Saturday, August 05, 2006

The Old Man Still Has It

Last week you may have seen this Packet Analysis Challenge posted by at the SANS Internet Storm Center. I downloaded the trace and looked at it using Tcpdump. After about five minutes I recognized the pattern as one I wrote about in late 1999 and presented that paper at SANS 2000.

I submitted a link to my paper as an explanation, and Lorna wrote back

Yes, this traffic falls into the category of the one you discuss in "A Final Case". The traffic I posted was sumitted to us by a university. You are the first person to get this right! Nicely done!

I also wrote about this patten in the DNS chapter in The Tao of Network Security Monitoring.

If you want to read SANS' explanation of the trace, please read today's solution.


LonerVamp said...

Love these little challenges! Thanks for posting to it!

Stiennon said...

Kudos Richard!