1 / 27

Hot Tools for Analyzing Networks

Hot Tools for Analyzing Networks. Laura Chappell Sr. Protocol Analyst, Founder Protocol Analysis Institute lchappell@packet-level.com. Vision…one Net

moe
Télécharger la présentation

Hot Tools for Analyzing Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hot Tools for Analyzing Networks Laura Chappell Sr. Protocol Analyst, Founder Protocol Analysis Institute lchappell@packet-level.com

  2. Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

  3. Tool Types • Cheap tools • Cool tools worth paying for • Basic/Simple v. Advanced/Complex • These tools can be used to analyze, secure and test your network

  4. NetScanTools Pro $ Ethereal Sam Spade Snort nMap Nessus GRC’s tools Dsniff et al Netcat Whisker Firewalk LC3 (L0phtCrack) LANGuard$ NetStumbler Invisible Secrets$ HexWorkshop$ EtherPeek$ Sniffer$ … and more Tools to Get

  5. HOT! NetScanTools Pro • OS Fingerprinting • IP-to-MAC mapping • Port probing • TCP Term … and more

  6. Ethereal: Network Analyzer • Win32 version on Laura’s Lab Kit 1. Ethereal: Packet analyzer/decoder tool 2. WinPcap: architecture for packet capture and network analysis for the Win32 platforms • Kernal-level packet filter • Low-level dll (PACKET.DLL) • High-level library (WPCAP.DLL) Worth the time to install/setup! Get winpcap at netgroup-serv.polito.it/winpcap/ Link: www.ethereal.com

  7. Sam Spade (Multifunction Tool) • www.samspade.org • Traceroute • Ping • DNS lookups • DIG • Whois • Finger • Etc. Link: www.samspade.org

  8. Snort IDS • Network Intruder Detection System (NIDS) • Rules-based • Plug-ins available • Sample snort rule alert tcp $EXTERNAL_NET any -> $HOME_NET 3128 (msg:"INFO - Possible Squid Scan"; flags:S; classtype:attempted-recon; sid:618; rev:1;) Link: www.snort.org

  9. Switch Hub 2 Client B Client A 1 Server 1 Where Do You Put Your Pig? • Off a hub • Off a spanned/mirrored switch port

  10. Nmap Tester • Port scanner • UDP • TCP (including Xmas, null scans, etc.) • OS fingerprinter • Ping sweeper … and more Link: www.insecure.org/nmap

  11. Nessus Tester • Port scanner • Fingerprinter • Vulnerabilities tester • Client/server set • Client collects data • Server sends attacks • Server OS: Solaris, FreeBSD, GNU/Linux, etc.—not Windows Link: www.nessus.org

  12. GRC’s Tools • Shields Up (test vulnerabilities) • Portscan (check open ports) • UnPlug ‘n Pray (shut down PnP function) • IDServe (ID Internet Servers) • Great reading Link: www.grc.com

  13. Dsniff, et al. Testers Target: MAC address table • Passive tools • Dsniff • Filesnarf • Mailsnarf • Msgsnarf • Urlsnarf • Webspy • Active attack tools • Arpspoof • Dnsspoof • Macof (fail open/duplicate MACs) Link: www.monkey.org/~dugsong/dsniff/

  14. Netcat Connecter • Setup connections • TCP • UDP • Now included in the Red Hat Power Tools collection and comes standard on SuSE Linux, Debian Linux, NetBSD and OpenBSD distributions TCP TCP Link: www.atstake.com/research/tools/index.html#network_utilities

  15. Whisker CGI Scanner • Whisker (by rain.forest.puppy) • www.wiretrip.net • Checks for CGI directory and CGI • Checks for server type and version • Can test vulnerabilities in sub-domains • Uses URL coding (see next slide) • Written in Perl • See RFP2K01: “How I hacked PacketStorm” Link: www.wiretrip.net/rfp/

  16. Discovery Tool • Mutant traceroute • Learn gateway access filters • No answer = blocked • ICMP TTL answer = open • Block outgoing ICMP TTL messages Block all outgoing ICMP TTL messages ICMP: TTL exceeded in transit Port 21 TTL=2 Router with ACL Link: www.packetfactory.net/Projects/Firewalk/

  17. LC3 Password Cracker • Password cracking tool—excellent • Uh…er…I mean Password auditing and recovery tool • Also check out John the Ripper • www.openwall.com/john/ Link: www.atstake.com/research/lc3/

  18. HOT! LANGuard Scanner • Bulk vulnerability scanner • NetBIOS scanner • SNMP scanner • Ping sweeper • Port prober and more Link: www.gfi.com/languard/

  19. HOT! NetStumbler Eavesdropper • Wireless scanner • “MiniStumbler” • Yipes Link: www.netstumbler.com/

  20. Invisible Secrets Steganography • Hide files within files • Check out www.packet-level.com’s banner • Password = hide • Encryption = blowfish + = + = Link: www.neobytesolutions.com/invsecr/

  21. Hex Workshop Decoder • Open files (without executing them) • Change file contents • Base converter Link: www.bpsoft.com/

  22. EtherPeek Analyzer • One of the best packet analyzers around • NX has an expert system and lots of added filtering capabilities Link: www.wildpackets.com

  23. Sniffer Analyzer • Another great protocol analyzer Link: www.sniffer.com

  24. In Summary • Scary, eh? • Learn to use the tools to test your network • Keep up on the vulnerabilities • Join me on the 2002 US/Canada • roadshow—hands-on courses

  25. Laura Chappell’s US/Canada Hands-On Roadshow • Get hands-on experience with many tools and analysis techniques for analysis and security Washington, DC April 1-2 Chicago April 4-5 Seattle April 8-9 Atlanta April 15-16 Boston May 2-3 Dallas May 13-14 Houston May 16-17 San Jose May 23-24 San Francisco June 4-5 Minneapolis June 10-11 Phoenix June 24-25 San Diego June 27-28 Toronto July 8-9 Vancouver July 11-12 St. Louis July 22-23 Los Angeles July 25-26 Honolulu July 29-30 New York City August 5-6 Hands-On Classes Register NOW www.nuihotlabs.org/cybercrime

More Related