What Does Tracing Network Attacks Mean?
“Tracing network attacks” can have different meanings, depending on the context in which this term is used. At a minimum, it means discovering the origin of incidents that occur. In most (but not all) cases, this minimally implies finding the IP address, the media access control (MAC) address,[1] or the hostname from which the unauthorized activity originated. At the other extreme, it means determining the identity of the attacker(s).This chapter focuses on determining the origin in terms of address or hostname. Chapter 11,“The Human Side of Incident Response,” focuses on pinpointing the identity of perpetrators.
[1] The media access control address is the physical address of a host. The MAC address is ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
