|
|
|
Date Submitted:
06/18/06
Hits: 60 Rating:  based on 0 votes
Mass-Mailing Worms: Prevention, Detection and Response (A Case Study)Added by Papergrl
Description:
In this paper I describe the approaches to mass-mailing worm prevention, detection, and incident response that I have developed and used on a large university network. The prevention strategy has encompassed user education and awareness, desktop anti-virus policy, and minimally invasive server-based filtering of incoming email, while the approach to worm detection is based on detecting traffic patterns of worm behavior on the network itself, using readily available open source tools, including the argus real time flow monitor and the Perl scripting language. In this paper I present results which demonstrate the efficacy of our strategies for prevention, behavior-based (as opposed to signature-based) detection, and recovery, and I discuss future directions based on lessons learned to date.
Read the Complete Paper You don't have permission to post replies. Please login or register. |