• Journal of Convergence Society for SMB
• /
• v.6 no.2
• /
• pp.31-36
• /
• 2016

Sniffing attack is a passive attack which is reassembling packets to collect personal information, bank accounting number, and other important information. Sniffing attack happens in LAN and uses promiscuous mode which is opening filtering by pass all packets in LAN, attackers could catch any packets in LAN, so they can manipulate packets. They are Switch Jamming, Port mirroring, ARP Redirect, and ICMP Redirect attack. To defend these attacks, I proposed to use SSL packet encryption, reconfiguration of switching environment, DNS, and decoy method for defending all kinds of Sniffing attacks.

• The Journal of the Korea Contents Association
• /
• v.5 no.2
• /
• pp.115-121
• /
• 2005

In the present internet environment, various traffic flooding attacks and worm attacks cause economical loss. If IPv4 is substituted by IPv6 because of the lack of IP address, it will be more serious. Therefore, we design and implement the traffic analysis tool which can detect attacks by expecting them encountered in the IPv6 environment. Proposed tool is composed of packet generation module, packet gathering module, discrimination module, and display module in X-windows. As a simulation result, it is proved that it can effectively detect DAD-NA message attack, TCP SYN flooding attack, UDP flooding attack and ICMP flooding attack in the IPv6 environment.

• The Journal of the Korea Contents Association
• /
• v.3 no.1
• /
• pp.21-30
• /
• 2003

Retracing schemes using packet marking are currently being studied to protect network resources by isolating DDoS attack. One promising solution is the probabilistic packet marking (PPM). However, PPM can't use ICMP by encoding a mark into the IP identification field. Likewise, it can't identify the original source through a hash function used to encode trace information and reduce the mark size. In addition, the retracing problem overlaps with the result from the XOR operation. An algorithm is therefore proposed to pursue the attacker's source efficiently. The source is marked in a packet using a router ID, with marking information abstracted.

• Journal of Korea Society of Industrial Information Systems
• /
• v.10 no.2
• /
• pp.67-75
• /
• 2005

In this paper, we design and implement real time IP security packet analyzer on IPv4 and IPv6 network. This packet analyzer sniffs and analyzes the packets generated by the protocols that are used by IPsec, IKE, IPv4 and IPv6 such as AH, ESP, ISAKMP, IP, ICMP and so on. The purpose of this analyzer is to check current security status of the network automatically. In this paper we provide implementation details and the examples of security evaluation by using our security packet analyzer system.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.18 no.6
• /
• pp.213-219
• /
• 2004

This paper describes the developmnet of a web-based boiler controller which can be in parallel operated with an existing boiler controller. The web-based boiler controller mainly consists of RTL8019AS NIC and TS80C32 microcontroller. In order to communicate over the Internet, we need to develop network driver, IP, TCP, UDP, ICMP, and HTTP. For a specific application like web-boiler controller, we have proposed a common global data buffer algorithm to minimize the RAM memory usage. Finally, the correctness and performance of the protocols are tested and verified using CommView and Dummynet. The development is satisfactorily operated only for few hundreds of bytes of RAM usage without sacrificing interoperability between hosts.

• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.523-525
• /
• 2002

DOS (Denial Of Service)에 대한 공격은 시스템의 정상적인 동작을 방해하여 시스템 사용자에 대한 서비스 제공을 거부하도록 만드는 공격으로 현재 이의 공격에 대한 탐지 알고리즘 및 연구들이 많이 제시되고 있다. 본 논문에서는 네트워크 또는 트랜스포트 계층에 해당하는 프로토콜(TCP/IP, ICMP, UDP) 공격을 분석하고 이들 프로토콜의 취약점을 공격하는 DOS 공격 이외의 다른 공격을 탐지하기 위하여 프로토콜의 기능별, 계층별에 따른 모듈화 작업을 통하여 네트워크 침입탐지 시스템을 설계하였다.

• 제어로봇시스템학회:학술대회논문집
• /
• 2005.06a
• /
• pp.1299-1303
• /
• 2005

Over the last decade the research of end-to-end behavior on computer network has grown by orders but it has few researching in hop-by-hop behavior. We think if we know hop-by-hop behavior it can make better understanding in network behavior. This paper represent ICMP time stamp request and time stamp reply as tool of network study for learning in hop-by-hop behavior to estimate link bandwidth and link structure. We describe our idea, experiment tools, experiment environment, result and analysis, and our discussion in our observative.

• Proceedings of the Korea Society for Industrial Systems Conference
• /
• 2001.05a
• /
• pp.261-267
• /
• 2001

In this paper, we have illustrated implementations and there results of network attacks and detections. We consider two attacks, smurf attach and network mapping attack, which are one of the typical intrusions using the ICMP The NFR/sup TM/ is used to capture all of our interesting packets within the network traffic. We implement the smurf and network mapping attacks with the UNIX raw socket, and build the NFR's backend for it's detection. The N-Code programming is used to build the backend. The implementing results show the possibility of preventing illegal intruding to network systems.

• Proceedings of the Korea Multimedia Society Conference
• /
• 2003.05b
• /
• pp.712-715
• /
• 2003

인터넷 데이터 센터란 인터넷 서비스를 제공하는 기업의 서버 및 통신 장비의 운영, 관리를 대행하는 곳으로 장비 관리를 위한 첨단의 설비와 보안 체계, 네트워크가 구성되어 있는 곳이다. 본 논문에서는 웹 기반 IDC 관리형 모니터링 및 관리시스템의 구조를 제안하고 시스템을 구현한다. 웹에서 효과적인 모니터링 및 관리를 위하여 JAVA 기반의 설계를 하였으며, 인터넷 서비스에 대한 효율적인 관리를 위하여 ICMP 프로토콜을 사용하였다. 제안된 시스템을 이용하여 원격지 서버의 상태나 인터넷 서비스의 전반적인 상태를 일정하게 유지하며 웹을 기반으로 하여 모니터링 및 관리를 수행할 수 있다.

• The KIPS Transactions:PartC
• /
• v.11C no.4
• /
• pp.455-462
• /
• 2004

Network attacks are various types with development of internet and are a new types. The existing intrusion detection systems need a lot of efforts and costs in order to detect and respond to unknown or modified attacks because of detection based on signatures of known attacks. In this paper, we present a design and implementation for mining prototype system to predict unknown or modified attacks through network protocol attributes analysis. In order to analyze attributes of network protocols, we use the association rule and the frequent episode. The collected network protocols are storing schema of TCP, UDP, ICMP and integrated type. We are generating rules that can predict the types of network attacks. Our mining prototype in the intrusion detection system aspect is useful for response against new attacks as extra tool.