Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting
|
|
- Eustace Davidson
- 6 years ago
- Views:
Transcription
1 Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting Zain Shamsi,, Daren B.H. Cline, and Dmitri Loguinov Internet Research Lab Department of Computer Science and Engineering Texas A&M University Nov 1, / 28
2 Agenda Introduction OS Fingerprinting Techniques Iterative Classification with Faulds Internet Scan Conclusion 2 / 28
3 Introduction The Internet is exploding with different types of devices (e.g., phones, printers, cyberphysical, medical devices) Builds unique attack vectors for hackers Provides for interesting measurements for researchers One technique used for discovering these devices is OS fingerprinting Determines the OS of a remote host Can fingerprint specific firmware, which can reveal devices such as printers and webcams 3 / 28
4 Introduction OS fingerprinting is used widely in network security Used by attackers as part of their reconnaissance/discovery Used by administrators to survey their networks Used by IDS/IPS to build better protections Used by researchers/market analysts to measure networks Our focus in this work is improving the results of largescale OS fingerprinting We want to extract all the information we can We do not want to increase our measurement footprint 4 / 28
5 Agenda Introduction Background: OS Fingerprinting Iterative Classification Internet Scan Conclusion 5 / 28
6 Background: Fingerprinting Methods For our purposes, we focus on active fingerprinting Active Methods Passive methods (e.g., p0f) require access to existing traffic Active methods send crafted probes to elicit responses Banner Grabbing Multi-probe Single-probe Protocol must be known Defeated by generic software and can be easily scrubbed Nmap Xprobe Clock skew RING Snacktime Noisy, generate complaints Send malformed packets Too slow for millions of targets Packets easily blocked Hershel Hershel+ Our focus 6 / 28
7 Background: Single-Probe Fingerprinting Single-probe techniques use TCP probes and rely on two types of features for classification Network features: Can be modified by network effects User features: Can be modified by the end-user User Features M = MSS, S = SACK, T = Timestamp, W = Window Scale, N = NOP Network Features 7 / 28
8 Background: Network Features Network features are SYN/ACK retransmission timeouts (RTOs) Can be affected drastically by network delays and packet loss SYN SYN-ACK SYN-ACK SYN-ACK SYN-ACK R 1 R 1 R 2 R 1 R 2 R 3 With delays 1 packet lost 2 packets lost 3 packets lost (2.8,6.4,12.1) (9.2, 12.1) (2.8, 18.5) (2.8, 6.4) (6.4, 12.1) (21.3) (6.4) (18.5) (9.2) (12.1) (2.8) empty server client Not just many possibilities, but also drastically different values! 8 / 28
9 Background: User Features User features can typically be modified in OS settings Modification results in arbitrary value fluctuations E.g., Receiver Window more likely to go from 8192 to than to 8193 Treating all features as volatile, an observed sample can have multiple OS matches: 9 / 28
10 Background: Hershel+ Review 10 / 28 Computer Science, Texas A&M University
11 Background: Hershel+ Review 11 / 28 Computer Science, Texas A&M University
12 Background: Hershel+ Review 12 / 28 Computer Science, Texas A&M University
13 Agenda Introduction Background: OS Fingerprinting Iterative Classification Internet Scan Conclusion 13 / 28
14 14 / 28 Computer Science, Texas A&M University Iterative Classification
15 Iterative Classification with Faulds Conditioned on the previous estimates 15 / 28
16 Iterative Classification with Faulds 16 / 28
17 Iterative Classification with Faulds 17 / 28
18 Iterative Classification with Faulds We first focus on simulating different network conditions 18 / 28
