Attack Fallout Traffic Analysis

The other application of black-hole monitoring relies on observing traffic that was never aimed at us in the first place, but which is merely a side effect of other activity.

Worm persistence over time. Note that there is no trivial spike-falloff pattern for CodeRed and that the model behaves like a biological population model.

Figure 18-4. Worm persistence over time. Note that there is no trivial spike-falloff pattern for CodeRed and that the model behaves like a biological population model.

Here we can see how a number of common reconnaissance and attack schemes use address spoofing to conceal an attacker’s identity. The assumption is that an administrator will have difficulty differentiating decoy traffic from bogus addresses from the attacker’s actual probes. Although ...

Get Silence on the Wire now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.