M. Smart

Concordia University‚ÄďAnn Arbor, Ann Arbor, Michigan, United States

Are you M. Smart?

Claim your profile

Publications (3)2.01 Total impact

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper describes the design and implementation of protocol scrubbers. Protocol scrubbers are transparent, interposed mechanisms for explicitly removing network scans and attacks at various protocol layers. The transport scrubber supports downstream passive network-based intrusion detection systems by converting ambiguous network flows into well-behaved flows that are unequivocally interpreted by all downstream endpoints. The fingerprint scrubber restricts an attacker's ability to determine the operating system of a protected host. As an example, this paper presents the implementation of a TCP scrubber that eliminates insertion and evasion attacks-attacks that use ambiguities to subvert detection-on passive network-based intrusion detection systems, while preserving high performance. The TCP scrubber is based on a novel, simplified state machine that performs in a fast and scalable manner. The fingerprint scrubber is built upon the TCP scrubber and removes additional ambiguities from flows that can reveal implementation-specific details about a host's operating system.
    IEEE/ACM Transactions on Networking 05/2004; 12(2):261- 273. · 2.01 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Describes the design and implementation of protocol scrubbers. Protocol scrubbers are transparent, active interposition mechanisms for explicitly removing network scans and attacks at various protocol layers. The transport scrubber supports downstream passive network-based intrusion detection systems by converting ambiguous network flows into well-behaved flows that are unequivocally interpreted by all downstream end-points. The fingerprint scrubber restricts an attacker's ability to determine the operating system of a protected host. As an example, this paper presents the implementation of a TCP scrubber that eliminates insertion and evasion attacks - attacks that use ambiguities to subvert detection - on passive network-based intrusion detection systems, while preserving high performance. The TCP scrubber is based on a novel, simplified state machine that performs in a fast and scalable manner. The fingerprint scrubber is built upon the TCP scrubber and removes additional ambiguities from flows that can reveal implementation-specific details about a host's operating system
    DARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings; 02/2001
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper describes the design and implementation of a TCP/IP stack fingerprint scrubber. The fingerprint scrubber is a new tool to restrict a remote user's ability to determine the operating system of another host on the network. Allowing entire subnetworks to be remotely scanned and characterized opens up security vulnerabilities. Specifically, operating system exploits can be efficiently run against a pre-scanned network because exploits will usually only work against a specific operating system or software running on that platform. The fingerprint scrubber works at both the network and transport layers to convert ambiguous traffic from a heterogeneous group of hosts into sanitized packets that do not reveal clues about the hosts' operating systems. This paper evaluates the performance of a fingerprint scrubber implemented in the FreeBSD kernel and looks at the limitations of this approach.
    01/2000;

Publication Stats

105 Citations
2.01 Total Impact Points

Institutions

  • 2004
    • Concordia University‚ÄďAnn Arbor
      Ann Arbor, Michigan, United States
  • 2000
    • University of Michigan
      • Department of Electrical Engineering and Computer Science (EECS)
      Ann Arbor, Michigan, United States