Abstract: Discovering nodes of a network is disclosed. A multicast group of the network is sent an Internet Protocol multicast packet that requires a receiver of the packet to provide a response packet. One or more Internet Control Message Protocol replies from one or more nodes that belong to the multicast group are received. A listing of nodes of the network is determined using the one or more received replies.

Abstract: Identifying a behavior of a malware service is disclosed. An interrogation packet is sent to a network communication port of a receiver. The interrogation packet is one of a plurality of predetermined interrogation packets sent to the network communication port. The interrogation packet invites an expected action. The expected action is detected. It is determined that the malware service is potentially is operating.

Abstract: Interdicting an undesired service is disclosed. For example, a malware service is interdicted. The undesired service is identified. A vulnerability of the undesired service is identified from among a hierarchy of vulnerabilities. The undesired service is interdicted according to the vulnerability. For example, a corresponding action of a vulnerability to interdict the undesired service is performed in the order of the hierarchy until the undesired service is interdicted.

Abstract: Discovering nodes of a network is disclosed. A multicast group of the network is sent an Internet Protocol multicast packet that requires a receiver of the packet to provide a response packet. One or more Internet Control Message Protocol replies from one or more nodes that belong to the multicast group are received. A listing of nodes of the network is determined using the one or more received replies.

Abstract: Discovering nodes of a network is disclosed. A multicast group of the network is sent an Internet Protocol version 6 multicast packet that requires a receiver of the packet to provide a response packet. One or more Internet Control Message Protocol version 6 replies from one or more nodes that belong to the multicast group are received. A listing of nodes of the network is determined using the one or more received replies.

Abstract: Identifying a behavior of a malware service is disclosed. An interrogation packet is sent to a network communication port of a receiver. The interrogation packet is one of a plurality of predetermined interrogation packets sent to the network communication port. The interrogation packet invites an expected action. The expected action is detected. It is determined that the malware service is potentially is operating.

Abstract: Identifying a behavior of a service is disclosed. A predetermined interrogation packet that corresponds to a hypothesis is sent to a network communication port of a receiver. The predetermined packet is one of a plurality of predetermined interrogation packets sent to the network communication port. The hypothesis is consistent with a behavior of a corresponding service. The predetermined interrogation packet invites an expected action. The expected action is detected. It is determined that the behavior of the service that corresponds to the hypothesis is operating.

Abstract: Interdicting an undesired service is disclosed. For example, a malware service is interdicted. The undesired service is identified. A vulnerability of the undesired service is identified from among a hierarchy of vulnerabilities. The undesired service is interdicted according to the vulnerability. For example, a corresponding action of a vulnerability to interdict the undesired service is performed in the order of the hierarchy until the undesired service is interdicted.

Abstract: Interdicting an undesired service is disclosed. For example, a malware service is interdicted. The undesired service is identified. A vulnerability of the undesired service is identified from among a hierarchy of vulnerabilities. The undesired service is interdicted according to the vulnerability. For example, a corresponding action of a vulnerability to interdict the undesired service is performed in the order of the hierarchy until the undesired service is interdicted.