Last week you may have seen this Packet Analysis Challenge posted by at the SANS Internet Storm Center. I downloaded the trace and looked at it using Tcpdump. After about five minutes I recognized the pattern as one I wrote about in late 1999 and presented that paper at SANS 2000.
I submitted a link to my paper as an explanation, and Lorna wrote back
Yes, this traffic falls into the category of the one you discuss in "A Final Case". The traffic I posted was sumitted to us by a university. You are the first person to get this right! Nicely done!
I also wrote about this patten in the DNS chapter in The Tao of Network Security Monitoring.
If you want to read SANS' explanation of the trace, please read today's solution.
Sabtu, 05 Agustus 2006
The Old Man Still Has It
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar