Abstract
Port scanning is a reconnaissance phase of networking and many researchers have implemented different techniques to secure the network from port scan attacks. Intrusion Detection System (IDS) is also one of them and SNORT is an open source tool for Intrusion Detection and Prevention System. Today port scanning is a growing technology in network security to perform penetration testing and hacking and mostly researchers have focused in this field to detect stealth port scan attacks named as FIN scan, XMUS and NULL scan. To detect these attacks some of them used signature or rule-based technique and some are anomaly based techniques to improve security of network. In above techniques rules used FIN, PSH, and URG flag to detect attack but in case of idle port scan attack rules used FIN and RST flags which is also part of TCP connect() method so using this flag directly will generate the false alarm. In this paper we propose an IP identification number based detection plug-in to detect idle port scan attack. In this proposed techniques we will able to detect the idle port scan attack using FIN and RST flag with IP ID number of packet.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.