]> An ontology for network attacks A PingFlood packet is an instance of the PacketCollection of type PingFloodType with greater than "threshold" frequency. A ICMPFlood packet is an instance of the PacketCollection of type ICMPFloodType with greater than "threshold" frequency. A TCPFlood packet is an instance of the PacketCollection of type TCPType with greater than "threshold" frequency. A AppFlood packet is an instance of the PacketCollection of type AppFloodType with greater than "threshold" frequency. A Land packet is a TCPPacket with DIP = SIP and DPort = Sport A Teardrop packet is a PacketSequence with multiple packets with same SIP and overlapping, oversized payloads PoDPacket (Ping of Death) are ICMPPackets with ICMPtype of 8 (echo request) and packetLen of 65535 (should really be -ge 65535) One packet type for a possible Ping Flood attack causing buffer overflow 8 65535 A PingScan packet is an instance of the PacketCollection of type PingScanType. NullPacket are TCPPackets with no flags set One packet type for a possible Port Scan attack 0 Mitnick sent SYN request to X-Terminal and received SYN/ACK response. Then he sent RESET response to keep the X-Terminal from being filled up. For our purposes, we will look for multiple TCPPackets to the same destination IP address with the RST flag set.