Writing¶
I also publish content in The Startup on Medium at https://dave-dittrich.medium.com/ and on the Honeynet Project blog.
Articles/Editorials/Blog posts¶
Insight into network packet captures, by Dave Dittrich, Level Up Coding (gitconnected), Medium, September 10, 2020
Diving into sandbox-captured malware data, by Dave Dittrich, Level Up Coding (gitconnected), Medium, June 10, 2020
A look at recent updates to three professional ethical codes, by Dave Dittrich, Medium/The Startup, February 24, 2020
Hacking Back #IRL, by Dave Dittrich, Medium, July 30, 2019
- The series 20 Years of DDos on Medium/The Startup (“How I Became the First Person to Describe the Advent of a New Class of Computer Network Attack Tools.”)
The Build Up to Distributed Denial of Service, by Dave Dittrich, The Startup, July 22, 2019
August 5, 1999: Something is happening, but what?, by Dave Dittrich, August 5, 2019
August 17, 1999: The University of Minnesota was kept off-line for three days, and I was kept busy for weeks., by Dave Dittrich, August 17, 2019
Tales from the CRYPT(3): Stories from the early Honeynet Project years, by Dave Dittrich, Medium, July 13, 2019
Misunderstaning Indicators of Compromise, by Dave Dittrich and Katherine Carpenter, Threatpost Op-Ed, April 21, 2016
No, Executing Offensive Actions Against Our Adversaries Really Does Have High Risk (Deal With It), by David Dittrich, Honeynet Project blog, December 10, 2012
FAQ on Kelihos.B/Hlux.B sinkholing, by David Dittrich, Honeynet Project blog, April 1, 2012 (Not a joke)
Thoughts on the Microsoft’s “Operation b71” (Zeus botnet civil legal action), by David Dittrich, Honeynet Project blog, March 28, 2012
Evolution: Rise of the bots, by David Dittrich, Information Security magazine, March, 2005
Invasion Force, by David Dittrich, Information Security Magazine, March 2005
Developing an Effective Incident Cost Analysis Mechanism, by David Dittrich, SecurityFocus (Wayback machine snapshot), June 12, 2002
Fighting the Rising Tide: Predictions for 2001, by David Dittrich, InfoSecMagazine, November 2000
“One Sniff and Your Password Is Stolen”, C&C Windows on Computing, Issue 21 [Original draft: Network “Sniffers” and You]
Papers¶
2015¶
With great power comes great responsibility: Scaling Responses to DDoS and BotNets Effectively and Safely, by David Dittrich, Coordinating Attack Response at Internet Scale (CARIS) Workshop, April 10, 2015
2014¶
An Ethical Examination of the Internet Census 2012 Dataset: A Menlo Report Case Study, by David Dittrich, Katherine Carpenter, and Manish Karir, IEEE Ethics Symposium 2014, May 2014. (Best Paper award runner up)
2013¶
Applying Ethical Principles to Information and Communication Technology Research: A Companion to the Menlo Report, co-lead editors David Dittrich, Erin Kenneally, and Michael Bailey, Department of Homeland Security, October 2013
2012¶
The Ethics of Social Honeypots, by David Dittrich, December 4, 2012. [Available at SSRN: http://ssrn.com/abstract=2184997 This paper was listed on SSRN’s Top Ten download list six times between 12/10/2012 and 1/6/2013 for the following eJournals: Information Systems: Behavioral & Social Methods eJournal; Technology & Ethics (Sub-Topic), eBusiness & eCommerce eJournal; Applied Ethics (Topic) and eBusiness & eCommerce eJournal; Ethics eJournal; and ISN Subject Matter eJournals and Information Systems & eBusiness Network.]
So You Want to Take Over a Botnet…, by David Dittrich, LEET ‘12: Fifth USENIX Workshop on Large-Scale Exploits and Emergent Threats, April 2012. (Slides and paper)
The Menlo Report, by Michael Bailey, David Dittrich, Erin Kenneally, and Douglas Maughan, IEEE Security & Privacy, 10(2):71–75, March/April 2012. (Local copy of IEEE article)
2011¶
The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research, co-lead editors David Dittrich and Erin Kenneally, December 28, 2011
Bridging the Distance: Removing the Technology Buffer and Seeking Consistent Ethical Analysis in Computer Security Research, by Katherine Carpenter and David Dittrich, in 1st International Digital Ethics Symposium, Loyola University Chicago Center for Digital Ethics and Policy, October 28, 2011. [Local copy of Loyola 2011 paper and Loyola 2011 slides]
Creating Realistic Corpora for Security and Forensic Education, by Kam Woods, Christopher Lee, Simson Garfinkel, David Dittrich, Adam Russell, and Kris Kearton, in Proceedings from the Sixth Annual ADFSL Conference on Digital Forensics, Security, and the Law, 2011.
