Académique Documents
Professionnel Documents
Culture Documents
INTRODUCTION
650
AGENT SPECIFICATION
651
652
653
has_ip_options(packet) drop(packet)
zero_fragment_number(packet) drop(packet)
ip_source_routing(packet) drop(packet)
TTL attacks. The attacker sends IP packets with
small TTL (Time To Live) hopping they would expire
at the victims interface, to force the User Agent
dropped them and send an error message requiring
computational resources and consuming the agents
bandwidth which leads to a decrease in productivity
since fewer resources are available. When receiving
such an IP packets, it will believe that either this is a
normal event, since it is allowed event, or constitutes
an attack ttl_expireB(attack legal_event). Note that
even though, the Security Agent could, at a certain
point, believe that this was not a legal event
Blegal_event, one cannot infer B attack using this
specification. In contrast, if such packets originate
from a single machine then this might be an attack:
B broker_request(attacker)
B broker(attacker)
ins(broker(attacker))
send_secrets(packet)
tcp_sequence_error enable(drop(packet))
B packet_src(attacker) drop(packet)
IMPLEMENTATION
654
655
656
657
658
Experimentation
BPF_JEQ
659
Conclusions
660
661