Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

IP addresses

Patient s Web site URL, computer IP address, and/or e-mail address... [Pg.512]

Then traceroute sends datagram with TTL=2 that allows determine an IP-address of the next router ... [Pg.195]

It should be noted that the IP-address of attack source, and the coordinates of the attacked port can be detected by the user applying the standard operating system Unix or the Windows utilities, the net stat, the sock list for example or any IDS. [Pg.199]

Fadia A, and P. Ankit, Getting geographical Information using an IP Address, New York Association for Computing Machinery, 2000. [Pg.208]

Figure 10 shows behavior that is consistent with that of a mail server. Note that SMTP and DNS activities occur at similar levels. This is consistent with the mail transmission process in which the host portion of the address must be converted to an IP address before the mail can be sent. [Pg.219]

It is worth noting that, according to these definitions, we consider that we have two distinct Sources of attacks when a given attacking IP address is observed twice on the same Environment with more than 24 hours between the two observations. The reason for this doing is experimental. We have found out that it was extremely rare, not to say impossible, to see Large... [Pg.236]

Session lasting more than a couple of seconds. It is also extremely rare to observe the same IP address in multiple days. Last but not least, we do know that most of the attacks come from personal PCs which, usually, use temporary addresses [15], [16]. For all these reasons, it is quite likely that the same IP address observed in two different days is not linked to a single physical machine. Therefore, it makes sense to separate, in the database, the activities of the first from the activities of the second one by giving them distinct Source identifiers. [Pg.237]

Sourcejd is equivalent to the expected double key IP Address,DateJd). For the Large Session table, the primary key Large Session Jd is equivalent to the expected double key Source Jd,Environment Jd). Finally, similarly to the two last cases, the primary key Tiny Session Id from table Tiny Session is equivalent to the expected key pair Sourcejd, Hostjd). Some redundancies have also been introduced on purpose as an illustration, the... [Pg.238]

What is the percentage of IP addresses observed during more than one day ... [Pg.240]

The answer to the third question tells us if some IP addresses have been observed on multiple platforms the very same day. This is given by the following query ... [Pg.241]

The fourth question goes one step further than the previous one by looking at the percentage of IP addresses that have been observed on two different days. In other words, how many IP addresses are found under more than one Source identifier This number can be found by dividing the result of this query ... [Pg.241]

SELECT count(distinct(IP Address)) FROM Source... [Pg.241]

The result is around 91%. This simply means that it is unlikely to observe the same attacking IP address twice on the same platform. The last two questions highlight the fact that, first, attacks are issued from a very large pool of IP addresses and, second, that it might not be worth the effort of implementing the notion of blacklists [25] since, apparently, a few of them are observed more than once. [Pg.242]

The Backscatter identification is quite straightforward. Indeed, backscatter packets are responses to connections requests issued by spoofed IP addresses, typically in the case of a Denial of Service attack against a third party. If our addresses are used (spoofed) in the course of this attack, we will see the responses of the victim sent to us without us having talked to him first. These attacks have been very well-analyzed by Moore et al. in [43], [44], Figure 9 summarizes the various types of responses (column response from victim ) that can be sent against our honeypots. These packets hit a large variety of ports that are traditionally unused, such as 27374 (TCP RST), 11224 (TCP SYN ACK), 9026 (RST ACK), etc. [Pg.253]

GeoBytes IP Address Locator Tool, home page http //www.geobytes.com/IPLocator. htm... [Pg.258]

Data enrichment is presented at the lower left comer of Figure 1. Data enrichment occurs when heterogeneous contextual information is entered in the event database. The same object can be represented by heterogeneous information depending on the data source. For example, the Windows NT event log can give us a host name, the network intrusion detection system a host IP address, and the wireless access point a MAC address, this for the same machine. The data enrichment functions attempt to complete and reconcile heterogeneous information entered in the database. [Pg.354]