Computer Science Security Research and Human Subjects: Emerging Considerations for Research Ethics Boards, by Elizabeth Buchanan, John Aycock, Scott Dexter, David Dittrich, and Erin Hvidzak, Journal of Empirical Research on Human Research Ethics, 6(2):71-83, June 2011.
Human Subjects, Agents, or Bots: Current Issues in Ethics and Computer Security Research, by John Aycock, Elizabeth Buchanan, Scott Dexter, and David Dittrich, in Workshop on Ethics in Computer Security 2011, St. Lucia, April, 2011 [Local copy of WECSR 2011 paper and slides]
2010¶
Building An Active Computer Security Ethics Community, by David Dittrich, Michael Bailey, and Sven Dietrich, IEEE Security and Privacy, 9(4):32-40, July/August 2011 (pre-publication December 16, 2010)
A Case Study in Ethical Decision Making Regarding Remote Mitigation of Botnets, David Dittrich, Felix Leder and Tillmann Werner, in Workshop on Ethics in Computer Security (WECSR) 2010, Tenerife, Spain, January, 2010 [Local copy of WECSR 2010 paper]
2009¶
The conflicts facing those responding to cyberconflict, David Dittrich, USENIX ;login: vol. 34, no. 6, December 2009, pp. 7-15
Have we Crossed the Line? The Growing Ethical Debate in Modern Computer Security Research, David Dittrich, Michael Bailey, and Sven Dietrich, poster presented at the 16th ACM Conference on Computer and Communication Security, November 2009
Malware to crimeware: How far have they gone, and how do we catch up?, by David Dittrich. This article first appeared in ;login:, the USENIX magazine, vol. 34, no. 4, August 2009 [Local copy of USENIX v34 n4 article]
Visual Analytics in Support of Secure Cyber-Physical Systems, by David Dittrich and Mark P. Haselkorn, DHS Workshop on Future Directions in Cyber-Physical Systems Security, July 2009 [Local copy of DHS CPSS paper and slides]
Towards Community Standards for Ethical Behavior in Computer Security Research, by David Dittrich, Michael Bailey, and Sven Dietrich, Stevens CS Technical Report 2009-1, April 20, 2009 [Local copy and most recent draft release of tech report]
2008¶
- Discovery Techniques for P2P botnets, by David Dittrich and Sven Dietrich, Stevens Institute of Technology Tech Report CS 2008-4, September, 2008 [Local copy of CS 2008-4. Discussed at DIMVA rump session presentation in July 2008 in Paris, and USENIX Security Works-in-Progress presentation in August 2008 in San Jose.]
Animation of the Nugache network with 1205 active bots. This shows the discovery of bots by crawling the active network using the method shown in Algorithm 1. Only those nodes that where active at the time are shown in this animation. The first node visited is left as a blue cube to give a point of reference as the P2P network is discovered. (This animation was created using Ubigraph from a Python script.)
P2P as botnet command and control: a deeper insight, by David Dittrich and Sven Dietrich, in Proceedings of the 2008 3rd International Conference on Malicious and Unwanted Software (Malware), October 2008 (Best Paper award winner) [Local copy of Malware 08 paper]
New Directions in Peer-to-Peer Malware, by Dave Dittrich and Sven Dietrich, IEEE Sarnoff Symposium 2008, April 2008, pp. 1-5 [Local copy of Sarnoff 2008 paper]
On the Development of Computer Network Attack Capabilities, by David Dittrich, work performed for the Committee on Offensive Information Warfare, National Research Council, under agreement D-235-DEPS-2007-001, February 2008
On Developing Tomorrow’s “Cyber Warriors,” by David Dittrich, in Proceedings of the 12th Colloquium for Information Systems Security Education, Dallas, Texas, USA, June 2008 [Local copy of CISSE 2008 paper]
2007¶
Command and control structures in malware: From Handler/Agent to P2P, by Dave Dittrich and Sven Dietrich, USENIX ;login: vol. 32, no. 6, December 2007, pp. 8-17 [Local copy of USENIX v32 n6 Dittrich article]
Analysis of the Storm and Nugache Trojans: P2P is here, Sam Stover, Dave Dittrich, John Hernandez, and Sven Dietrich, USENIX ;login: vol. 32, no. 6, December 2007, pp. 18-27 [Local copy of USENIX v32 n6 Stover article]
2004¶
The Manuka Project, by Barbara Endicott-Popovsky, David Dittrich, Amelia Phillips, Deb Frincke, Jose Chavez, W. Jenks Gibbons, Don Nguyen, Christian Seifert, Amy Shephard, Chris Abate, Shawn Loveland, Proceedings of the 2004 IEEE Workshop on Information Assurance, United States Military Academy, West Point, NY, June 2004 [Local copy of IEEE IA 2004 paper]
Customizing ISOs and the Honeynet Project’s Honeywall, by David Dittrich, IEEE IA Workshop poster session paper, March 22, 2004
2000¶
Analyzing Distributed Denial of Service Tools: The Shaft Case, by Sven Dietrich, Neil Long, and David Dittrich, in Proceedings of USENIX LISA 2000, December 2000 [Dr. Dobb’s Journal audio of the LISA presentation.]
