remote network analysis
play

Remote Network Analysis - I know what you know - Torsten Hfler - PowerPoint PPT Presentation

Mar 29, 2023 •483 likes •906 views

Remote Network Analysis - I know what you know - Torsten Hfler htor@cs.tu-chemnitz.de Torsten Hfler, 21. November 2004 Remote Network Analysis - p. 1/41 Outline Outline 1. Introduction Introduction 2. Passive Analysis Passive

  1. Remote Network Analysis - I know what you know - Torsten Höfler htor@cs.tu-chemnitz.de Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 1/41

  2. Outline • Outline 1. Introduction Introduction 2. Passive Analysis Passive Analysis Active Analysis 3. Active Analysis Advanced Methods 4. Advanced Scanning Prevention Questions 5. Prevention 6. Questions Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 2/41

  3. Introduction Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 3/41

  4. Motivation • play instinct :o) • Outline • explore a remote network Introduction • Motivation • Typical Targets • find backdoors • Structure of FW Systems • Structure of FW Systems • Possible Attacks • check weaknesses Passive Analysis • prepare an attack Active Analysis Advanced Methods • fool IDS systems Prevention • see which software your bank runs Questions • ... Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 4/41

  5. Typical Targets • Router / Firewalls / Packetfilter • Outline • Intrusion Detection Systems Introduction • Motivation • Typical Targets • Loghosts (to hide traces) • Structure of FW Systems • Structure of FW Systems • Possible Attacks • servers - from the outside accessible Passive Analysis (DMZ?) Active Analysis • Client-Systems / Workstations Advanced Methods Prevention • Hardware-Systems (e.g. Access Points, Questions Routers ...) Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 5/41

  6. Structure of FW Systems easy layout: • Outline Introduction • Motivation • Typical Targets • Structure of FW Systems • Structure of FW Systems • Possible Attacks Passive Analysis Active Analysis Advanced Methods Prevention Questions Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 6/41

  7. Structure of FW Systems more complex layout(s): • Outline Introduction • Motivation • Typical Targets • Structure of FW Systems • Structure of FW Systems • Possible Attacks Passive Analysis Active Analysis Advanced Methods Prevention Questions Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 7/41

  8. Possible Attacks ⇒ attacker (we) located in the Internet • Outline ⇒ attacks performed from outside Introduction • Motivation • Typical Targets • Structure of FW Systems • passive analysis (e.g. sniffing) • Structure of FW Systems • Possible Attacks • noticeable active analysis (e.g. scanning) Passive Analysis Active Analysis • hidden active analysis (e.g. Advanced Methods fingerprinting) Prevention • analysis of topology (e.g. firewalking, Questions tracing) • social engineering Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 8/41

  9. Passive Analysis Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 9/41

  10. Layer 2/3/4 ⇒ different possibilities: • passive fi ngerprinting (without sending anything) • Outline ◦ Layer 4 (versions of used software products) Introduction ◦ Payload Analysis (not widely used, no tools Passive Analysis available) • Layer 2/3/4 ◦ Layer 2/3 (OS’s TCP/IP implementation) • Header-Analysis • Header-Fields ◦ Header-Analysis (widely used, tools available) • Header-Information • Header-Analysis (example) • Header-Analysis (example) • Example • More Examples • Summary Active Analysis Advanced Methods Prevention Questions Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 10/41

  11. Header-Analysis • gives information about deployed • Outline topology: Introduction ◦ TTL: OS usually starts with ”typical” Passive Analysis • Layer 2/3/4 values (255, 128, 64 ...) -> difference • Header-Analysis • Header-Fields • Header-Information equals Hop-Count • Header-Analysis (example) • Header-Analysis (example) ◦ be aware of exceptions (e.g. • Example • More Examples • Summary traceroute)! Active Analysis • offered or used services e.g.: Advanced Methods ◦ analyse source or/and destination port Prevention Questions Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 11/41

  12. Header-Fields • Outline Introduction Passive Analysis • Layer 2/3/4 • Header-Analysis • Header-Fields • Header-Information • Header-Analysis (example) • Header-Analysis (example) • Example • More Examples • Summary Active Analysis Advanced Methods Prevention Questions Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 12/41

  13. Header-Information much information can be gained from the header fi elds: • Outline Field Location Tools? What? Introduction TTL IP x OS + Topology Passive Analysis Fragmentation IP x OS + Topology • Layer 2/3/4 • Header-Analysis • Header-Fields Header Length IP x OS • Header-Information • Header-Analysis (example) TOS IP - OS • Header-Analysis (example) • Example ID IP - OS + Traffi c • More Examples • Summary Source Port TCP - OS + Traffi c Active Analysis Window Size TCP/Opt x OS Advanced Methods Max. Segmentsz. TCP/Opt x OS Prevention ... ... - OS Questions Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 13/41

  14. Header-Analysis (example) SYN/ACK Header from www.ccc.de:80 • Outline Introduction Passive Analysis • Layer 2/3/4 • Header-Analysis • Header-Fields • Header-Information • Header-Analysis (example) • Header-Analysis (example) • Example • More Examples • Summary Active Analysis Advanced Methods Prevention Questions Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 14/41

  15. Header-Analysis (example) SYN/ACK Header from www.microsoft.de:80 • Outline Introduction Passive Analysis • Layer 2/3/4 • Header-Analysis • Header-Fields • Header-Information • Header-Analysis (example) • Header-Analysis (example) • Example • More Examples • Summary Active Analysis Advanced Methods Prevention Questions Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 15/41

  16. Example practical values: • Outline OS TOS DF TTL Window Options Introduction Win2000 0 1 128 65535 tsval=0, SACK Passive Analysis • Layer 2/3/4 • Header-Analysis Win98 0 1 128 8760 SACK • Header-Fields • Header-Information Linux 2.2 0 1 64 32210 tsval > 0, SACK • Header-Analysis (example) • Header-Analysis (example) • Example Linux 2.4 0 1 64 5792 tsval > 0, SACK • More Examples • Summary Linux 2.6 0 1 64 5792 tsval > 0, SACK Active Analysis FreeBSD 4.6 0 1 64 57344 tsval > 0 Advanced Methods FreeBSD 5.0 0 1 64 65535 tsval > 0 Prevention OpenBSD 16 0 64 17520 tsval=0, SACK Questions 2.x ... ... ... ... ... ... Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 16/41

  17. More Examples examples (p0f - SYN/ACK analysis): • www.metro.de - Windows 2000 SP4 • Outline • www.ebay.de - unknown Introduction • www.heise.de - NetApp Data OnTap 6.x Passive Analysis • Layer 2/3/4 • www.microsoft.de:80 - Windows 2000 (SP1+) (fi rewall!) • Header-Analysis • Header-Fields • Header-Information • www.openbsd.org:80 - Solaris 7 (up: 2533 hrs) • Header-Analysis (example) • Header-Analysis (example) • www.freebsd.org:80 - FreeBSD 4.6-4.8 (up: 9 hrs) • Example • More Examples • Summary • www.mcafee.com:80 - Windows 2000 SP4 Active Analysis • www.georgewbush.com:80 - Windows 2000 SP4 Advanced Methods • www.bundeskanzler.de:80 - Linux recent 2.4 (1) (up: Prevention 11405 hrs) Questions • www.nsa.gov:80 - Linux recent 2.4 (1) (up: 5664 hrs) • www.dod.gov:80 - Linux recent 2.4 (up: 2804 hrs) • ... Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 17/41

  18. Summary fi ngerprinting without sending any data • Outline • utilizes imprecise standard defi nitions ... Introduction Passive Analysis • ... or deviations of OSes from standards (RFC) • Layer 2/3/4 • Header-Analysis • Header-Fields • cumulative analysis of different header fi elds • Header-Information • Header-Analysis (example) • Header-Analysis (example) • manually nearly impossible (huge information • Example • More Examples databases) • Summary Active Analysis • ⇒ automated tools (ettercap, siphon, p0f) Advanced Methods • BUT: very slow / imprecise! ⇒ active analysis is Prevention more accurate Questions • new techniques (AI / Fuzzy Match) improve accurancy Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 18/41

  19. Active Analysis Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 19/41

  20. Layer 4 (Application Level) sending packets and analysing the response • ”classical manual banner grabbing” • Outline ◦ e.g. FTP Introduction , HTTP , POP , IMAP , SMTP , SSH, Passive Analysis NNTP , Finger ... Active Analysis • binary analysis • Layer 4 (Application Level) • Layer 2/3 (OS Level) ◦ e.g. /bin/ls from FTP server (which binary • OS Detection Tools Advanced Methods format (ELF , COFF) → OS) Prevention • well known ports Questions ◦ e.g. 80 → HTTP , 22 → SSH, ... • ⇒ easy to prevent/fake ◦ e.g. 222 → SSH (ipcop) • → application fi ngerprinting (sending special requests, evaluate (error) responses) ◦ automated tools: thc-amap, nmap (-sV) Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 20/41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Network Access for Remote Users Dr John S. Graham ULCC j.graham@ulcc.ac.uk Review of

Network Access for Remote Users Dr John S. Graham ULCC j.graham@ulcc.ac.uk Review of

