Security Incidents mailing list archives
RE: Spoofed scans
From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Wed, 9 Jan 2002 11:58:38 -0500 (EST)
i believe the normalizations discussed by ven paxson at USENIX Security 01 can help alleviate the threat of the IP ID scan discussed. another excellent discussion of this technique is given in [2]. the openbsd firewall package 'pf' has a scrub action that implements many of these normalizations. 1. vern's WAY cool paper. http://www.icir.org/vern/papers/norm-usenix-sec-01-html/ 2. node in the above paper on IP ID scans: http://www.icir.org/vern/papers/norm-usenix-sec-01-html/node8.html ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Spoofed scans, (continued)
- Re: Spoofed scans James (Jan 07)
- Re: Spoofed scans Will Aoki (Jan 07)
- RE: Spoofed scans Bojan Zdrnja (Jan 07)
- Re: Spoofed scans Gideon Lenkey (Jan 07)
- Re: Spoofed scans Crist J. Clark (Jan 07)
- Re: Spoofed scans Richard Arends (Jan 07)
- RE: Spoofed scans Paul M. Tiedemann (Jan 08)
- Re: Spoofed scans Dave Ryan (Jan 08)
- RE: Spoofed scans Gideon Lenkey (Jan 08)
- RE: Spoofed scans Joshua Wright (Jan 09)
- RE: Spoofed scans Jose Nazario (Jan 09)