Listening in on network traffic (network forensics) can reveal whether an application and data communications are secure, and point out possible reconnaissance processes preceding an attack. Learning the signatures of the breach traffic is also the first step in blocking it at bordering devices or at the desktop. The presenter of this webcast begins by displaying numerous trace files indicating network reconnaissance is underway on a network (operating system fingerprinting, IP scans, zombie-based scans, blind UDP scans, application mapping sessions, and directed TCP scans) and identifies the unique signatures in each of these communications.
Did you find this white paper useful?
21 out of 50 users found this white paper useful
Related white papers
Detecting Duplex Mismatch on Ethernet
IEEE 802.3 Ethernet networks, a standard LAN environment, provide a way to auto-negotiate the settings of capacity (10, 100, or 1000 Mb/s) and duplex (full- or half-). Under certain conditions...
An Overview of EtherNet/IP: An Application Layer Protocol for Industrial Automation
This paper presents an overview of Ethernet/IP (EIP), a high-level industrial application layer protocol for industrial automation applications. Built on the standard TCP/IP protocol suite, EIP uses all the traditional...
Utilization of Modern Switching Technology in EtherNet/IP Networks
EtherNet/IP networks are widely used in industrial environments and time-critical applications. This paper characterizes traffic generated in a typical EtherNet/IP network and compare it with office network traffic. The paper...
High Performance User Level Sockets Over Gigabit Ethernet
While a number of User-Level Protocols have been developed to reduce the gap between the performance capabilities of the physical network and the performance actually available, applications that have already...
Integrating Ethernet in Carrier Class Networks
Service providers are experiencing a variety of processing demands for handling the growth of Ethernet traffic in converged IP networks in both metro and core environments. IP convergence, with its...
Implementing Ethernet I/O in the Pulp Mill
The majority of process variables that are displayed to operators, archived in historians, sliced, diced and analyzed by engineers are simple analog and discrete inputs. Large numbers of control outputs...
Improving Determinism of Real-Time Applications Over Ethernet
Current estimates indicate that the number of Industrial Ethernet devices shipped will double in next two years. Modbus TCP and Ethernet/IP together represents already more than 50% of the number...