19 Iterative Classification with Faulds We now switch to modifications to user features Please see paper for more scenarios 19 / 28
20 Iterative Classification with Faulds Iteration 0 actual estimated seconds Iteration 1 actual estimated seconds Iteration 10 actual estimated seconds Iteration 100 actual estimated seconds 20 / 28
21 Agenda Introduction Background Iterative Classification Internet Scan Conclusion 21 / 28
22 22 / 28 Computer Science, Texas A&M University Internet Scan
23 Internet Scan During classification, Faulds consolidates several signatures by learning how much they are tweaked Top 10 classified OSes: 23 / 28
24 Internet Scan Faulds outputs interesting details about end-user behavior in modifying each device in the database 10 0 Ubuntu (31.4%) 17898(4.0%) 26847(1.1%) WindowSize 28960(61.5%) 24 / 28
25 Internet Scan Faulds outputs interesting details about end-user behavior in modifying each device in the database Mac OSX 25 / 28
26 Internet Scan Faulds outputs interesting details about end-user behavior in modifying each device in the database Dell Printers 26 / 28
27 Internet Scan Faulds found several industrial and enterprise devices reachable from the Internet We also see large numbers of old OSes that are no longer supported still online 27 / 28
28 Conclusion We introduced an iterative EM-based classifier called Faulds to improve single-probe fingerprinting Outperforms previous best classifier Hershel+ Builds much more detailed output without increasing measurement cost Using an Internet scan, we use Faulds to produce world-wide OS measurements with exhaustive results THANK YOU! 28 / 28
SNAP: ROBUST TOOL FOR INTERNET-WIDE OPERATING SYSTEM FINGERPRINTING. A Thesis ANKUR BHARATBHUSHAN NANDWANI
SNAP: ROBUST TOOL FOR INTERNET-WIDE OPERATING SYSTEM FINGERPRINTING A Thesis by ANKUR BHARATBHUSHAN NANDWANI Submitted to the Office of Graduate Studies of Texas A&M University in partial fulfillment of
More informationNetwork Function Property Algorithm. CounterACT Technical Note
Table of Contents About the Network Function Property... 3 Network Function Algorithm Criteria... 4 1. Manual Classification... 4 2. Managed CounterACT Appliance... 4 3. Managed Endpoint... 4 4. Switch
More informationCIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems Scanning CIT 480: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting CIT 480: Securing Computer
More informationIpMorph : Unification of OS fingerprinting defeating or, how to defeat common OSFP tools.
IpMorph : Unification of OS fingerprinting defeating or, how to defeat common OSFP tools. Guillaume PRIGENT Florian VICHOT DIATEAM - Brest 1 Context Reason for creating IpMorph : Hynesim Project: We needed
More informationSinFP3. More Than a Complete Framework for Operating System Fingerprinting v1.0. Patrice
SinFP3 More Than a Complete Framework for Operating System Fingerprinting v1.0 Patrice Auffret @PatriceAuffret @networecon `whoami` Patrice Auffret 10+ years of InfoSec experience www.gomor.org
More informationDemystifying Service Discovery: Implementing an Internet-Wide Scanner
Demystifying Service Discovery: Implementing an Internet-Wide Scanner Derek Leonard Joint work with Dmitri Loguinov Internet Research Lab Department of Computer Science and Engineering Texas A&M University,
More informationTBIT: TCP Behavior Inference Tool
TBIT: TCP Behavior Inference Tool Jitendra Padhye Sally Floyd AT&T Center for Internet Research at ICSI (ACIRI) http://www.aciri.org/tbit/ 1 of 24 Outline of talk Motivation Description of the tool Results
More informationScanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE
UNIT III STUDY GUIDE Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to: 1. Recall the terms port scanning, network scanning, and vulnerability scanning. 2.