Logs represent host by three different keys, a host name, a host IP address, and a host MAC address. The name is either fully qualified or a simple machine name, depending on the information source. This type of information is often provided by host-based information sources, or by devices configured to do on-the-fly reverse DNS mapping. An IP address is often provided by network-based IDS sensors and other network equipments. Finally, MAC addresses are provided by low-level networking devices such as wireless access points and switches, when specific network or wireless attacks are detected. All three keys are frequently found in event logs. [Pg.359]

The enrichment process (update hosts) attempt among other things to complete the key information associated with a host in the database. If a host is identified by an IP address, then a reverse DNS lookup is attempted to obtain the host name. If a host is identified by a host name, a DNS lookup is also attempted. Both operations are costly and would result in undue delays upon insertion of a new host, hence the choice of off-loading the loader and pushing such task to a background process. [Pg.359]

The dynamic host configuration protocol (DHCP (Droms, 1997)) allows the same machine to have multiple IP addresses over time. Moreover, host name information is sometimes generic as well, reusing for example the two last bytes of the IP address. When this is the case, our application is not able to uniquely identify a machine. [Pg.360]

In the case of VPN-connected laptops (which is also used for wireless connections), the IP address of the laptop resolves to the IP address of the VPN concentrator. Therefore, it is impossible to retrieve the physical location of the infected machine and the connection is terminated. [Pg.361]

A number of issues remain related to the reliability of host information. We are currently investigating the possible use of traceroute to more precisely locate hosts within a geographic area. We are also looking into the capture of DHCP messages or logs, which would provide a temporal view of the evolution of IP addresses. [Pg.364]

KDD database consists of 4940210 records where every record describes one TCP/IP connection. Only 20% of records represent normal connections. A connection is by a sequence of TCP packets during a duration whose starting time and ending time are both well defined, and data flow during this duration from a source IP address to a target IP address under some well defined protocol. Each connection is labeled as either normal or attack. In the latter case, the connection should be with exactly one specific attack type. [Pg.370]

The IP address is generally associated with fully qualified domain name which users recognize and use. The name of a computer can then be < computer >. domain... [Pg.41]

As discussed earlier, the future of journals is clearly electronic. However, there are many reasons why journal articles are problematic in comparison to other documents such as web pages and databases. First, most chemistry journals (with the notable exception of Chemistry Central Journal, www.journal.chemistrycentral. com) are not open access, and thus the content of articles is restricted by the publishers. Although most universities and large organizations have institutional subscriptions to the popular journals, access usually requires validation on computer IP addresses or the use of private login credentials. Thus, automated access to this information by a computer is difficult. Further, it is unclear whether the terms under which journal articles are made available permit automated processing of the content... [Pg.179]

Computer The computer was disconnected from the network and the IT department was informed that the socket (IP address) could be reallocated if required. The hard drive of the Macintosh was reformatted before the computer was removed from site to ensure that no confidential data remained. [Pg.508]

Computers on the Internet are identified through IP addresses. IP addresses of the sending and receiving computers together with some other information are included in a header created for each packet. This is the reason why all packets from one data file find their way to the same computer... [Pg.900]

C. The Domain Name System (DNS) is used to resolve Internet host names or domain names to IP addresses. See Chapter 18 for more information. [Pg.2]

See other pages where IP addresses is mentioned: [Pg.309]    [Pg.264]    [Pg.269]    [Pg.199]    [Pg.199]    [Pg.201]    [Pg.213]    [Pg.222]    [Pg.225]    [Pg.226]    [Pg.236]    [Pg.242]    [Pg.248]    [Pg.248]    [Pg.359]    [Pg.361]    [Pg.361]    [Pg.539]    [Pg.165]    [Pg.48]    [Pg.269]    [Pg.513]    [Pg.745]   
See also in sourсe #XX -- [ Pg.43 ]



SEARCH



Address

Addressable

Addressing

© 2024 chempedia.info