This paper proposes that any Signature Based Passive Network Intrusion Detection (NID) deployment is incomplete without an 'In-line' 'Packet Level Normaliser'. A number of published papers will be selectively reviewed, assessing their contribution to the development of this field. Focusing on the Network Layer, a 'walkthrough' of the IP protocol will be followed by a Lab where the Normaliser 'norm' will be employed to illustrate core concepts. Packets will be manufactured using 'NetDuDe' and 'Fragroute'. The output will be in 'tcpdump' format. The paper culminates with a brief review of current normaliser technology.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
