Binary Analysis for Botnet Reverse Engineering & Defense. Dawn Song UC Berkeley
|
|
- Daniela Hubbard
- 5 years ago
- Views:
Transcription
1 Binary Analysis for Botnet Reverse Engineering & Defense Dawn Song UC Berkeley
2 Plans Building on BitBlaze to develop new techniques Automatic Reverse Engineering of C&C protocols of botnets Automatic rewriting of botnet traffic to facilitate botnet infiltration Vulnerability discovery of botnet
3 Preliminary Work Dispatcher: Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering Binary code extraction and interface identification for botnet traffic rewriting Botnet analysis for vulnerability discovery
4 Dispatcher: Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering Juan Caballero Pongsin Poosankam Christian Kreibich Dawn Song
5 Automatic Protocol Reverse- Engineering Process of extracting the application-level protocol used by a program, without the specification Automatic process Many undocumented protocols (C&C, Skype, Yahoo) Encompasses extracting: 1. the Protocol Grammar 2. the Protocol State Machine Message format extraction is prerequisite
6 Challenges for Active Botnet Infiltration Goal: Rewrite C&C messages on either 1. dialog Understand side both sides of C&C protocol Message structure Field semantics 2. Access to one side of dialog only 3. Handle encryption/obfuscation
7 Technical Contributions 1. Buffer deconstruction, a technique to extract the format of sent messages Ø Earlier work only handles received messages 2. Field semantics inference techniques, for messages sent and received 3. Designing and developing Dispatcher 4. Extending a technique to handle
8 Message Format Extraction Extract format of a single message Required by Grammar and State GET / Machine extraction HTTP/1.1 HTTP/ OK [Polygl ot] [Dispatc her]
9 Message Field Tree HTTP/ OK\r\n\r\n Status Line [0:16] MSG [0:18] Delimiter [17:18] Field Range: [3:3] Field Boundary: Fixed Field Semantics: Delimiter Field Keywords: <none> Target: Version Version [0:7] Delimiter [8:8] Status Code [9:11] Delimiter [12:12] Reason [13:14] Delimiter [15:16] Message format extraction has 2 steps: 1. Extract tree structure
10 Sent vs. Received Both protocol directions from single binary Different problems Taint information harder to leverage Focus on how message is constructed, not processed Different techniques needed: Tree structure Buffer Deconstruction
11 Outline Introduction Problem Techniques Buffer Deconstruction Field Semantics Inference Handling encryption Evaluation
12 Intuition Buffer Deconstruction Programs keep fields in separate memory buffers Combine those buffers to construct sent message Output buffer Holds message when send function invoked Or holds unencrypted message before
13 Buffer Deconstruction HTTP/ OK\r\n\r\n C(8) D(1 ) E( 3) A(17) F(1 ) Output Buffer (19) G(2 ) B(2) H(2 ) Message field tree = inverse of output buffer structure Output is structure of message field tree No field attributes, except range MSG [0:18] Status Line Delimit [0:16 [17:18] er ] [0:7 ] Versio [8:8 ] Delimit [9:11 ] [12:12 ] Delimit [13:14 ] Reaso n er er n Statu s Code [15:16 ] Delimit er
14 Field Attributes Inference Attributes capture extra information E.g., inter-field relationships Techniques identify Keywords Length fields Delimiters Variable-length field Arrays Attribute Field Range Field Boundary Field Semantics Field Keywords Value [StartOffset : EndOffset] Fixed, Length, Delimiter IP address, Timestamp, <list of keyworkds in field>
15 Field Semantics A field attribute in the message field tree Captures the type of data in the field Field Semantics Cookies Error codes File data File information Filenames Hash / Checksum Hostnames Keyboard input Keywords Length Padding Ports Registry data Sleep timers Host information Stored data IP addresses Timestamps Programs contain much semantic info leverage it! Semantics in welldefined functions and instructions Prototype Similar to type inference Differs for received and sent messages
