A FastWorm Scan Detection Tool for VPN Congestion Avoidance
Speaking of DIMVA, here's a set of slides from last year's conference that describe a scanning worm detection system. While none of the foundations are new (detect scanning by looking for failed connection requests and unanswered packets), this is a real- world demonstration of it's efficacy. Not surprisingly, P2P apps tend to give false positives. From a slide deck, A FastWorm Scan Detection Tool for VPN Congestion Avoidance, by Arno Wagner,Thomas Dubendorfer, Roman Hiestand, Christoph Goldi, and Bernhard Plattner, from DIMVA 2006.
[Source:wormblog]
Post a Comment