NSA-CSEC IP Profiling Analytics-Mission Impacts.pdf
(
2044 KB
)
Pobierz
TOP SECRET
IPProfilingAnalytics
&MissionImpacts
TradecraftDeveloper
CSEC–NetworkAnalysisCentre
May10,2012
TOP SECRET
ExampleIPProfileProblem
Target appears on IP address, wish to understand
network context more fully
Example Quova look-up & response for
Lat. 60.00 Long: -95.00 (in frozen tundra W. of Hudson Bay)
City: unknown
Country: Canada,
Operator: Bell Canada, Sympatico
Issues with IP look-up data:
is it actually revealing, or is it opaque
is the data even current, or is it out-of-date
was the data ever accurate in the first place
2
TOP SECRET
Objectives
Develop new analytics to provide richer contextual
data about a network address
Apply analytics against Tipping & Cueing objectives
Build upon artefact of techniques to develop new
needle-in-a-haystack analytic – contact chaining
across air-gaps
3
TOP SECRET
AnalyticConcept–StartwithTravelNode
Beginwith
single
seedWi-FiIPaddressofintl.airport
AssemblesetofuserIDsseenonnetworkaddress
overtwoweeks
4
TOP SECRET
ProfilingTravelNodes–NextStep
FollowIDsbackwardandforwardinrecenttime
EarlierIPclustersof:
-
localhotels
-
domesticairports
-
localtransportationhubs
-
localinternetcafes
LaterIPclustersof:
-
otherintl.airports
-
domesticairports
-
majorintl.hotels
-
etc.
-etc.
5
Plik z chomika:
rc51
Inne pliki z tego folderu:
Gaza Natural Gas - Why Israel Kills for It.zip
(28398 KB)
WikiLeaks Australian Suppression Order.pdf
(313 KB)
US-NSA Pays Israel $500,000 in 2004.pdf
(152 KB)
US-Estonian Cyber Partnership Agreement.pdf
(121 KB)
US-CERT Backoff Point-of-Sale Malware.pdf
(24 KB)
Inne foldery tego chomika:
- NOWE, 2015-01
- NOWE, 2015-02
- NOWE, 2015-03
- NOWE, 2015-04
- NOWE, 2015-05
Zgłoś jeśli
naruszono regulamin