1 |
E. Casey, "Network traffic as a source of evidence: tool strengths, weaknesses, and future needs," Digital Investigation, vol. 1, no. 1, pp. 28-43, Feb. 2004.
DOI
ScienceOn
|
2 |
N. Meghanathan, S.R. Allam, and L.A. Moore, "Tools and techniques for Network Forensics," International Journal of Network Security and its Applications, vol. 1, no. 1, pp. 14-25, 2009.
|
3 |
Web Historian, http://www.mandiant.com/products/free_software/web_historian
|
4 |
Index.dat Analyzer, http://majorgeeks.com/Index.dat_Analyzer_d5259.html
|
5 |
eMailTrackerPro. http://www.emailtrackerpro.com
|
6 |
TCPDUMP, http://www.tcpdump.org
|
7 |
Wireshark, http://www.wireshark.org
|
8 |
Z. Gao, and N. Ansari, "Tracing cyber attacks from the practical perspective," Communications Magazine IEEE, vol. 43, no. 5, pp. 123-131, May. 2005.
|
9 |
R. Stone, "CenterTrack: An IP Overlay Network for Tracking DoS Floods," Ninth USENIX Security Symp (Security '00), pp. 199-212, 2000.
|
10 |
S.M. Bellovin, "ICMP traceback Messages," Internet Draft: draft-bello-vin-itrace-00.txt, Mar. 2000.
|
11 |
A. C. Snoeren et al, "Hash-based IP traceback," in Proc. ACM SIGCOMM, vol. 31, no. 4, pp. 3-14, Oct. 2001
|
12 |
S. Savage et al., "Network Support for IP traceback," ACM/IEEE Trans. Networking, vol. 9, no. 3, pp. 226-237, Jun. 2001.
DOI
ScienceOn
|
13 |
D.X. Song and A. Perrig, "Advanced and Authenticated Marking Schemes for IP traceback," Proc. IEEE INFOCOM '01, pp. 878-886, 2001.
|
14 |
A. Belenky and N. Ansari, "IP traceback with Deterministic Packet Marking," IEEE Comm. Letters, vol. 7, no. 4, pp. 162-164, Apr. 2003.
DOI
|
15 |
Y. Xiang, W. Zhou and M. Guo. "Flexible deterministic packet marking: an IP traceback system to find the real source of attacks," IEEE Transactions on Parallel and Distributed Systems, vol. 20, no. 4, pp. 567-580, Apr. 2009.
DOI
|
16 |
H. Aljifri, "IP traceback : A New Denial-of-Service Deterrent," IEEE Security and Privacy, vol. 1, no. 3, pp. 24-31, May. 2003.
DOI
ScienceOn
|
17 |
George Tsirtsis and Pyda Srisuresh, "Network Address Translation - Protocol Translation (NAT-PT)," RFC 2766, Feb 2000.
|
18 |
L. T. Heberlein and M. Bishop, "Attack class: Address spoofing," in Natl. Information Systems Security Conf, pp. 371-378, Oct. 1996
|
19 |
B. A. Forouzan. TCP/IP Protocol Suite, 4th Ed., McGraw Hill, 2009
|
20 |
H. Krawczyk, M. Bellare, and R. Canetti, "HMAC: Keyed-hashing for message authentication," RFC 2104, Feb 1997.
|
21 |
J. Postel, "Internet protocol," RFC 791, Sep 1981.
|
22 |
netflow, http://www.cisco.com
|
23 |
libipq, http://www.netfilter.org/projects/index.html
|
24 |
OpenSSL, http://www.openssl.org
|
25 |
libpcap, http://www.tcpdump.org
|
26 |
mausezahn, http://www.perihel.at/sec/mz
|
27 |
C. Fraleigh, et al, "Packet-level traffic measurements from the sprint IP backbone," IEEE Network, vol. 17, no. 6, pp. 6-16, Nov. 2003.
DOI
ScienceOn
|