16 Field Semantic Inference File GET /index.html path HTTP/1.1 HTTP/ OK Content-Length: 25 File length <html>hello world! </html> OU IN OU Tint stat(const char*path, Tstruct stat *buf); stat( index.html, &file_info); struct stat { off_t st_size; /* total size in bytes */ }
17 Detecting Encoding Functions Encoding functions = (de)compression, (de)(en)cryption, (de)obfuscation High ratio of arithmetic & bitwise instructions Use read/write set to identify buffers Work-in-progress on extracting and reusing encoding functions
18 MegaD C&C protocol C&C on tcp/443 using proprietary encryption Use Dispatcher s output to generate grammar 15 different messages seen (7 recv, 8 sent) 11 field semantics type MegaD_Messa ge = record { msg_len : uint16; encrypted_pay load:
19 MegaD Dialog C&C Server Test SMT P SMTP Test Server Cmd? Failed EHL O
20 MegaD Rewriting Test SMT P Get Template C&C Server SMTP Test Server Template Server Cmd? Success Failed EHL O Template? Gramma r
21 Summary Buffer deconstruction, a technique to extract the format of sent messages Field semantics inference techniques, for messages sent and received Designed and developed Dispatcher Extended technique to handle encryption Rewrote MegaD dialog using information extracted by Dispatcher
Binary Code Extraction and Interface Identification for Security Applications
Binary Code Extraction and Interface Identification for Security Applications Juan Caballero Noah M. Johnson Stephen McCamant Dawn Song Electrical Engineering and Computer Sciences University of California
More informationUncovering SAP vulnerabilities: Reversing and breaking the Diag protocol
Uncovering SAP vulnerabilities: Reversing and breaking the Diag protocol Martin Gallo Core Security Defcon 20 July 2012 P A G E Agenda Introduction Motivation and related work SAP Netweaver architecture
More informationPolyglot: Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis
Carnegie Mellon University Research Showcase @ CMU Department of Electrical and Computer Engineering Carnegie Institute of Technology 2007 Polyglot: Automatic Extraction of Protocol Message Format using
More informationPolyglot: Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis
Polyglot: Automatic Extraction of Protocol Message Format using Dynamic Binary Analysis Juan Caballero, Heng Yin, Zhenkai Liang, Dawn Song Carnegie Mellon University College of William and Mary UC Berkeley
More informationAutomated Extraction of Network Protocol Specifications
Automated Extraction of Network Protocol Specifications ARO MURI on Cyber Situation Awareness Kick Off Meeting Christopher Kruegel Computer Security Group, Motivation Stateful protocol specifications are
More informationDEPLOYMENT GUIDE. Deploying F5 for High Availability and Scalability of Microsoft Dynamics 4.0
DEPLOYMENT GUIDE Deploying F5 for High Availability and Scalability of Microsoft Dynamics 4.0 Introducing the F5 and Microsoft Dynamics CRM configuration Microsoft Dynamics CRM is a full customer relationship
More informationProspex: Protocol Specification Extraction
Prospex: Protocol Specification Extraction Paolo Milani Comparetti paolo@iseclab.org, Vienna University of Technology Gilbert Wondracek gilbert@iseclab.org, Vienna University of Technology Christopher
More informationApplication Layer Introduction; HTTP; FTP
Application Layer Introduction; HTTP; FTP Tom Kelliher, CS 325 Feb. 4, 2011 1 Administrivia Announcements Assignment Read 2.4 2.6. From Last Time Packet-switched network characteristics; protocol layers
More informationTraceback Attacks in Cloud Pebbletrace Botnet nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee
Traceback Attacks in Cloud Pebbletrace Botnet 2012 32nd International Conference on Distributed Computing Systems Workshops Wenjie Lin, David Lee Outline Introduction Key Identification Botnet attack in
More informationRKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
More informationUNIX Sockets. Developed for the Azera Group By: Joseph D. Fournier B.Sc.E.E., M.Sc.E.E.
