Upload
moe
View
46
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Hot Tools for Analyzing Networks. Laura Chappell Sr. Protocol Analyst, Founder Protocol Analysis Institute [email protected]. Vision…one Net - PowerPoint PPT Presentation
Citation preview
www.novell.com
Hot Tools for Analyzing Networks
Laura Chappell Sr. Protocol Analyst, FounderProtocol Analysis [email protected]
Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries
MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
Tool Types
• Cheap tools
• Cool tools worth paying for
• Basic/Simple v. Advanced/Complex
• These tools can be used to analyze, secure and test your network
Tools to Get• NetScanTools Pro $• Ethereal• Sam Spade• Snort• nMap• Nessus• GRC’s tools• Dsniff et al• Netcat
• Whisker• Firewalk• LC3 (L0phtCrack)• LANGuard$• NetStumbler• Invisible Secrets$• HexWorkshop$• EtherPeek$• Sniffer$
• … and more
NetScanTools Pro
• OS Fingerprinting
• IP-to-MAC mapping
• Port probing
• TCP Term… and more HOT!
Ethereal: Network Analyzer • Win32 version on Laura’s Lab Kit
1. Ethereal: Packet analyzer/decoder tool2. WinPcap: architecture for packet capture
and network analysis for the Win32 platforms• Kernal-level packet filter• Low-level dll (PACKET.DLL)• High-level library (WPCAP.DLL)
Worth the time to install/setup!Get winpcap at netgroup-serv.polito.it/winpcap/
Link: www.ethereal.com
Sam Spade (Multifunction Tool)
• www.samspade.org Traceroute Ping DNS lookups DIG Whois Finger Etc.
Link: www.samspade.org
Snort IDS
• Network Intruder Detection System (NIDS)• Rules-based• Plug-ins available• Sample snort rule
alert tcp $EXTERNAL_NET any -> $HOME_NET 3128 (msg:"INFO - Possible Squid Scan"; flags:S; classtype:attempted-recon; sid:618; rev:1;)
Link: www.snort.org
Where Do You Put Your Pig?
• Off a hub• Off a spanned/mirrored switch port
Client A
Server 1
Switch
HubClient B
1
2
Nmap Tester
• Port scanner UDP TCP (including
Xmas, null scans, etc.)
• OS fingerprinter• Ping sweeper… and more
Link: www.insecure.org/nmap
Nessus Tester• Port scanner• Fingerprinter• Vulnerabilities
tester• Client/server set
Client collects data
Server sends attacks
Server OS: Solaris, FreeBSD, GNU/Linux, etc.—not Windows
Link: www.nessus.org
GRC’s Tools• Shields Up (test
vulnerabilities)• Portscan (check
open ports)• UnPlug ‘n Pray (shut
down PnP function)• IDServe (ID Internet
Servers)• Great reading
Link: www.grc.com
Dsniff, et al. Testers• Passive tools
Dsniff Filesnarf Mailsnarf Msgsnarf Urlsnarf Webspy
• Active attack tools Arpspoof Dnsspoof Macof (fail open/duplicate MACs)
Target:MAC
address table
Link: www.monkey.org/~dugsong/dsniff/
Netcat Connecter• Setup connections
TCP UDP
• Now included in the Red Hat Power Tools collection and comes standard on SuSE Linux, Debian Linux, NetBSD and OpenBSD distributions
Link: www.atstake.com/research/tools/index.html#network_utilities
TCP TCP
Whisker CGI Scanner
• Whisker (by rain.forest.puppy) www.wiretrip.net Checks for CGI directory and CGI Checks for server type and version Can test vulnerabilities in sub-domains Uses URL coding (see next slide) Written in Perl See RFP2K01: “How I hacked PacketStorm”
Link: www.wiretrip.net/rfp/
• Mutant traceroute• Learn gateway access filters
No answer = blocked ICMP TTL answer = open
• Block outgoing ICMP TTL messages
RouterwithACL
Port 21 TTL=2
ICMP: TTL exceeded in
transit
Block all outgoingICMP TTL messages
Link: www.packetfactory.net/Projects/Firewalk/
Discovery Tool
LC3 Password Cracker• Password cracking tool—
excellent
• Uh…er…I mean Password auditing and recovery tool
• Also check out John the Ripper
www.openwall.com/john/
Link: www.atstake.com/research/lc3/
LANGuard Scanner• Bulk vulnerability
scanner NetBIOS scanner SNMP scanner Ping sweeper Port prober
and more
Link: www.gfi.com/languard/
HOT!
NetStumbler Eavesdropper
• Wireless scanner
• “MiniStumbler”
• Yipes
Link: www.netstumbler.com/
HOT!
Invisible Secrets Steganography
• Hide files within files
• Check out www.packet-level.com’s banner• Password = hide• Encryption = blowfish
++ ==
Link: www.neobytesolutions.com/invsecr/
Hex Workshop Decoder• Open files (without
executing them)
• Change file contents
• Base converter
Link: www.bpsoft.com/
EtherPeek Analyzer• One of the best
packet analyzers around
• NX has an expert system and lots of added filtering capabilities
Link: www.wildpackets.com
Sniffer Analyzer
• Another great protocol analyzer
Link: www.sniffer.com
In Summary• Scary, eh?• Learn to use the tools to test your
network• Keep up on the vulnerabilities• Join me on the 2002 US/Canada• roadshow—hands-on courses
Register NOW www.nuihotlabs.org/cybercrimeRegister NOW www.nuihotlabs.org/cybercrime
Laura Chappell’s US/Canada Hands-On Roadshow
• Get hands-on experience with many tools and analysis techniques for analysis and security
Washington, DC April 1-2Chicago April 4-5Seattle April 8-9Atlanta April 15-16Boston May 2-3Dallas May 13-14Houston May 16-17San Jose May 23-24San Francisco June 4-5
Minneapolis June 10-11Phoenix June 24-25San Diego June 27-28Toronto July 8-9Vancouver July 11-12St. Louis July 22-23Los Angeles July 25-26Honolulu July 29-30New York City August 5-6
Hands-OnClasses