Network Access for Remote Users Dr John S. Graham ULCC j.graham@ulcc.ac.uk Review of Technologies Remote Site Private Leased Lines Kilostream or Megastream Circuits LES ISDN EPS9 ISP Remote User

957 views • 21 slides
Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network

Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network

Week 5 Video 6 Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network Analysis (ENA) (Shaffer, 2017) Studying relationships between elements in coded data Lots of applications Conference founded

536 views • 30 slides
Why actor analysis? Actor and network analysis Bert Enserink Network map of linked Network map

Why actor analysis? Actor and network analysis Bert Enserink Network map of linked Network map

Why actor analysis? Actor and network analysis Bert Enserink Network map of linked Network map of websites sexual relations Actor and Network analysis, WHY? Most problems cannot be solved by a single actor; Quality of analysis and

356 views • 12 slides
Satellite remote sensing for landslide analysis Dr. Sigrid Roessner Helmholtz Center Potsdam GFZ

Satellite remote sensing for landslide analysis Dr. Sigrid Roessner Helmholtz Center Potsdam GFZ

Satellite remote sensing for landslide analysis Dr. Sigrid Roessner Helmholtz Center Potsdam GFZ German Research Centre for Geosciences Department 1 Geodesy and Remote Sensing Section 1.4 Remote Sensing E-mail:

828 views • 57 slides
Introduction to Network Security Chapter 11 Remote Access Security Dr. Doug Jacobson -

Introduction to Network Security Chapter 11 Remote Access Security Dr. Doug Jacobson -

Introduction to Network Security Chapter 11 Remote Access Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Remote Access Telnet Rlogin X-Windows FTP General Countermeasures

1.48k views • 104 slides
Bioinformatics: Network Analysis Comparative Network Analysis COMP 572 (BIOS 572 / BIOE 564) -

Bioinformatics: Network Analysis Comparative Network Analysis COMP 572 (BIOS 572 / BIOE 564) -

Bioinformatics: Network Analysis Comparative Network Analysis COMP 572 (BIOS 572 / BIOE 564) - Fall 2013 Luay Nakhleh, Rice University 1 Biomolecular Network Components 2 Accumulation of Network Components 3 (Statistics downloaded March 18,

1.55k views • 137 slides
Improvised Explosive Device Network Analysis IED NA Overview IED NA utilizes network analysis

Improvised Explosive Device Network Analysis IED NA Overview IED NA utilizes network analysis

Improvised Explosive Device Network Analysis IED NA Overview IED NA utilizes network analysis methods to fill gaps in the understanding and visualization of IED networks Typical network analysis of illicit networks focuses on the human

331 views • 18 slides
Week 5 Video 5 Relationship Mining Network Analysis Todays Class Network Analysis Network

Week 5 Video 5 Relationship Mining Network Analysis Todays Class Network Analysis Network

Week 5 Video 5 Relationship Mining Network Analysis Todays Class Network Analysis Network Analysis Analysis of anything that can be seen as connections between nodes Most common social networks Connections between friends on

900 views • 58 slides
Online Analysis of Remote Sensing Data for Agricultural Applications Athanasios Karmas *

Online Analysis of Remote Sensing Data for Agricultural Applications Athanasios Karmas *

Online Analysis of Remote Sensing Data for Agricultural Applications Athanasios Karmas * Konstantinos Karantzalos Spiros Athanasiou Institute for the Remote Sensing Laboratory Institute for the Management of National Technical University

649 views • 34 slides
An Analysis of An Analysis of Network Configuration Artifacts Network Configuration Artifacts

An Analysis of An Analysis of Network Configuration Artifacts Network Configuration Artifacts

An Analysis of An Analysis of Network Configuration Artifacts Network Configuration Artifacts LISA '09, November 5, 2009 David Plonka & Andres Jaan Tack {plonka,tack}@cs.wisc.edu Motivation and Goals Like software quality, network

406 views • 36 slides
Learning Techniques for Remote Heart Rate Estimation and towards Unbiased Attribute Analysis By

Learning Techniques for Remote Heart Rate Estimation and towards Unbiased Attribute Analysis By

Robust Face Analysis Employing Machine Learning Techniques for Remote Heart Rate Estimation and towards Unbiased Attribute Analysis By Abhijit Das STARS, Inria Sophia Antipolis Mditerrane 30 th January 2019 Contents Brief overview

504 views • 25 slides
Introduction to Network Security Security Chapter 11 Remote Access Security Dr. Doug Jacobson

Introduction to Network Security Security Chapter 11 Remote Access Security Dr. Doug Jacobson

Introduction to Network Security Security Chapter 11 Remote Access Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Remote Access Telnet Rlogin X-Windows X-Windows FTP General

765 views • 52 slides
Introduction Application Layer Transport Layer Network Layer Remote Procedure Calls 2 Basic

