The Old Man Still Has It

Last week you may have seen this Packet Analysis Challenge posted by at the SANS Internet Storm Center. I downloaded the trace and looked at it using Tcpdump. After about five minutes I recognized the pattern as one I wrote about in late 1999 and presented that paper at SANS 2000.

I submitted a link to my paper as an explanation, and Lorna wrote back

Yes, this traffic falls into the category of the one you discuss in "A Final Case". The traffic I posted was sumitted to us by a university. You are the first person to get this right! Nicely done!

I also wrote about this patten in the DNS chapter in The Tao of Network Security Monitoring.

If you want to read SANS' explanation of the trace, please read today's solution.


Unknown said…
Love these little challenges! Thanks for posting to it!
Anonymous said…
Kudos Richard!

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics