Professional Documents
Culture Documents
COUNTERMEASURES
RAMAN PAL (rp5g09@ecs.soton.ac.uk)
rp5g09@ecs.soton.ac.uk)
SCHOOL OF ELECTRONICS & COMPUTER SCIENCES
SCIENCES,
ES, UNIVERSITY OF SOUTHAMPTON
COUNTERMEASURES
OS DETECTION USING ICMP:- OS 1) ICMP WINDOW RESTRICTION
detection using ICMP can be done by two ways
namely Active Detection and Passive Detection.[8]
SCHEME.[5]
2) STORE, CHECK AND
FORWARD STARTEGY.[5]
Active OS detection means that the 3) ICMP-TRACEBACK
source host sends specified type of date MECHANISM.[2],[9],[11],[12],[13].
packets to the target host. Certain field of
these data packets includes the
4) GLOBAL-DEFENSE-
characteristics of the OS. The returned INFRASTURCTURE FOR
packets can show the type of the OS DETECTING DoS/DDOS[10],[14]
or specify the OS by comparing the OS
fingerprint database with the corresponding
value of certain field in FURTHER READING…
the data packets.[8]
Internet Engineering Task Force Articles and Review
While in the Passive OS Detection paper would be good for read to get updates about
system, the source host does not need to Information Security. http://www.ietf.org/
send detective data packets. It passively
hunts reports sent and received by the target
EC-Council’s Articles & Releases would be good Collaborative Environment- A Survey on DDoS Attack
source of information regarding the latest updates in Tools and Traceback Mechanisms.”
Information Security. http://www.eccouncil.org/
[12] Alex C. Snoeren, et al., "Hash-Based IP
REFERENCES Traceback", ACM Sigcomm, Aug. 2001, pp. 3-14.