Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 13:04:28 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2077544770&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fpapers%2FIDS%2Fintv2-8.pdf%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2077544770.1338210268.1338210268.1338210268.1%3B%2B__utmz%3D32867617.1338210268.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/11448/intv2-8.pdf http://packetstormsecurity.org/files/11448/intv2-8.pdf http://packetstormsecurity.org/files/11448/intv2-8.pdf.html Sun, 05 Nov 2000 00:02:23 GMT "Interpreting Network Traffic" takes a look at modern reconnaissance activity from the viewpoint of the intrusion detection analyst. The author introduces general principles of network intrusion detection, and explains the basics of a TCP connection through its representation in TCPDump format. He then dissects specific network events in TCPDump format, including scans, third party effects of SYN floods, and load balancing systems. He also presents an argument to refute the existence of "reset scans."