UNIX Sockets Developed for the Azera Group By: Joseph D. Fournier B.Sc.E.E., M.Sc.E.E. Socket and Process Communication application layer User Process Socket transport layer (TCP/UDP) network layer (IP)
More informationRandall Stewart, Cisco Systems Phill Conrad, University of Delaware
SCTP: An Overview Randall Stewart, Cisco Systems Phill Conrad, University of Delaware 1 Our Objectives Be able to explain what SCTP is, and what its major features are when and why you might use it (instead
More informationTriggering Deep Vulnerabilities Using Symbolic Execution
Triggering Deep Vulnerabilities Using Symbolic Execution Dan Caselden, Alex Bazhanyuk, Mathias Payer, Stephen McCamant, Dawn Song, and many other awesome researchers, coders, and reverse engineers in the
More informationShield -- A First Line Worm Defense. Helen J. Wang, Chuanxiong Guo, Dan Simon, and Alf Zugenmaier Feb 25, Motivation
Shield -- A First Line Worm Defense Helen J. Wang, Chuanxiong Guo, Dan Simon, and Alf Zugenmaier Feb 25, 2004 Motivation Slammer, MSBlast, CodeRed, Nimda all exploiting known! Vulnerabilities whose patches
More informationEnabling Microsoft Outlook Calendar Notifications for Meetings Scheduled from the Cisco Unified MeetingPlace End-User Web Interface
Enabling Microsoft Outlook Calendar Notifications for Meetings Scheduled from the Cisco Unified MeetingPlace End-User Web Interface Release 7.1 Revised: March 5, 2013 1:53 pm This document describes the
More informationMedia Types. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Media Types Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information [http://creativecommons.org/licenses/by/3.0/]
More informationChaoshun Zuo, Wubing Wang, Rui Wang, Zhiqiang Lin
Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services Chaoshun Zuo, Wubing Wang, Rui Wang, Zhiqiang Lin University of Texas at Dallas AppBugs
More informationPolymorphic Blending Attacks. Slides by Jelena Mirkovic
Polymorphic Blending Attacks Slides by Jelena Mirkovic 1 Motivation! Polymorphism is used by malicious code to evade signature-based IDSs Anomaly-based IDSs detect polymorphic attacks because their byte
More informationProcesses communicating. Network Communication. Sockets. Addressing processes 4/15/2013
Processes communicating Network Communication Process: program running within a host. within same host, two processes communicate using inter-process communication (defined by OS). processes in different
More informationYour favorite blog :www.vijay-jotani.weebly.com (popularly known as VIJAY JOTANI S BLOG..now in facebook.join ON FB VIJAY
VISIT: Course Code : MCS-042 Course Title : Data Communication and Computer Network Assignment Number : MCA (4)/042/Assign/2014-15 Maximum Marks : 100 Weightage : 25% Last Dates for Submission : 15 th
More informationBrowser behavior can be quite complex, using more HTTP features than the basic exchange, this trace will show us how much gets transferred.
Lab Exercise HTTP Objective HTTP (HyperText Transfer Protocol) is the main protocol underlying the Web. HTTP functions as a request response protocol in the client server computing model. A web browser,
More informationData and Computer Communications. Chapter 2 Protocol Architecture, TCP/IP, and Internet-Based Applications
Data and Computer Communications Chapter 2 Protocol Architecture, TCP/IP, and Internet-Based s 1 Need For Protocol Architecture data exchange can involve complex procedures better if task broken into subtasks
More informationSecurity: Internet of Things
Security: Internet of Things Based on Trusted Flows Kyle Haefner Background - What is IoT Security? Security of the Internet of Things is just security at a larger scale -- Steve Lovaas Colorado State
More informationNetzob Documentation. Release Frédéric Guihéry, Georges Bossert
Netzob Documentation Release 0.4.1 Frédéric Guihéry, Georges Bossert June 11, 2015 Contents 1 The big picture 3 1.1 Table of contents............................................. 3 2 Indices and tables
More informationOutline. Inter-Process Communication. IPC across machines: Problems. CSCI 4061 Introduction to Operating Systems
Outline CSCI 4061 Introduction to Operating Systems ing Overview Layering and Protocols TCP/IP Protocol Family Client-Server Model Instructor: Abhishek Chandra 2 Inter-Process Communication Intra-node:
More informationContent Rules. Feature Description
Feature Description UPDATED: 11 January 2018 Copyright Notices Copyright 2002-2018 KEMP Technologies, Inc. All rights reserved. KEMP Technologies and the KEMP Technologies logo are registered trademarks
More informationExploiting Multi-Core Processors For Parallelizing Network Intrusion Prevention
Exploiting Multi-Core Processors For Parallelizing Network Intrusion Prevention Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org
More informationNetworked Applications: Sockets. End System: Computer on the Net
Networked Applications: Sockets Topics Programmer s view of the Internet Sockets interface End System: Computer on the Net Internet Also known as a host 2 Page 1 Clients and Servers Client program Running
More informationFile System (FS) Highlights
CSCI 503: Operating Systems File System (Chapters 16 and 17) Fengguang Song Department of Computer & Information Science IUPUI File System (FS) Highlights File system is the most visible part of OS From
More informationSecurity & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification
