David Whyte
Networks are constantly bombarded by backscatter packets, incessant probes from auto rooters, malware infected systems (e.g. worms), and Internet cartographers. It can be argued that given the volume of nonproductive network traffic on the Internet, a network operator would be better served focusing on ensuring the latest patches have been installed rather than wasting their time engaging in quixotic endeavors such as network scan detection.
In this talk, I will briefly discuss my latest progress on the development of darkport scanning detection technique. Specifically, I will discuss how the network-centric knowledge gained by the darkport technique allows for precise, faster, and finer-grained detection of scanning activity that directly threatens publicly available network services. I will argue that network scanning detection should be an essential part of any network operator's "virtual IT security toolbox".