MONOSEK – A Network Packet Processing System for Analysis & Detection of TCP Xmas attack using Pattern Analysis

Abstract

Identification of an open or closed port is done using several port scanning techniques and one of them is TCP Xmas scan. In the TCP header, URG, PSH and FIN flags are utilized for scanning the port. On the targeted system, receiving ports are identified. Distinct packets are directed to the target system. There are several port scanning tools like Snort and Wireshark. In this paper we highlight the advantages of Nmap. Nmap is a network scanning tool which is used for penetration testing and host detection. Specially designed packets are sent to the target host and the reply is analyzed. MONOSEK is used for analyzing the packets. MONOSEK is a Network Session Analysis and Network Packet Processing system. Xmas attack is detected in order to prevent OS fingerprinting and to scan web services.