Saturday, August 05, 2006

The Old Man Still Has It

Last week you may have seen this Packet Analysis Challenge posted by at the SANS Internet Storm Center. I downloaded the trace and looked at it using Tcpdump. After about five minutes I recognized the pattern as one I wrote about in late 1999 and presented that paper at SANS 2000.

I submitted a link to my paper as an explanation, and Lorna wrote back

Yes, this traffic falls into the category of the one you discuss in "A Final Case". The traffic I posted was sumitted to us by a university. You are the first person to get this right! Nicely done!

I also wrote about this patten in the DNS chapter in The Tao of Network Security Monitoring.

If you want to read SANS' explanation of the trace, please read today's solution.

2 comments:

LonerVamp said...

Love these little challenges! Thanks for posting to it!

Stiennon said...

Kudos Richard!