Our previous article discusses flow-based SSH compromise detection. A force attack against SSH hosts consists of scan, brute-force and compromise phases that can be detected based on their typical traffic characteristics. For instance, during the SSH brute-force...
Secure Shell (SSH) provides a secure channel over an unsecured network in a client-server model. SSH is typically used to log into a remote machine and execute commands, however, it also supports tunneling, forwarding TCP ports and X11 connections. It can transfer...
The Internet we know nowadays cannot properly operate without using the Domain Name System (DNS). DNS syncs up domain names with IP addresses so humans can use memorable domain names instead of IP addresses. DNS resolver is a machine that takes a domain name...
Simple Network Management Protocol (SNMP) is a well-known standardized application layer protocol, originally developed for network management but mostly used for network monitoring. SNMP is designated to monitor a large number of different objects (object identifiers...
Duplication of NetFlow occurs when the NetFlow records about the same flow are exported multiple times to a NetFlow collector. In turn, the volume of network traffic increases and the bandwidth may be depleted by NetFlow traffic as the same copies of NetFlow records...