More informationFoundations of Python
Foundations of Python Network Programming The comprehensive guide to building network applications with Python Second Edition Brandon Rhodes John Goerzen Apress Contents Contents at a Glance About the
More informationElectronic Mail. Three Components: SMTP SMTP. SMTP mail server. 1. User Agents. 2. Mail Servers. 3. SMTP protocol
SMTP Electronic Mail Three Components: 1. User Agents a.k.a. mail reader e.g., gmail, Outlook, yahoo 2. Mail Servers mailbox contains incoming messages for user message queue of outgoing (to be sent) mail
More informationS-DES Encryption template. Input:
Page 1 of 5 S-DES (simplified Data Encryption Standard) Assignment template: ENCRYPTION TEMPLATE To the input (plaintext), apply initial permutation IP: IP 2 6 3 1 4 8 5 7 In the next steps, we will develop
More informationApplication Inspection and Control for SMTP
Application Inspection and Control for SMTP First Published: July 11, 2008 Last Updated: July 11, 2008 The Application Inspection for SMTP feature provides an intense provisioning mechanism that can be
More informationHTTP Reading: Section and COS 461: Computer Networks Spring 2013
HTTP Reading: Section 9.1.2 and 9.4.3 COS 461: Computer Networks Spring 2013 1 Recap: Client-Server Communication Client sometimes on Initiates a request to the server when interested E.g., Web browser
More informationConfiguring Data Export for Flexible NetFlow with Flow Exporters
Configuring Data Export for Flexible NetFlow with Flow Exporters Last Updated: September 4, 2012 This document contains information about and instructions for configuring flow exporters to export Flexible
More informationEEC-682/782 Computer Networks I
EEC-682/782 Computer Networks I Lecture 16 Wenbing Zhao w.zhao1@csuohio.edu http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at
More informationHow to Configure a Cisco Router Behind a Non-Cisco Cable Modem
How to Configure a Cisco Router Behind a Non-Cisco Cable Modem Document ID: 19268 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations Verify
More informationCPS 214: Computer Networks. Slides by Adolfo Rodriguez
CPS 214: Computer Networks Slides by Adolfo Rodriguez Paper Evaluations 1 page maximum evaluation of reading for each class Evaluations submitted in advance of class from course Web page Describe: Biggest
More informationAutomatic Network Protocol Analysis
Automatic Network Protocol Analysis Gilbert Wondracek, Paolo Milani Comparetti, Christopher Kruegel, and Engin Kirda Secure Systems Lab Technical University Vienna gilbert@seclab.tuwien.ac.at Scuola Superiore
More informationDetects Potential Problems. Customizable Data Columns. Support for International Characters
Home Buy Download Support Company Blog Features Home Features HttpWatch Home Overview Features Compare Editions New in Version 9.x Awards and Reviews Download Pricing Our Customers Who is using it? What
More informationInferring Protocol State Machine from Network Traces: A Probabilistic Approach
Inferring Protocol State Machine from Network Traces: A Probabilistic Approach Yipeng Wang, Zhibin Zhang, Danfeng(Daphne) Yao, Buyun Qu, Li Guo Institute of Computing Technology, CAS Virginia Tech, USA
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 8. Internet Applications Internet Applications Overview Domain Name Service (DNS) Electronic Mail File Transfer Protocol (FTP) WWW and HTTP Content
More informationClient/Server Computing & Socket Programming
COMP 431 Internet Services & Protocols Client/Server Computing & Socket Programming Jasleen Kaur January 29, 2019 Application-Layer Protocols Overview Application-layer protocols define:» The types of
More informationDifferent Layers Lecture 21
Different Layers Lecture 21 10/17/2003 Jian Ren 1 The Transport Layer 10/17/2003 Jian Ren 2 Transport Services and Protocols Provide logical communication between app processes running on different hosts
More informationThis release of the product includes these new features that have been added since NGFW 5.5.
Release Notes Revision A McAfee Next Generation Firewall 5.7.10 Contents About this release New features Enhancements Known limitations Resolved issues System requirements Installation instructions Upgrade
More informationData Communication & Computer Networks MCQ S
Data Communication & Computer Networks MCQ S 1. The translates internet domain and host names to IP address. a) domain name system b) routing information protocol c) network time protocol d) internet relay
More informationRouter Allows VPN Clients to Connect IPsec and Internet Using Split Tunneling Configuration Example
Router Allows VPN Clients to Connect IPsec and Internet Using Split Tunneling Configuration Example Document ID: 91193 Contents Introduction Prerequisites Requirements Components Used Conventions Background
More informationConfiguring Data Export for Flexible NetFlow with Flow Exporters
Configuring Data Export for Flexible NetFlow with Flow Exporters Last Updated: November 29, 2012 This document contains information about and instructions for configuring flow exporters to export Flexible
More informationDeployment Guide. Blackboard Learn +
Deployment Guide Blackboard Learn + TABLE OF CONTENTS 1 Introduction... 4 2 Deployment Guide Overview... 4 2.1 Blackboard Server Roles... 5 3 Prerequisites and Assumptions... 5 4 Basic Configuration...