Introduction Application Layer Transport Layer Network Layer Remote Procedure Calls 2 Basic

Networking CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy, M. George, Kurose, Ross, E. Sirer, R. Van Renesse] Introduction Application Layer Transport Layer Network Layer Remote Procedure Calls 2 Basic Network Abstraction

1.55k views • 150 slides
Call Semantics Finding Remote Objects Method Call Semantics what does it mean to It

Call Semantics Finding Remote Objects Method Call Semantics what does it mean to It

Network Programming Paradigms Sockets programming: design a protocol CSCE 515: first, then implement clients and servers Computer Network that support the protocol. Programming RMI: Develop an application, then move ------ Remote Method

204 views • 4 slides
Lab 1 - Java RMI RMI Remote Method Invocation Object-oriented RPC (Remote Procedure Call)

Lab 1 - Java RMI RMI Remote Method Invocation Object-oriented RPC (Remote Procedure Call)

Lab 1 - Java RMI RMI Remote Method Invocation Object-oriented RPC (Remote Procedure Call) Allows calling methods of a remote object (over a network) through standard invocation of interface methods Guide

516 views • 18 slides
Introduction Performance deterioration due to latencies of remote operations Most

Introduction Performance deterioration due to latencies of remote operations Most

Analysis of Remote Execution Models for Grid Middleware Andrei Hutanu , Stephan Hirmer, Gabrielle Allen, Andre Merzky Introduction Performance deterioration due to latencies of remote operations Most relevant when two entities have

697 views • 13 slides
Helping Junior Faculty Jumpstart Their Search for Research Funding Lucy Deckard Academic

Helping Junior Faculty Jumpstart Their Search for Research Funding Lucy Deckard Academic

Helping Junior Faculty Jumpstart Their Search for Research Funding Lucy Deckard Academic Research Funding Strategies, LLC 1 Academic Research Funding Strategies, LLC Our goal: To help your institution, faculty and staff to develop the skills

765 views • 17 slides
Audience Participation Firefighters: Bevan Hall 1 2 3 4 5 6 7 End Ill- Health Reviews

Audience Participation Firefighters: Bevan Hall 1 2 3 4 5 6 7 End Ill- Health Reviews

Audience Participation Firefighters: Bevan Hall 1 2 3 4 5 6 7 End Ill- Health Reviews FPS 1992 [Part K] FPS 2006 FPS 2015 Standard and Special Members [Part 9] [Part 5, Chapter 4] Ill Health review In payment for less than In

378 views • 9 slides
Stronger Together: Honoring the Past and Supporting the Future Welcome! Stronger Together:

Stronger Together: Honoring the Past and Supporting the Future Welcome! Stronger Together:

Stronger Together: Honoring the Past and Supporting the Future Welcome! Stronger Together: Honoring the Past and Supporting the Future Held in conjunction with the 9/11 National Day of Service 9/11 Day of Remembrance and

530 views • 28 slides
FLAGLER COUNTY BOARD OF COUNTY COMMISSIONERS Budget Workshop May 29, 2018 1 Todays Goals

FLAGLER COUNTY BOARD OF COUNTY COMMISSIONERS Budget Workshop May 29, 2018 1 Todays Goals

FLAGLER COUNTY BOARD OF COUNTY COMMISSIONERS Budget Workshop May 29, 2018 1 Todays Goals Discuss Must Dos Discuss Need to Dos Present Alternatives on Need to Dos Present Revenue Scenarios and Effects

603 views • 15 slides
Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012

Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012

Advanced network scanning with Nmap 6 Henri Doreau henri.doreau@gmail.com 13 th LSM - Geneva 2012 Project presentation Nmap Scripting Engine Nmap 6 new features Ongoing developments Conclusion Outline Project presentation 1 Introduction

844 views • 35 slides
Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls?

Firewalls Summary Brief History of Firewalls What is a Firewall? Why Firewalls? Network Address Translation Types of Firewalls Linux/Windows Firewalls pfSense Blue Team Activity Brief History Firewall

348 views • 30 slides
Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua

Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua

Fast and Scalable Method for Resolving Anomalies in Firewall Policies Hassan Gobjua Kamal Ahmat Verizon City University of New York Introduction Firewalls Types of Anomalies Related

380 views • 21 slides
A seman(c firewall for Content Centric Networking IFIP/IEEE

A seman(c firewall for Content Centric Networking IFIP/IEEE

A seman(c firewall for Content Centric Networking IFIP/IEEE Integrated Network Management Symposium (IM 2013) - MC2: Security Management and Recovery May 27 - 31, 2013 David Goergen Thibault Cholez Jrme

665 views • 39 slides

More recommend