More informationTCP TCP/IP: TCP. TCP segment. TCP segment. TCP encapsulation. TCP encapsulation 1/25/2012. Network Security Lecture 6
TCP TCP/IP: TCP Network Security Lecture 6 Based on IP Provides connection-oriented, reliable stream delivery service (handles loss, duplication, transmission errors, reordering) Provides port abstraction
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationTransparent TCP Timestamps draft-scheffenegger-tcpm-timestampnegotiation-03
Transparent TCP Timestamps draft-scheffenegger-tcpm-timestampnegotiation-03 Richard Scheffenegger [rs@netapp.com] Mirja Kühlewind [mirja.kuehlewind@ikr.uni-stuttgart.de] 16. November 2011 82nd IETF, Taipei,
More informationGuide To TCP/IP, Second Edition UDP Header Source Port Number (16 bits) IP HEADER Protocol Field = 17 Destination Port Number (16 bit) 15 16
Guide To TCP/IP, Second Edition Chapter 5 Transport Layer TCP/IP Protocols Objectives Understand the key features and functions of the User Datagram Protocol (UDP) Explain the mechanisms that drive segmentation,
More informationA Robust Classifier for Passive TCP/IP Fingerprinting
A Robust Classifier for Passive TCP/IP Fingerprinting Rob Beverly MIT CSAIL rbeverly@csail.mit.edu April 20, 2004 PAM 2004 Typeset by FoilTEX Outline A Robust Classifier for Passive TCP/IP Fingerprinting
More informationA hacker in a hoodie with leather gloves tapping a glowing blue lock icon on a transparent touchscreen with ones and zeroes raining down in green
A hacker in a hoodie with leather gloves tapping a glowing blue lock icon on a transparent touchscreen with ones and zeroes raining down in green onto a circuit board jason SYSTEMATIC NETWORK SECURITY
More informationOn Assessing the Impact of Ports Scanning on the Target Infrastructure
2018 On Assessing the Impact of Ports Scanning on the Target Infrastructure Dr Mahdi Aiash 4/24/2018 1. Introduction A port scan is a method for determining which ports on a network are open. As ports
More informationTransport layer issues
Transport layer issues Dmitrij Lagutin, dlagutin@cc.hut.fi T-79.5401 Special Course in Mobility Management: Ad hoc networks, 28.3.2007 Contents Issues in designing a transport layer protocol for ad hoc
More informationTECHNICAL NOTE CLEARPASS PROFILING QUICK START GUIDE
TECHNICAL NOTE CLEARPASS PROFILING QUICK START GUIDE REVISION HISTORY Revised By Date Changes Dennis Boas Aug 2016 Version 1 initial release 1344 CROSSMAN AVE SUNNYVALE, CA 94089 1.866.55.ARUBA T: 1.408.227.4500
More informationCheck Point DDoS Protector Introduction
Check Point DDoS Protector Introduction Petr Kadrmas SE Eastern Europe pkadrmas@checkpoint.com Agenda 1 (D)DoS Trends 2 3 4 DDoS Protector Overview Protections in Details Summary 2 (D)DoS Attack Methods
More informationNAVAL POSTGRADUATE SCHOOL THESIS
NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS IPV6 HOST FINGERPRINT by Eleftherios Nerakis September 2006 Thesis Advisor: Co-Advisor Second Reader: Geoffrey Xie John Gibson Chris Eagle Approved
More informationD4.4 Device fingerprinting
SEVENTH FRAMEWORK PROGRAMME Theme SEC-2011.2.5-1 (Cyber attacks against critical infrastructures) D4.4 Device fingerprinting Contract No. FP7-SEC-285477-CRISALIS Workpackage WP 4 - System Discovery Author
More informationNetwork Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics:
Network Forensics: Network OS Fingerprinting Prefix Hijacking Analysis Scott Hand September 30 th, 2011 Outline 1 Network Forensics Introduction OS Fingerprinting 2 Prefix Hijacking Theory BGP Background
More informationOutline Computer Networking. TCP slow start. TCP modeling. TCP details AIMD. Congestion Avoidance. Lecture 18 TCP Performance Peter Steenkiste
Outline 15-441 Computer Networking Lecture 18 TCP Performance Peter Steenkiste Fall 2010 www.cs.cmu.edu/~prs/15-441-f10 TCP congestion avoidance TCP slow start TCP modeling TCP details 2 AIMD Distributed,
More informationBuilding an IPS solution for inline usage during Red Teaming
Building an IPS solution for inline usage during Red Teaming Repurposing defensive technologies for offensive Red Team operations K. Mladenov A. Zismer {kmladenov,azismer}@os3.nl Master Students in System
More informationInvestigations on TCP Behavior during Handoff
Investigations on TCP Behavior during Handoff Thomas Schwabe, Jörg Schüler Technische Universität Dresden Outlook 1. Transport Control Protocol - TCP Overview TCP versions 2. Simulation scenarios Local
More informationAdvanced Network Troubleshooting Using Wireshark (Hands-on)
Advanced Network Troubleshooting Using Wireshark (Hands-on) Description This course is a continuation of the "Basic Network Troubleshooting Using Wireshark" course, and comes to provide the participants
More informationTCP Service Model. Today s Lecture. TCP Support for Reliable Delivery. EE 122:TCP, Connection Setup, Reliability
Today s Lecture How does TCP achieve correct operation? EE 122:TCP, Connection Setup, Reliability Ion Stoica TAs: Junda Liu, DK Moon, David Zats Reliability in the face of IP s best effort service 3-way
More informationfile:///c:/users/hpguo/dropbox/website/teaching/fall 2017/CS4470/H...
