« DIMVA 2007 - Call for Papers | Main | Experiences Using Minos as A Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities »
A FastWorm Scan Detection Tool for VPN Congestion Avoidance
Speaking of DIMVA, here's a set of slides from last year's conference that describe a scanning worm detection system. While none of the foundations are new (detect scanning by looking for failed connection requests and unanswered packets), this is a real- world demonstration of it's efficacy. Not surprisingly, P2P apps tend to give false positives. From a slide deck, A FastWorm Scan Detection Tool for VPN Congestion Avoidance, by Arno Wagner,Thomas Dubendorfer, Roman Hiestand, Christoph Goldi, and Bernhard Plattner, from DIMVA 2006.
September 23, 2006 in detection, tools | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
The comments to this entry are closed.
