Detecting bad TCP sessions

Posted in Information Security, My Ideas, Uncategorized - 12 June 2008 - No comment

Here’s an idea:

Why not develop a feature into personal firewalls that tracks active tcp sessions (via netstat) but with some intelligence. The idea behind intelligence is to not spam the poor user every single time an application wants to talk on the NIC. How would that work?

Well, it could associate keystrokes / clicks with network events. If there is a new tcp session established or new listening local port, challenge the user with the application name associated with said session or listening port.

It sounds so simple it just might work. Do you see any false-positive scenarios?

Related posts:

  1. Writing a DNS sniffer Programming project: construct a program that can listen to perimeter...
  2. Network Scanning with nmap Shopping List Before we start, make sure you have the...
  3. Thousands of Sacrificial Lambs Problem: So you say ‘hackers’ are constantly knocking on the...
  4. Computer Security At Hotels When was the last time you visited a hotel, plugged...
Tags: , , , ,

Comments are closed.