More informationThis release of the product includes these new features that have been added since NGFW 5.5.
Release Notes Revision B McAfee Next Generation Firewall 5.7.3 Contents About this release New features Enhancements Known limitations Resolved issues System requirements Installation instructions Upgrade
More informationInternet Technology. 03r. Application layer protocols: . Paul Krzyzanowski. Rutgers University. Spring 2016
Internet Technology 03r. Application layer protocols: email Paul Krzyzanowski Rutgers University Spring 2016 1 Email: SMTP (Simple Mail Transfer Protocol) 2 Simple Mail Transfer Protocol (SMTP) Protocol
More informationCCNA 1 v3.11 Module 11 TCP/IP Transport and Application Layers
CCNA 1 v3.11 Module 11 TCP/IP Transport and Application Layers 2007, Jae-sul Lee. All rights reserved. 1 Agenda 11.1 TCP/IP Transport Layer 11.2 The Application Layer What does the TCP/IP transport layer
More informationNetworked Applications: Sockets. Goals of Todayʼs Lecture. End System: Computer on the ʻNet. Client-server paradigm End systems Clients and servers
Networked Applications: Sockets CS 375: Computer Networks Spring 2009 Thomas Bressoud 1 Goals of Todayʼs Lecture Client-server paradigm End systems Clients and servers Sockets and Network Programming Socket
More informationNetwork Communication
Network Communication Processes communicating Process: program running within a host. q within same host, two processes communicate using inter- process communica6on (defined by OS). q processes in different
More informationMRCP Version 1. A.1 Overview
A MRCP Version 1 MRCP Version 1 (MRCPv1) is the predecessor to the MRCPv2 protocol. MRCPv1 was developed jointly by Cisco, Nuance and Speechworks, and is published under RFC 4463 [13]. MRCPv1 is an Informational
More informationNeed For Protocol Architecture
Chapter 2 CS420/520 Axel Krings Page 1 Need For Protocol Architecture E.g. File transfer Source must activate communications path or inform network of destination Source must check destination is prepared
More informationCryptography and Network Security Chapter 7
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 7 Stream Ciphers and Random Number Generation The comparatively
More informationASA Clientless SSL VPN (WebVPN) Troubleshooting Tech Note
ASA Clientless SSL VPN (WebVPN) Troubleshooting Tech Note Document ID: 104298 Contents Introduction Prerequisites Requirements Components Used Conventions Troubleshooting ASA Version 7.1/7.2 Clientless
More informationQ U E S T I O N 3 In the current version of IP (IPv4), the use of TCP and UDP headers differ in which of the following ways?
Preview Test: HW 2 Test Information Description Chapter 2 Instructions Due:Oct. 17 5 PM Multiple Attempts Not allowed. This test can only be taken once. Force Completion This test can be saved and resumed
More informationInternet and Intranet Protocols and Applications
Internet and Intranet Protocols and Applications Lecture 4: General Characteristics of Internet Protocols; the Email Protocol February 10, 2004 Arthur Goldberg Computer Science Department New York University
More informationThree interface Router without NAT Cisco IOS Firewall Configuration
Three interface Router without NAT Cisco IOS Firewall Configuration Document ID: 13893 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram Configurations
More informationNeed For Protocol Architecture
Chapter 2 CS420/520 Axel Krings Page 1 Need For Protocol Architecture E.g. File transfer Source must activate communications path or inform network of destination Source must check destination is prepared
More informationConnection Logging. Introduction to Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: Introduction to, page 1 Strategies, page 2 Logging Decryptable Connections
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationPage 1. Goals for Today" What Is A Protocol?" CS162 Operating Systems and Systems Programming Lecture 10. Protocols, Layering and e2e Argument"
Goals for Today" CS162 Operating Systems and Systems Programming Lecture 10 Protocols, Layering and e2e Argument" What is a protocol?! Layering! End-to-end arguments!! October 3, 2011! Anthony D. Joseph
More informationPolyglot: Automatic Extraction of Protocol Format using Dynamic Binary Analysis
Polyglot: Automatic Extraction of Protocol Format using Dynamic Binary Analysis ABSTRACT Protocol reverse engineering, the process of extracting the application-level protocol used by an implementation,
More informationCS , Spring Sample Exam 3
Andrew login ID: Full Name: CS 15-123, Spring 2010 Sample Exam 3 Mon. April 6, 2009 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the
More informationRed Leaves implant - overview
Ahmed Zaki David Cannings March 2017 Contents 1 Handling information 3 2 Introduction 3 3 Overview 3 3.1 Summary of files analysed.......................................... 3 3.2 Execution flow................................................
