Passive Asset Detection System

Presented at REcon 2005, June 17, 2005, 3:30 p.m. (60 minutes).

Network scanners are a valuable resource in the security practitioner.s toolkit. They are used to actively probe a network in order to generate a snapshot of the current environment. However, they are not without limitations; they can be loud, resource intensive, and the results can be quickly outdated. During this presentation I will discuss how a passive scanner can be used to identify network traffic. Passive Asset Detection System (PADS) was designed to supplement active scanners by combining a network sniffer with a rule-based detection engine similar to a network IDS. It will listen to a network and attempt to provide an up-to-date look at the hosts and services running on the network. The application operates invisibly and will never release a packet into the network.

Presenters:

• Matt Shelton
  Matt Shelton is founder and lead developer for the open source Passive Asset Detection System (PADS) project. His professional interests include intrusion detection (IDS), incident response, and software development. He works as a security engineer for a managed security services provider in the Washington, DC area.

Links:

• https://infocon.org/cons/REcon/REcon 2005/REcon 2005 videos/matt shelton passive asset detection system.mp4

Similar Presentations:

• BSidesDC 2015 / Network Reliability Monitoring for ICS – Going beyond NSM and SIEM
• DEF CON 13 (2005) / A New Hybrid Approach for Infrastructure Discovery, Monitoring and Control
• HushCon East 2018 / Auralizing Network Traffic - A Sound-Based Approach to Network Analysis