An Analysis of the Shaft Distributed Denial of Service Tool, by Sven Dietrich, Neil Long, and David Dittrich, Information Security Bulletin, Vol 5 Issue 4, Chi Publishing, May 2000
Books/Book Chapters¶
Bridging the Distance: Removing the Technology Buffer and Seeking Consistent Ethical Analysis in Computer Security Research, by Katherine Carpenter and David Dittrich, Chapter 3, Digital Ethics: Research and Practice, edited by Don Heider and Adrienne Massanari, Loyola University Chicago Center for Digital Ethics and Policy, Peter Lang Publishing, Inc., ISBN 978-1-4331-1895-1 (2012)
Hackers, Crackers and Computer Criminals, by David Dittrich and Kenneth Einar Himma, Vol. II, Chapter 80, “Handbook on Information Security,” edited by Hossein Bidgoli, John Wiley and Sons, ISBN 0-471-64833-7 (2005)
Active Response to Computer Intrusions, by David Dittrich and Kenneth Einar Himma, Vol. III, Chapter 182, “Handbook on Information Security,” edited by Hossein Bidgoli, John Wiley and Sons, ISBN 0-471-64833-7 (2005)
“Internet Denial of Service: Attack and Defense Mechanisms,” Jelena Mirkovic, Sven Dietrich, David Dittrich, and Peter Reiher, Prentice-Hall PTR, ISBN 0-13-147573-8 (December 2004)
Chapter 19 (“Omerta”), “The Hacker’s Challenge,” edited by Mike Shiffman, McGraw Hill, ISBN 0072193840 (2001)
Contributor to Advanced Topics and Legal chapters, “Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community (first edition), the Honeynet Project, Addison-Wesley (2000)
White papers¶
Basic Steps in Forensic Analysis of Unix Systems, David Dittrich (Pasos Básicos en Análisis Forense de Sistemas GNU/Linux, Unix, modified, updated and translated to Spanish by Ervin S. Odishoo)
Creating and Managing Distributed Honeynets using Honeywalls, by David Dittrich, February 14, 2004
The Honeywall from 30,000 feet: Honeywall Fundamentals, by George Chamales and David Dittrich, March 21, 2004
Analysis of SSH crc32 compensation attack detector exploit, November 15, 2001
Analysis of the “Power” bot, August 8, 2001
The DoS Project’s “trinoo” distributed denial of service attack tool, October 21, 1999
The “Tribe Flood Network” distributed denial of service attack tool, October 21, 1999
The “stacheldraht” distributed denial of service attack tool, December 31, 1999
The “mstream” distributed denial of service attack tool, May 1, 2000
Estimating the cost of damages due to a security incident (Draft)
“Trojan Horse” attacks (Draft)
Reporting probes/intrusion attempts from an IP address (Draft)
Responding to a security incident on a Unix workstation (Draft)
“Root Kits” and hiding files/directories/processes after a break-in (Draft)
Miscellaneous older stuff¶
Know your Enemy: Know Your Lawyer, by David Dittrich and Alisha Ritter, June 2002 (unpublished draft of a “Know Your Enemy” series paper)
How do I configure SLIP/PPP on a Unix system for use with Dial IP?
How do I rename files using wildcards ala the DOS “REN” command?
Security Administrator’s Tool for Analyzing Networks (SATAN)