More informationSun Mgt Bonus Lab 1: Automated Reporting in Palo Alto Firewalls 1
Sun Mgt Bonus Lab 1: Automated Reporting in Palo Alto Firewalls 1 The Scenario Now that your Palo Alto firewall(s) are in place and giving your more visibility into the traffic that is traversing your
More informationCSE/EE 461 Lecture 14. Connections. Last Time. This Time. We began on the Transport layer. Focus How do we send information reliably?
CSE/EE 461 Lecture 14 Connections Last Time We began on the Transport layer Focus How do we send information reliably? Topics ARQ and sliding windows Application Presentation Session Transport Network
More informationDEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5
DEPLOYMENT GUIDE Version 1.2 Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5 Table of Contents Table of Contents Deploying the BIG-IP system v10 with Microsoft IIS Prerequisites and configuration
More informationESCG-Config. Manual. Program Version: ESCG Config Version 3.28a 1. ESCG a / b / g
ESCG-Config Program Version: 3.28 Manual Ant1 Ant2 Res Ser1 Ser2 LAN WLAN On ESCG - 802.11 a / b / g ESCG Config Version 3.28a 1 Content Functional description...3 First time setup...3 Application button
More informationConfiguration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example
Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example Document ID: 113337 Contents Introduction Prerequisites Requirements Components Used Conventions Configuration
More informationSD-WAN Deployment Guide (CVD)
SD-WAN Deployment Guide (CVD) All Cisco Meraki security appliances are equipped with SD-WAN capabilities that enable administrators to maximize network resiliency and bandwidth efficiency. This guide introduces
More information"#' %#& Lecture 7: Organizing Game Clients and Servers. Socket: Network communication endpoints. IP address: IP-level name of a machine
Lecture 7: Organizing Game s and Servers! Socket: communication endpoints Analogous to a file descriptor Apps read/write to/from sockets system handles delivery IP address: IP-level name of a machine One
More informationProduced by. Mobile Application Development. Higher Diploma in Science in Computer Science. Eamonn de Leastar
Mobile Application Development Higher Diploma in Science in Computer Science Produced by Eamonn de Leastar (edeleastar@wit.ie) Department of Computing, Maths & Physics Waterford Institute of Technology
More informationSafeBricks: Shielding Network Functions in the Cloud
SafeBricks: Shielding Network Functions in the Cloud Rishabh Poddar, Chang Lan, Raluca Ada Popa, Sylvia Ratnasamy UC Berkeley Network Functions (NFs) in the cloud Clients 2 Enterprise Destination Network
More informationCS 43: Computer Networks. 15: Transport Layer & UDP October 5, 2018
CS 43: Computer Networks 15: Layer & UDP October 5, 2018 Reading Quiz Lecture 15 - Slide 2 Layer Moving down a layer. Current perspective: lication is the boss Usually executing within the OS kernel. The
More informationCSSE 460 Computer Networks Group Projects: Implement a Simple HTTP Web Proxy
CSSE 460 Computer Networks Group Projects: Implement a Simple HTTP Web Proxy Project Overview In this project, you will implement a simple web proxy that passes requests and data between a web client and
More informationPractical Techniques for Regeneration and Immunization of COTS Applications
Practical Techniques for Regeneration and Immunization of COTS Applications Lixin Li Mark R.Cornwell E.Hultman James E. Just R. Sekar Stony Brook University Global InfoTek, Inc (Research supported by DARPA,
More informationTowards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation
Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation David Brumley, Juan Caballero, Zhenkai Liang, James Newsome, Dawn Song
More informationThis release of the product includes these new features that have been added since NGFW 5.5.
