• International Journal of 

     Soft Computing and Software Engineering [JSCSE]

    ISSN:  2251-7545

    Prefix DOI  :  10.7321/jscse

    URL: http://JSCSE.com

     

    A Peer-Reviewed Journal 


      JSCSE
     
  •  The International Journal of 

    Soft Computing and Software Engineering [JSCSE]

   
 

Publication Year: [ 2011 ] [ 2012 ] [ 2013 ] [ 2014 ] [ 2015 ] [ 2016 ] [ 2017 ]


Advance Search    
Table of Contents [Vol. 4, No.4, Apr]




S. Yamini and D. Maheswari
Doi : 10.7321/jscse.v4.n4.1
Page : 68 - 77
Show Summary
Abstract . Port knocking is a technique by which only a single packet or special sequence will permit the firewall to open a port on a machine where all ports are closed by default. It is an unresisting authorization technique which offers firewall-level authentication to ensure authorized access to possibly unprotected network services. This method is liable to attacks when attackers detect the network. This paper suggests a new method which is called “Enhanced Port Tunneling & Device Tracking (EPT & DT)” to banish both DOS-Knocking and NAT- Knocking attacks. The source IP address where an annoyed activity had originated is of limited value because it does not specify a physical locality, besides an endpoint in a network for the exclusive conviction of routing. Furthermore, people and their devices move across the network, changing IP address as significance. It is proficient to have some hints about where a device was at the time the offending action was accomplished. Nevertheless, it would be prudent to connect different pieces of evidence to ascertain additional information, such as IP addresses worn by the corresponding device. Devices constantly accessing a private network, at different times, can be outlined by analyzing and associating Network and Port Address Translation (NAPT) logs, in order to acclaim recurring activity patterns. It is feasible to recognize some of the users from their traffic abnormalities without considering the exposed IP addresses. Experiments were conducted on NAPT logs accumulated in a campus network, with DHCP data providing control points for validation. The main purpose of using NAPT logs is for device tracking.
Keyword : Port knocking, Network Address Translation ; Tunneling, Port security, DOS knocking attacks ; Log analysis, Device tracking, tracing