1 of 9 11/26/2017, 11:28 AM Homework 3 solutions 1. A window holds bytes 2001 to 5000. The next byte to be sent is 3001. Draw a figure to show the situation of the window after the following two events:
More informationIntroduction to Networking. Operating Systems In Depth XXVII 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.
Introduction to Networking Operating Systems In Depth XXVII 1 Copyright 2017 Thomas W. Doeppner. All rights reserved. Distributed File Systems Operating Systems In Depth XXVII 2 Copyright 2017 Thomas W.
More informationAmbiguity Resolution via Passive OS Fingerprinting
Ambiguity Resolution via Passive OS Fingerprinting Greg Taleck NFR Security, Inc., 5 Choke Cherry Rd, Suite 200, Rockville, MD 20850 taleck@nfr.com http://www.nfr.com/ Abstract. With more widespread use
More informationFast Retransmit. Problem: coarsegrain. timeouts lead to idle periods Fast retransmit: use duplicate ACKs to trigger retransmission
Fast Retransmit Problem: coarsegrain TCP timeouts lead to idle periods Fast retransmit: use duplicate ACKs to trigger retransmission Packet 1 Packet 2 Packet 3 Packet 4 Packet 5 Packet 6 Sender Receiver
More informationDetecting Distributed Denial-of. of-service Attacks by analyzing TCP SYN packets statistically. Yuichi Ohsita Osaka University
Detecting Distributed Denial-of of-service Attacks by analyzing TCP SYN packets statistically Yuichi Ohsita Osaka University Contents What is DDoS How to analyze packet Traffic modeling Method to detect
More informationPractical Training in. IT-Security. Information gathering. - Experiment manual - Tasks. B.Sc. BG 24 M.Sc. AI MN 1 M.Sc. EB 10
IT-Security Practical Training in IT-Security - Experiment manual - Before an attacker can intrude into the system, he must obtain information about this system. He must know, which ports are open, which
More informationSANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.
SANS SEC504 Hacker Tools, Techniques, Exploits and Incident Handling http://killexams.com/exam-detail/sec504 QUESTION: 315 Which of the following techniques can be used to map 'open' or 'pass through'
More information8. TCP Congestion Control
8. TCP Congestion Control 1 TCP Congestion Control Slow-start increase Multiplicative decrease Congestion avoidance Measurement of variation Exponential timer backoff 2002 Yanghee Choi 2 Congestion Control
More informationNetwork Security: Scan
Network Security: Scan Seungwon Shin, KAIST some slides from Dr. Brett Tjaden More about Scan Scan Techniques Network scanning where is a target? which service is available on a target? can I have more
More informationUsing Neural Networks for remote OS Identification
Using Neural Networks for remote OS Identification Javier Burroni - Carlos Sarraute Core Security Technologies PacSec/core05 conference OUTLINE 1. Introduction 2. DCE-RPC Endpoint mapper 3. OS Detection
More informationChange Management: DYNAMIC NETWORK MAPPING. LinuxWorld San Francisco Security Track. Presented by Joshua D. Abraham.
Change Management: DYNAMIC NETWORK MAPPING LinuxWorld San Francisco Security Track Presented by Joshua D. Abraham August 16th 2006 jabra@ccs.neu.edu Northeastern University Agenda How do we scan? What
More informationOverview. TCP & router queuing Computer Networking. TCP details. Workloads. TCP Performance. TCP Performance. Lecture 10 TCP & Routers
Overview 15-441 Computer Networking TCP & router queuing Lecture 10 TCP & Routers TCP details Workloads Lecture 10: 09-30-2002 2 TCP Performance TCP Performance Can TCP saturate a link? Congestion control
More informationClosed book. Closed notes. No electronic device.