Release Notes Revision A McAfee Next Generation Firewall 5.7.8 Contents About this release New features Enhancements Known limitations Resolved issues System requirements Installation instructions Upgrade
More informationDesigning a Protocol. (c) Dan Cosma (c) Dan Cosma (c) Dan Cosma
Designing a Protocol 1. Choose the patterns of communication and data transmission 2. Establish the design goals 3. Choose the message format philosophy 4. Design the message structure: format, fields,
More informationQ.1. (a) [4 marks] List and briefly explain four reasons why resource sharing is beneficial.
Q.1. (a) [4 marks] List and briefly explain four reasons why resource sharing is beneficial. Reduces cost by allowing a single resource for a number of users, rather than a identical resource for each
More informationCS 640: Introduction to Computer Networks. Today s Lecture. Page 1
CS 640: Introduction to Computer Networks Aditya Akella Lecture 2 Layering, Protocol Stacks, and Standards 1 Today s Lecture Layers and Protocols A bit about s 2 Network Communication: Lots of Functions
More informationHILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis
HILTI: An Abstract Execution Environment for Deep, Stateful Network Traffic Analysis Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu
More informationUNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING
UNIVERSITY OF TORONTO FACULTY OF APPLIED SCIENCE AND ENGINEERING ECE361 Computer Networks Midterm March 06, 2017, 6:15PM DURATION: 80 minutes Calculator Type: 2 (non-programmable calculators) Examiner:
More informationCSCD 433/533 Advanced Networks Fall Lecture 14 RTSP and Transport Protocols/ RTP
CSCD 433/533 Advanced Networks Fall 2012 Lecture 14 RTSP and Transport Protocols/ RTP 1 Topics Multimedia Player RTSP Review RTP Real Time Protocol Requirements for RTP RTP Details Applications that use
More informationExamination 2D1392 Protocols and Principles of the Internet 2G1305 Internetworking 2G1507 Kommunikationssystem, fk SOLUTIONS
Examination 2D1392 Protocols and Principles of the Internet 2G1305 Internetworking 2G1507 Kommunikationssystem, fk Date: January 17 th 2006 at 14:00 18:00 SOLUTIONS 1. General (5p) a) Draw the layered
More informationEmbedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
More information06/02/ Local & Metropolitan Area Networks 0. INTRODUCTION. 1. History and Future of TCP/IP ACOE322
1 Local & Metropolitan Area Networks ACOE322 Lecture 5 TCP/IP Protocol suite and IP addressing 1 0. INTRODUCTION We shall cover in this topic: 1. The relation of TCP/IP with internet and OSI model 2. Internet
More informationAppendix A GLOSSARY SYS-ED/ COMPUTER EDUCATION TECHNIQUES, INC.
Appendix A GLOSSARY SYS-ED/ COMPUTER EDUCATION TECHNIQUES, INC. Action Applet Bidirectional support Block Built-in macro Canvas CGI - Common Gateway Interface Character set Dependency view Dialog box Encryption
More informationThe attacker appears to use an exploit that is derived from the Metasploit FreeBSD Telnet Service Encryption Key ID Buffer Overflow?
Atlassian Home Documentation Support Blog Forums Explore Dashboard Repositories Carl Pulley owner/repo carlpulley / Challenge11 http://honeynet.org/node/829 Submission for Honeynet Challenge 11 - Dive
More informationKYOCERA Net Admin User Guide
KYOCERA Net Admin User Guide Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held liable
More informationDesign Pattern Recovery from Malware Binaries
Design Pattern Recovery from Malware Binaries Cory F. Cohen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright 2015 Carnegie Mellon University This material is based
More informationConfigure Settings and Customize Notifications on FindIT Network Probe
Configure Email Settings and Customize Email Notifications on FindIT Network Probe Objective Cisco FindIT Network Probe equips a network administrator with indispensable tools that help securely monitor
More informationProtocol Buffers, grpc
Protocol Buffers, grpc Szolgáltatásorientált rendszerintegráció Service-Oriented System Integration Dr. Balázs Simon BME, IIT Outline Remote communication application level vs. transport level protocols
More informationSocket Programming for TCP and UDP
CSCI4430 Data Communication and Computer Networks Socket Programming for TCP and UDP ZHANG, Mi Jan. 19, 2017 Outline Socket Programming for TCP Introduction What is TCP What is socket TCP socket programming
More information