Listen Too Closely and You May Be Confused

  • Eric Cronin
  • Micah Sherr
  • Matt Blaze
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4631)


Among the most basic simplifying assumptions of modern communications security is the notion that most communication channels should, by their very nature, be considered vulnerable to interception. It has long been considered almost reckless to suggest depending on any supposed intrinsic security properties of the network itself, and especially foolish in complex, decentralized, heterogeneously-controlled networks such as the modern Internet. Orthodox doctrine is that any security must be either end-to-end (as with cryptography), or not considered to exist at all.

While this heuristic well serves cautious confidential communicators, it is unsatisfying from the point of view of the eavesdropper. Paradoxically, while end-to-end security may be a prerequisite to robust confidentiality in most networks, it does not follow that a lack of end-to-end security always makes it possible to eavesdrop.


Intrusion Detection System Computer Crime Network Intrusion Detection Digital Evidence Network Intrusion Detection System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
  3. 3.
    Electronic Crime Scene Investigation: A Guide for First Responders (July 2002),
  4. 4.
    Bellovin, S.M.: Wiretapping the net. The Bridge 20(2), 21–26 (2002)Google Scholar
  5. 5.
    Blaze, M., Bellovin, S.M.: Inside RISKS: Tapping, tapping on my network door. Communications of the ACM 43(10) (December 2000)Google Scholar
  6. 6.
    Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet (2004)Google Scholar
  7. 7.
    Computer Crime and Intellectual Property Section. Criminal Division. United States Department of Justice. Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations (July 2002),
  8. 8.
    Cronin, E., Sherr, M., Blaze, M.: On the reliability of Internet eavesdropping. (submitted for publication, February 2005)Google Scholar
  9. 9.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-Generation Onion Router. In: Proc. of the 13th Usenix Security Symposium, pp. 303–320 (August 2004)Google Scholar
  10. 10.
    Handley, M., Kreibich, C., Paxson, V.: Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In: Proc. of the 10th Usenix Security Symposium (August 2001)Google Scholar
  11. 11.
    Jacobson, V., Leres, C., McCanne, S.: tcpdump.
  12. 12.
  13. 13.
    Paxson, V.: Bro: a system for detecting network intruders in real-time. Computer Networks (Amsterdam, Netherlands: 1999) 31(23–24), 2435–2463 (1999)Google Scholar
  14. 14.
    Ptacek, T., Newsham, T.: Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, Secure Networks, Inc. (1998)Google Scholar
  15. 15.
    Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for web transactions (1998)Google Scholar
  16. 16.
    Rivest, R.: Chaffing and winnowing: Confidentiality without encryption (March 1998),
  17. 17.
    SANS. Intrusion detection FAQ: How does fragroute evade NIDS detection? (2002),
  18. 18.
    Shankar, U., Paxson, V.: Active mapping: Resisting NIDS evasion without altering traffic. In: Proc. of the 2003 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  19. 19.
    The Ethereal Project. Ethereal: A network protocol analyzer.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Eric Cronin
    • 1
  • Micah Sherr
    • 1
  • Matt Blaze
    • 1
  1. 1.Department of Computer and Information Science, University of Pennsylvania 

Personalised recommendations