414-S17 (Shankar) Exam 3 PRACTICE PROBLEMS Page 1/6 Closed book. Closed notes. No electronic device. 1. Anonymity Sender k-anonymity Receiver k-anonymity Authoritative nameserver Autonomous system BGP
More informationIslamic University of Gaza Faculty of Engineering Department of Computer Engineering ECOM 4021: Networks Discussion. Chapter 5 - Part 2
Islamic University of Gaza Faculty of Engineering Department of Computer Engineering ECOM 4021: Networks Discussion Chapter 5 - Part 2 End to End Protocols Eng. Haneen El-Masry May, 2014 Transport Layer
More informationCSCE 463/612 Networks and Distributed Processing Spring 2017
CSCE 463/612 Networks and Distributed Processing Spring 2017 Transport Layer IV Dmitri Loguinov Texas A&M University March 9, 2017 Original slides copyright 1996-2004 J.F Kurose and K.W. Ross 1 Chapter
More informationInternet Networking recitation #10 TCP New Reno Vs. Reno
recitation #0 TCP New Reno Vs. Reno Spring Semester 200, Dept. of Computer Science, Technion 2 Introduction Packet Loss Management TCP Reno (RFC 258) can manage a loss of at most one packet from a single
More informationINF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi
INF5290 Ethical Hacking Lecture 3: Network reconnaissance, port scanning Universitetet i Oslo Laszlo Erdödi Lecture Overview Identifying hosts in a network Identifying services on a host What are the typical
More informationAdvanced Computer Networking. Please make sure now that you received a complete copy of the exam.
Chair of Network Architectures and Services Department of Informatics Technical University of Munich Note: During the attendance check a sticker containing a unique code will be put on this exam. This
More informationVideo Streaming with the Stream Control Transmission Protocol (SCTP)
Chair for Network Architectures and Services Department of Informatics Technische Universität München Video Streaming with the Stream Control Transmission Protocol (SCTP) Lothar Braun, Andreas Müller Internet
More informationLecture 20 Overview. Last Lecture. This Lecture. Next Lecture. Transport Control Protocol (1) Transport Control Protocol (2) Source: chapters 23, 24
Lecture 20 Overview Last Lecture Transport Control Protocol (1) This Lecture Transport Control Protocol (2) Source: chapters 23, 24 Next Lecture Internet Applications Source: chapter 26 COSC244 & TELE202
More informationMichael Rash DEFCON 12 07/31/2004
Advanced Netfilter: Content Replacement (ala Snort_inline) and Combining Port Knocking with p0f Michael Rash DEFCON 12 07/31/2004 http://www.enterasys.com http://www.cipherdyne.org Introduction Port knocking
More informationTCP and Congestion Control (Day 1) Yoshifumi Nishida Sony Computer Science Labs, Inc. Today's Lecture
TCP and Congestion Control (Day 1) Yoshifumi Nishida nishida@csl.sony.co.jp Sony Computer Science Labs, Inc 1 Today's Lecture Part1: TCP concept Part2: TCP detailed mechanisms Part3: Tools for TCP 2 1
More informationYAF A Case Study in Flow Meter Design
YAF A Case Study in Flow Meter Design presented at FloCon 2008 - Savannah, Georgia Brian Trammell Technical Lead, Engineering CERT Network Situational Awareness YAF Open-source, IPFIX-compliant bidirectional
More informationWhat this talk is about?
