Asset Publisher
Fossilhunt Phase III: Software Development for Network Deception Technologies

Based on NPS’s previous research into robust network measurement, we have identified two of our state-of-the-art techniques that represent a significant opportunity to provide new network reconnaissance abilities.  With additional software research and development, our techniques can enhance operational network security while giving new insights into the behavior of real-world networks.  As in past years, the high-level goals of this project are to advance the state of the art in both network deception, and detection of network deception.  This statement of work seeks to extend, enhance, and test two specific tools of recognized value to the sponsor.  As such, we propose two primary development thrusts:

1) Enhancing the capabilities of our novel high-speed active mapping tool, Yarrp

2) Deployment and testing of our novel scalable network tarpit tool, Greasy

In this continuing effort, we will add new probing capabilities to Yarrp (IPv6, UDP IPv4), utilize new block ciphers to increase its scanning speed, decouple probe transmission from collection, and collaborate with CAIDA to deploy Yarrp in continuous production on a distributed collection of dedicated vantage points.  In parallel, we will validate our recent work on the Greasy network tarpit by deploying it in both IPv4 and IPv6 production environments and performing extensive testing to ensure a production-ready tool.  We anticipate the successful completion of these two efforts to yield significant new defensive capabilities for the sponsor.
Computer Science
Laboratory for Telecommunications Sciences