Sniffing and Chaffing Network Traffic in Stepping-Stone Intrusion Detection

Abstract

Since stepping-stones were widely used to launch attacks over the targets in the Internet, many approaches have been developed to detect stepping-stone intrusion. We found that most of the approaches need to sniff and analyze computer network traffic to detect stepping-stone intrusion. In this paper, we introduce how to make a code to sniff TCP/IP packet. But some intruders can evade detection using TCP/IP session manipulation, such as chaff-perturbation. In order to help researchers understand how a session is manipulated and develop more advanced approaches not only detecting stepping-stone intrusion, but also resisting intruders' manipulation, we present a tool Fragroute which can be used to inject meaningless packets into a TCP/IP session across the Internet.