On the Current State of Remote Active OS Fingerprinting Tools Ofir Arkin CTO ofir.arkin@insightix.com Defcon 13 1 What this talk is about? This talk examines different aspects of remote active operating
More informationWireshark: Are You Under Attack? Kyle Feuz School of Computing
Wireshark: Are You Under Attack? Kyle Feuz School of Computing Introduction Download Wireshark and capture files https://www.wireshark.org/download.html http://icarus.cs.weber.edu/~kfeuz/downloads/sai
More informationInternet-Wide Port Scanners Some history behind the development of high performance port scanners. Things to consider, and necessary preparations
Internet-Wide Port Scanners Some history behind the development of high performance port scanners. Things to consider, and necessary preparations before using these tools. Internet Vulnerability masscan,
More informationA Classification Of analyzed Detection and Improvement OS Fingerprinting and Various finger stamping scanning ports
A Classification Of analyzed Detection and Improvement OS Fingerprinting and Various finger stamping scanning ports Nitin Tiwari 1 1 Dept. of Information Technology, Swami Vivekananda University, Sagar,
More informationMobile Transport Layer Lesson 10 Timeout Freezing, Selective Retransmission, Transaction Oriented TCP and Explicit Notification Methods
Mobile Transport Layer Lesson 10 Timeout Freezing, Selective Retransmission, Transaction Oriented TCP and Explicit Notification Methods 1 Timeout freezing of transmission (TFT) Used in situations where
More informationNew Tool And Technique For Remote Operating System Fingerprinting Full Paper
New Tool And Technique For Remote Operating System Fingerprinting Full Paper Franck Veysset, Olivier Courtay, Olivier Heen, Intranode Research Team April 2002, v1.1 Abstract Information gathering is an
More informationConfiguring Anomaly Detection
CHAPTER 12 This chapter describes how to create multiple security policies and apply them to individual virtual sensors. It contains the following sections: Understanding Policies, page 12-1 Anomaly Detection
More informationcs/ee 143 Communication Networks
cs/ee 143 Communication Networks Chapter 4 Transport Text: Walrand & Parakh, 2010 Steven Low CMS, EE, Caltech Recap: Internet overview Some basic mechanisms n Packet switching n Addressing n Routing o
More informationTCP/IP Performance ITL
TCP/IP Performance ITL Protocol Overview E-Mail HTTP (WWW) Remote Login File Transfer TCP UDP IP ICMP ARP RARP (Auxiliary Services) Ethernet, X.25, HDLC etc. ATM 4/30/2002 Hans Kruse & Shawn Ostermann,
More informationOverview. TCP congestion control Computer Networking. TCP modern loss recovery. TCP modeling. TCP Congestion Control AIMD
Overview 15-441 Computer Networking Lecture 9 More TCP & Congestion Control TCP congestion control TCP modern loss recovery TCP modeling Lecture 9: 09-25-2002 2 TCP Congestion Control Changes to TCP motivated
More informationSam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF
Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF Who am I? Sam Pickles Senior Engineer for F5 Networks WAF Specialist and general security type Why am I here? We get to see the pointy end of a lot of
More informationCommon Network Attacks
Common Network Attacks David J. Marchette dmarchette@gmail.com Common Network Attacks p.1/96 Outline Some Common Attacks SHADOW EMERALD ADAM Utilities Common Network Attacks p.2/96 Terminology Active.
More informationSun Mgt Bonus Lab 2: Zone and DoS Protection on Palo Alto Networks Firewalls 1
Sun Mgt Bonus Lab 2: Zone and DoS Protection on Palo Alto Networks Firewalls 1 Overview Denial of Service (DoS) and Distributed Denial of Service (DDoS) types of attack are attempts to disrupt network
More informationOn Inferring TCP Behavior
On Inferring TCP Behavior Jitendra Padhye and Sally Floyd AT&T Center for Internet Research at ICSI (ACIRI) padhye@aciri.org, floyd@aciri.org ABSTRACT Most of the traffic in today s Internet is controlled
More informationPractice Labs Ethical Hacker
Practice Labs Ethical Hacker Lab Outline The Ethical Hacker Practice Lab will provide you with the necessary platform to gain hands on skills in security. By completing the lab tasks you will improve your
More informationTurbo King: Framework for Large- Scale Internet Delay Measurements
Turbo King: Framework for Large- Scale Internet Delay Measurements Derek Leonard Joint work with Dmitri Loguinov Internet Research Lab Department of Computer Science Texas A&M University, College Station,
More informationTCP Strategies. Keepalive Timer. implementations do not have it as it is occasionally regarded as controversial. between source and destination
