the Domain Name System (DNS). Dynamic configuration behavior, system efficiency, and volume of binding requests demand late binding between hostnames and addresses, and caching of the mappings. This paper describes problems of name--based authentication requiring late binding that may result in the spoofing of hostnames. Attacks based on the discussed vulnerabilities have already been observed. This paper states the problem in an abstract way and in the concrete case of the DNS. It analyzes the conditions that facilitate the exploitation of the problem and explains the weaknesses that are present. Some possible solutions are explained, with emphasis on a DNS protocol extension that utilizes cryptographic methods in the name resolution process. This paper motivates the necessity to migrate to secure name resolution as soon as possible.
H. Spafford, Papers
by Gene Spafford (COAST Lab) of Purdue University
Abstract: Papers by Gene Spafford (COAST Lab director) from Purdue University, Indiana. Includes papers on software forensics, spoofing DNS servers, authorship analysis, COPS integrity checker, Tripwire file integrity checker, OPUS password checker, a paper on Viruses as Artificial Life and material on the Internet Worm.
Stephen Weeber, Papers
by Stephen Weeber of Purdue University
Abstract: Papers by Stephen Weeber from Purdue University, Indiana. Includes a paper with Eugene H. Spafford on Software Forensics.
Built by Mark Crosbie and Ivan Krsul.
Security Archive Homepage.
COAST Project (CERIAS)Page.
Purdue CS Dept page.