Network Intrusion Detection of Third Party Effects v1.0.1 – This paper describes “third party effects,” generally caused by adversaries spoofing your IP addresses while attacking an unrelated victim. The events are explained from the points of view of the three parties: the first party (the adversary), the second (the victim), and you, the third party (the bystander whose IPs were spoofed.) The paper includes packet captures, diagrams, and material not originally presented in the author’s “Interpreting Network Traffic,” such as a comparison of SYN vs ACK floods.
You can download it from the following link: https://packetstormsecurity.com/files/download/24198/nid_3pe_v101.pdf
Source: https://packetstormsecurity.com/files/24198/nid_3pe_v101.pdf.html