ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

Fingerprinting Violating Machines with TCP Timestamps

Proceeding: The Third International Conference on Digital Security and Forensics (DigitalSec2016)

Publication Date:

Authors : ;

Page : 68-73

Keywords : TCP Timestamp; Protocol Artifact; Fingerprinting;

Source : Downloadexternal Find it from : Google Scholarexternal


Cyber crime has increased as a side effect of the dramatic growth in Internet deployment. Identifying machines that are responsible about crimes is a vital step in an attack investigation. Tracking the IP address of the attacker to its origin is indispensable. However, apart from finding the attacker's (possible) machine, it is inevitable to provide supportive proofs to bind the attack to the attacker's machine, rather than depending solely on the IP address of the attacker, which can be dynamic. This paper proposes to implant such supportive proofs by utilizing the timestamps in the TCP header. Our results show that unique timestamps can be recovered in target machines. In addition, because a violator is unaware of (and has no control over) the internals of the TCP, the investigation process is empowered with stealth. To the best of our knowledge, we are the first to utilize protocol remnants in fingerprinting violating machines.

Last modified: 2016-09-11 23:54:01