Keepalive Timer! Yet another timer in TCP is the keepalive! This one is not required, and some implementations do not have it as it is occasionally regarded as controversial! When a TCP connection is idle
More informationMPTCP: Design and Deployment. Day 11
MPTCP: Design and Deployment Day 11 Use of Multipath TCP in ios 7 Multipath TCP in ios 7 Primary TCP connection over WiFi Backup TCP connection over cellular data Enables fail-over Improves performance
More informationTransport layer. UDP: User Datagram Protocol [RFC 768] Review principles: Instantiation in the Internet UDP TCP
Transport layer Review principles: Reliable data transfer Flow control Congestion control Instantiation in the Internet UDP TCP 1 UDP: User Datagram Protocol [RFC 768] No frills, bare bones Internet transport
More informationTransport layer. Review principles: Instantiation in the Internet UDP TCP. Reliable data transfer Flow control Congestion control
Transport layer Review principles: Reliable data transfer Flow control Congestion control Instantiation in the Internet UDP TCP 1 UDP: User Datagram Protocol [RFC 768] No frills, bare bones Internet transport
More informationConfiguring IP TCP MSS
Finding Feature Information, page 1 Feature History for IP TCP MSS, page 2 Information About IP TCP MSS, page 2 Licensing Requirements for IP TCP MSS, page 3 Default Settings for IP TCP MSS, page 3 Guidelines
More informationSDMw: Secure Dynamic Middleware for Defeating Port and OS Scanning
Article SDMw: Secure Dynamic Middleware for Defeating Port and OS Scanning Dalal Hanna, Prakash Veeraraghavan * ID and Ben Soh Department of Computer Science and Information Technology, La Trobe University,
More informationCOMP/ELEC 429/556 Introduction to Computer Networks
COMP/ELEC 429/556 Introduction to Computer Networks The TCP Protocol Some slides used with permissions from Edward W. Knightly, T. S. Eugene Ng, Ion Stoica, Hui Zhang T. S. Eugene Ng eugeneng at cs.rice.edu
More informationCamouflaging Servers to Avoid Exploits Morgon Kanter and Stephen Taylor Thayer School of Engineering at Dartmouth College tr11-001
Camouflaging Servers to Avoid Exploits Morgon Kanter and Stephen Taylor Thayer School of Engineering at Dartmouth College tr11-001 Abstract: The goal of this research is to increase attacker workload by
More informationTo see the details of TCP (Transmission Control Protocol). TCP is the main transport layer protocol used in the Internet.
Lab Exercise TCP Objective To see the details of TCP (Transmission Control Protocol). TCP is the main transport layer protocol used in the Internet. The trace file is here: https://kevincurran.org/com320/labs/wireshark/trace-tcp.pcap
More informationConfiguring Anomaly Detection
CHAPTER 9 Caution Anomaly detection assumes it gets traffic from both directions. If the sensor is configured to see only one direction of traffic, you should turn off anomaly detection. Otherwise, when
More informationinside: THE MAGAZINE OF USENIX & SAGE April 2002 Volume 27 Number 2 SECURITY A Remote Active OS Fingerprinting Tool Using ICMP BY OFIR ARKIN
THE MAGAZINE OF USENIX & SAGE April 2002 Volume 27 Number 2 inside: SECURITY A Remote Active OS Fingerprinting Tool Using ICMP BY OFIR ARKIN & The Advanced Computing Systems Association & The System Administrators
More informationBU-2 How Protocols Work 16 June 2009
BU-2 How Protocols Work 16 June 2009 Ray Tompkins Founder & CEO SHARKFEST '09 Stanford University June 15-18, 2009 How Protocols Work Presentation Overview The Challenge Understanding How Protocols Work
More informationConfiguring Anomaly Detection
CHAPTER 9 This chapter describes anomaly detection and its features and how to configure them. It contains the following topics: Understanding Security Policies, page 9-2 Understanding Anomaly Detection,
More informationProtocol Overview. TCP/IP Performance. Connection Types in TCP/IP. Resource Management. Router Queues. Control Mechanisms ITL
Protocol Overview TCP/IP Performance E-Mail HTTP (WWW) Remote Login File Transfer TCP UDP ITL IP ICMP ARP RARP (Auxiliary Services) ATM Ethernet, X.25, HDLC etc. 2/13/06 Hans Kruse & Shawn Ostermann, Ohio
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationCS 356: Introduction to Computer Networks. Lecture 16: Transmission Control Protocol (TCP) Chap. 5.2, 6.3. Xiaowei Yang
CS 356: Introduction to Computer Networks Lecture 16: Transmission Control Protocol (TCP) Chap. 5.2, 6.3 Xiaowei Yang xwy@cs.duke.edu Overview TCP Connection management Flow control When to transmit a
More informationOutline 9.2. TCP for 2.5G/3G wireless
Transport layer 9.1 Outline Motivation, TCP-mechanisms Classical approaches (Indirect TCP, Snooping TCP, Mobile TCP) PEPs in general Additional optimizations (Fast retransmit/recovery, Transmission freezing,
