• The Journal of the Korea Contents Association
• /
• v.10 no.10
• /
• pp.19-25
• /
• 2010

While Snoop improves network performance by using local retransmission in case of packet loss in wireless network, it has security vulnerability to be unable to countermeasure against falsified ACKs attacks. Therefore in this paper, we suggest a modified Snoop with an extra buffer in addition to original Snoop buffer. Even though packets are exhausted in original buffer by falsified ACKs attacks, proposed Snoop can locally retransmit the packets saved in the extra buffer. The simulation by NS-2 shows that proposed Snoop countermeasure efficiently against falsified ACKs attack and builds securer Snoop protocol.

• Convergence Security Journal
• /
• v.7 no.1
• /
• pp.63-75
• /
• 2007

Most of computer systems to be connected to network have been exposed to some network attacks and became to targets of system attack. System managers have established the IDS to prevent the system attacks over network. The previous IDS have decided intrusions detecting the requested connection packets more than critical values in order to detect attacks. This techniques have False Positive possibilities and have difficulties to detect the slow scan increasing the time between sending scan probes and the coordinated scan originating from multiple hosts. We propose the port scan detection rules detecting the RST/ACK flag packets to request some abnormal connections and design the data structures capturing some of packets. This proposed system is decreased a False Positive possibility and can detect the slow scan, because a few data can be maintained for long times. This system can also detect the coordinated scan effectively detecting the RST/ACK flag packets to be occurred the target system.