Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
Method to Find Stepping Stones By Comparing Network Latency Times from Different Protocol Stack LayersAliases:NoneTechnical Challenge:This method addresses the problem of detecting when a stepping-stone is being used in an attack on one's system. If a stepping-stone is detected, this method may be used to help to identify if the attacking computer is near or far from the stepping-stone computer.Description:Frequently, when a hacker attacks a computer, the hacker uses one or more intermediary computers to hide the location of the attacking computer. These intermediary computers are called "stepping-stones". It also indicates if the attacking computer is near or far from the stepping stone computer. This method uses data passively collected from the network and cannot be detected by a hacker watching for possible countermeasures to his attack. After collecting the data, this method filters out specified network data, compares the latency time from different network layer data. If the latency is above a specified threshold, an alert is sent to the network or computer security analyst. The analyst may adjust the collection parameters, data filtering parameters, and the alert latency threshold.Demonstration Capability:Only part of this procedure has been implemented in a software program, which can be easily demonstrated.Potential Commercial Application(s):This method may be incorporated in a tool to search for the location of a hacking attack. If the tool indicates that there is a stepping-stone and the attacking computer is near or far from the stepping-stone, a computer analyst can use this information to help them locate the hacker.Patent Status:A patent application has been filed with USPTO.Reference Number: 1377If you are interested in exploring this technology further, please call 443-445-7159 or express your interest in writing to the: National Security Agency |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15 2009 |