Skip to Main Content
Network attackers usually launch their attacks behind a long connection chain. One way to stop such attacks is to prevent the attackers from using computers as "stepping-stones" for their attacks. A "Step-Function" method has been proposed to detect the length of a connection chain from a host to the victim machine. The algorithm is based on the changes in packet round trip times. Due to many network protocol issues, it is impossible to match all such packets correctly. We propose two algorithms to match TCP packet in real-time. The first algorithm matched fewer packets but the matching is correct. The second one matches more packets with some uncertainty on the correctness. The two algorithms gave almost identical results in determining the length of a connection chain. The algorithm gives a way to stop stepping-stone intrusion on the Internet in real-time.