More informationHands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last revised 10-4-17 KonBoot Get into any account without the password Works on Windows and Linux No longer free Link Ch 5r From the
More informationHands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last revised 1-11-17 KonBoot Get into any account without the password Works on Windows and Linux No longer free Link Ch 5r From the
More informationECE 435 Network Engineering Lecture 10
ECE 435 Network Engineering Lecture 10 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 28 September 2017 Announcements HW#4 was due HW#5 will be posted. midterm/fall break You
More informationForescout. Engine. Configuration Guide. Version 1.3
Forescout Core Extensions Module: Device Classification Engine Version 1.3 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/
More informationTransport Layer. -UDP (User Datagram Protocol) -TCP (Transport Control Protocol)
Transport Layer -UDP (User Datagram Protocol) -TCP (Transport Control Protocol) 1 Transport Services The transport layer has the duty to set up logical connections between two applications running on remote
More informationService Cloaking and Anonymous Access; Combining Tor with Single Packet Authorization (SPA)
Service Cloaking and Anonymous Access; Combining Tor with Single Packet Authorization (SPA) Michael Rash CTO, Solirix Inc. michael.rash@solirix.com http://www.cipherdyne.org/ DEF CON 08/05/2006 Agenda
More informationCSE 473 Introduction to Computer Networks. Final Exam. Your name here: 12/17/2012
CSE 473 Introduction to Computer Networks Jon Turner Final Exam Your name here: 12/17/2012 1. (8 points). The figure below shows a network path connecting a server to a client. 200 km 2000 km 2 km X Y
More informationTransport Protocols and TCP: Review
Transport Protocols and TCP: Review CSE 6590 Fall 2010 Department of Computer Science & Engineering York University 1 19 September 2010 1 Connection Establishment and Termination 2 2 1 Connection Establishment
More informationTiming Attacks Made Practical
Timing Attacks Made Practical Timothy D. Morgan Blindspot Security Jason W. Morgan Ohio State Timothy D. Morgan Founder & Chief Pwner Blindspot Security Jason W. Morgan, Ph.D. Post-Doctoral Researcher
More informationConfiguring Flood Protection
Configuring Flood Protection NOTE: Control Plane flood protection is located on the Firewall Settings > Advanced Settings page. TIP: You must click Accept to activate any settings you select. The Firewall
More informationModule 19 : Threats in Network What makes a Network Vulnerable?
Module 19 : Threats in Network What makes a Network Vulnerable? Sharing Unknown path Many points of attack What makes a network vulnerable? Unknown perimeter Anonymity Complexity of system Categories of
More informationCovert channels in TCP/IP: attack and defence
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/{sjm217,
More informationMeasuring the Evolution of Transport Protocols in the Internet
Measuring the Evolution of Transport Protocols in the Internet Alberto Medina BBN Technologies amedina@bbn.com Mark Allman, Sally Floyd ICSI Center for Internet Research {mallman,floyd}@icir.org To appear
More informationIdentifying Operating System Using Flow-based Traffic Fingerprinting
Identifying Operating System Using Flow-based Traffic Fingerprinting Tomáš Jirsík, Pavel Čeleda {jirsik celeda}@ics.muni.cz Institute of Computer Science, Masaryk University EUNICE 2014 September, 1. 5.,
More informationLab 8: Introduction to Pen Testing (HPING)
Lab 8: Introduction to Pen Testing (HPING) Aim: To provide a foundation in understanding of email with a focus on hping to provide security assessments and in understanding the trails of evidence produced.
More informationCSE 4215/5431: Mobile Communications Winter Suprakash Datta
CSE 4215/5431: Mobile Communications Winter 2013 Suprakash Datta datta@cse.yorku.ca Office: CSEB 3043 Phone: 416-736-2100 ext 77875 Course page: http://www.cse.yorku.ca/course/4215 Some slides are adapted
More informationNetwork Protocols. Transmission Control Protocol (TCP) TDC375 Autumn 2009/10 John Kristoff DePaul University 1
Network Protocols Transmission Control Protocol (TCP) TDC375 Autumn 2009/10 John Kristoff DePaul University 1 IP review IP provides just enough connected ness Global addressing Hop by hop routing IP over
More informationECE 435 Network Engineering Lecture 9
ECE 435 Network Engineering Lecture 9 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 2 October 2018 Announcements HW#4 was posted, due Thursday 1 HW#3 Review md5sum/encryption,
More information