The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The addressing and forwarding architecture based on the destination of packets in current Internet typically does not check the authenticity of source address of packets; therefore, it causes a considerable challenge to prevent the attackers from launching attacks by forging source addresses and to trace the real sources which sent the malicious traffic. In this paper, we present a new protocol/architecture...
Distributed denial-of-service (DDoS) attacks became one of the main Internet security problems over the last decade, threatening public web servers in particular. Although the DDoS mechanism is widely understood, its detection is a very hard task because of the similarities between normal traffic and useless packets, sent by compromised hosts to their victims. This work presents a lightweight method...
In this paper, the technology of trusted boundary based on port trust value is discussed. When IP phones are connected to the existing switch-based campus area network, PC is connected to the access port of IP phone. To avoid IP phone is disconnected from the network and PC is directly into the switch port, trusted boundary based on port trust value is applied. In an IP PBX, trusted mode or untrusted...
Edge networks in enterprise networks are increasingly complex and dynamic, raising questions about the ability to maintain a current overview of computing assets on the network and their potential vulnerability. However, to respond to ongoing or impending attacks that may propagate at high speed, it has become crucial to ensure proper and efficient reachability of all network nodes that might be at...
This paper shows a new DNS attack that hijacks DNS requests by frequently injecting fake DNS server, and then network systems communicate with wrong destinations. This type of attack is detectable by neither the IDS nor any anti spoofing software.
This paper, from the LAN Monitor concept, presents LAN Monitor of traditional non-switched networks monitoring as well as the effective solution for switched networks monitoring in terms of ARP spoofing and propose several effective approaches for these two kinds of cases at the same time.
A Network Address Translator allows hosts in a private address space to communicate with servers in the public Internet. There is no accepted solution for an arbitrary host from the public IP network to initiate communication with a host in a private address space although attempts have been made to create one. This paper proposes the replace NATs with a more comprehensive concept we call Customer...
Aiming at the security requirement of the Intranet that is different from Internet, an security architecture for Intranet is proposed. In physical layer and data link layer, based on network switch the intranet is divided into several parts separated from each other as required. In network layer, making use of the NAT gateway integrated in virtual server the intranet or its part is hidden to ensure...
IPv4 is a foundation of Internet communications. Designed many years ago the protocol is inadequate to modern networks. New sixth version is replacing the older one. It is often repeated that IPv6 was designated to solve some performance problems. This statement is true only to some extent. IPv6 deployment (especially in the transition phase) will have large impact, not always positive on many aspects...
This paper describes Address Resolution Protocol (ARP) and the ARP cache poisoning (ARP SPOOFING) problem and presents a proposed architecture for detecting the ARP attacks. In addition, it discusses a set of techniques used to detect the ARP poisoning attacks on switched Ethernet networks. A new practical technique by adding external hardware element to the LAN network to work as sniffer is suggested...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.