[Dshield] DShield List [WAS: Windows Update?]

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Fri Apr 7 16:48:38 GMT 2006

On Thu, 06 Apr 2006 12:11:11 EDT, "Johannes B. Ullrich" said:

> Favorite book for traffic analysis:
> TCP/IP Illustrated, Volume 1 (Stevens)

Stevens is probably the most accessible technical reference to how
it's *supposed* to work.  It covers most of the oddball stuff that
might be seen when things are going properly.

Stevens however wrote the whole book assuming that the reader was
responsible for one end of a connection that both ends wanted to
make work.  It's quite weak on all the corner cases that arise when
the guy at one end is intentionally failing to play by the rules..

Which is why...

> Favorite course:
> http://www.sans.org/sansfire06/description.php?tid=242

What he said.  I took this class when it was a SANS-EDU offering here
last spring - Mike Poor had some good "packets that go bump in the night"
info that even *I* hadn't seen before.

And I've been watching busticated packets go by since 10/8 was the backbone,
not your LAN. ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060407/c66463dd/attachment.bin

More information about the list mailing list