In September 2009, Nicholas Lemonias published a paper titled "Advanced Network Exploitation Research and Networking Concepts" that he copyrighted to his company Advanced Information Security Online. As a "senior lecturer" at a London College (University of Derby), he should be well aware of proper citation when writing papers. Unfortunately, it does not appear that is the case.
The following table details some portions of the paper that were taken from other sources without attribution, making up a substantial amount of the material. The material on the left is from Lemonias' paper, and the material on the right is the original source with text underlined to highlight the word-for-word nature of the copying. Given the volume of text copied from other sources, while citing or referencing much smaller bits of text from other sources, it appears to show either willful infringement, or complete carelessness in citing original works.
| Lemonias Text | Original Text / Source |
| The Link Layer, sometimes called the 'Data-Link Layer' or otherwise, the 'Network Interface Layer', normally includes the device driver in the operating system and the corresponding 'Network Interface Card' (NIC) in the computer, thus handling the direct hardware and physical interfacing with the cable. | The link layer (sometimes called the network interface layer) normally includes the device driver in the operating system and the corresponding network interface card in the computer. Together they handle all the hardware details of physically interfacing with the cable. - Source: Delivering Voice over IP Networks (2002) |
| TCP and UDP protocols identify applications using 16-bit port numbers. Servers are normally known by their well-known port numbers. Until 1992 the well-known ports were between 1 and 255. Ports between 256 and 1023 were normally used by UNIX systems for UNIX specific services. | We said that TCP and UDP identify applications using 16-bit port numbers. How are these port numbers chosen ? Servers are normally known by their well-known port number. [..] Until 1992 the well-known ports were between 1 and 255. Ports between 256 and 1023 were normally used by Unix systems for Unix-specific services [..] - Source: TCP/IP Illustrated vol 1 (1993) |
| The Internet Protocol (IP) is the main protocol or the workhorse protocol of the TCP/IP suite. All the information encapsulated through the TCP, UDP, ICMP and IGMP data gets transmitted as IP datagrams. Although, IP is an unreliable connectionless datagram delivery of service. | IP is the workhorse protocol of the TCPIIP protocol suite. All TCP, UDP, ICMP, AND IGMP data gets transmitted as IP datagrams. IP provides an unreliable, connectionless datagram delivery system. - Source: Designing a communication hardware architecture based on TCPIIP protocol suit (2000) |
| The term connectionless meaning, that IP does not maintain state of information about successive datagrams (by itself), but it rather follows an algorithm that throws away datagrams and try to send an ICMP message back to the source, for every bad packet | The term connectionless means that IP does not maintain any state information about successive datagrams. When something goes wrong, such as a router temporarily running out of buffers, IP has a simple error handling algorithm: throw away the datagram and try to send an ICMP message back to the source. - Source - TCP/IP Illustrated vol 1 (1993) |
| The Destination Unreachable message is a message which is generated by the host or its firewall or proxy to inform the user that the destination is not reachable. A Destination Unreachable message may be generated as a result of a TCP , UDP or another ICMP transmission. Unreachable TCP ports notably respond with TCP RST rather than a Destination Unreachable code 3 as might be expected. [15 line table] The Next-Hop MTU field (48 bits-63) contains the MTU of the next-hop network if a code 4 error occurs. The additional data (bits 64-95) is included to allow the client to match the reply with the request that caused the destination unreachable reply. | Destination unreachable is generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason. A Destination Unreachable message may be generated as a result of a TCP, UDP or another ICMP transmission. Unreachable TCP ports notably respond with TCP RST rather than a Destination Unreachable type 3 as might be expected. [15 line table verbatim] Next-hop MTU field (bits 48-63) contains the MTU of the next-hop network if a code 4 error occurs. IP header and additional data is included to allow the client to match the reply with the request that caused the destination unreachable reply. - Source: Wikipedia |
| Message Type 4 - Source Quench The Source Quench is an ICMP message which requests the sender to decrease the traffic rate of messages to a router or host. This message may be generated if the router or host does not have sufficient buffer space to process the request, or may occur if the router or host's buffer is approaching its limit. |
The source quench is an ICMP message which requests the sender to decrease the traffic rate of messages to a router or host. This message may be generated if the router or host does not have sufficient buffer space to process the request, or may occur if the router or host's buffer is approaching its limit. - Source: Encyclopedia of Information Technology (2007) |
| Message Type 5 - Redirect [5 line table] The ICMP type 5 contains a redirect message to send data packets on alternative route. ICMP Redirect is a mechanism for routers to convey routing information to hosts. The Redirect Message is an ICMP message which informs a host to redirect its routing information (to send packets on an alternate route). |
Redirect requests data packets be sent on an alternative route. ICMP Redirect is a mechanism for routers to convey routing information to hosts. The message informs a host to update its routing information (to send packets on an alternative route). [5 line table verbatim] - Source: Wikipedia |
| Message Type 11 - Time Exceeded A time exceeded message may also be sent by a host if it fails to reassemble a fragmented datagram within its time limit. Type must be set to 11. The code, which specifies the reason for the time exceeded message, includes the following: [3 line table] |
A time exceeded message may also be sent by a host if it fails to reassemble a fragmented datagram within its time limit.
Type must be set to 11. Code specifies the reason for the time exceeded message, include the following: [3 line table verbatim] - Source: Wikipedia |
| Message Type 14 - Timestamp Reply The Timestamp Reply is an ICMP message which replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp. |
Timestamp Reply replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp. - Source: Wikipedia |
There is another full page of text taken directly from RFCs but he gives attribution. Overall, a significant portion of this paper does not appear to be written by Lemonias.