Tuesday, March 22, 2011


It is the most common type of Cyber crime being committed across the world. Hacking has been defined in section 66 of The Information Technology Act, 2000 as follows "whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means commits hacking".

Punishment for hacking under the above mentioned section is imprisonment for three years or fine which may extend Upto two lakh rupees or both. A Hacker is a person who breaks in or trespasses a computer system. Hackers are of different types ranging from code hackers to crackers to cyber punks to freaks. Some hackers just enjoy cracking systems and gaining access to them as an ordinary pastime; they do not desire to commit any further crime. Whether this itself would constitute a crime is a matter of fact. At most such a crime could be equated with criminal trespass.

Thursday, March 17, 2011

  You have high speed ADSL broadband at PC,but still facing low speed in IE (INTERNET EXPLORER )
so here are few steps that will help your to get better speed in IE
1. Click start > Run
2. Type regedit > Enter
3. Browse folder HKEY_CURRENT_USERSoftwarem*cro$oftWindowsCurrentVersion
InternetSettings
4. Right click @ windows right > New > DWORD
5. Type MaxConnectionsPerServer > you can set value (the more higher the no., the more good
speed you get, eg : 99)
6. Create another DWORD >type MaxConnectionsPer1_0Server
7. Then enter any higher values in that section
8. Then, restart IE รข€¦ ur finished.
This Trick will increase your browsing speed as well as downloading speed.
Friends, all of us want to send fake mail with others mail id here i’m posting the method which is used to send the fake mail using the Simple Mail Transfer Protocol(SMTP)

SMTP is the protocol which is used to send mail over the internet.
When we login to our account and send a mail the smtp protocol will send it to the smtp server which will send it to the pop3 server and then it gets to the receiver email account.
The main bug in this system is that the SMTP server access dosen’t need any authentication, means when u want to send data to any of the email account you need not to provide the your identification or the email id and password you can just login with any email id and send email.
But the receiver has to give his e mail id and password as the pop3 server needs a authentication.
thus, using this bug even a leyman can send a fake mail with any user id and fool the receiver.
This kind of java script are already available on net so u can get it from any where.
Now the main crux here is that the mail can be trace and the ip can be known to the tracer, now a days terrorist are using such bugs to send email and may be traced. So please dont use this method for any destructive or negative purpose.

As per the indian laws it may be punishable to send fake mail via internet bus there is no such juridiction in law for sending fake mail through GPRS and this the loop hole.

So once you got the site from web for fake mail use it to send fake mail via GPRS and enjoy.
Want to Spoof a identity of caller,we have brought some intresting trick.

Call Forging is the trick by which you can spoof the identity of the
caller and misguide the caller.

By call forging the caller identity is spoofed and can be easily done
by the folllowing way.

This post is written for educational purpose and dont misuse it.

Basics of Call Forging

Firstly the voip is used to call via internet PC to a telephone.
In the VOIP there is a loop hole which allow a intruder to spoof
a call.

There are many website on the net which provide the facility of the
internet calling.

This website work as follows, first the call the source phone no. then
the destiation number and then bridge them together.

Here there is no authentication done by the website and server are
normally located in US and so tracing of the intruder is not possible.

Thus, the intruder logs on to this server and gives a wrong source number
and then place a call over internet which is actually a spoofed call
which shows wrong identity.

Also there a no laws regarding the call spoofing in India and so a intruder
if gets traced is easily backed by the loophole of no laws for it.

Thus, if you get calls from other numbers dont trust it they may be spoofed
calls.

This post is written only for awareness and for educational purpose.
MySpace: Since this site relies on Web mail to solicit and accept friends and the blog moderating functions have been known to have XSS vulnerabilities in the past, it is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.

Facebook: Since this site allows blog posts and there is limited or no control over which of your friends appear on your home page, it is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.

Twitter: An interesting site in terms of social networking in that comments and posts are allowed, but are limited to 140 characters with no HTML or JS allowed. Hyperlinks are allowed and are automatically converted to the actual HTML code by the system. Eg – http://www.cdc.gov becomes http://www.cdc.gov automatically. Comments are designed to be sent by SMS messaging, which is text based. Requests for followers come through email and can be accepted without Web mail. Whereas it does seem to be secure against XSS exploits, the site does rely on AJAX technologies and can be used to post links to malicious sites. In order to vet these links, they must be followed, which would put the system at risk. It is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.

DailyStrength: This site relies on Web mail to solicit and accept friends, allows blog comments and has limited to no control over which of your friends show up on your main profile page. It is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.

YouTube: This site allows comments on videos and has limited to no control over which of your friends show up on your main profile page. It is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.

Flickr: This site allows comments and has limited to no control over which of your friends show up on your main profile page. It is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO
 

Caller ID Forging the practice of causing the telephone network to display a number on the recipient's caller ID display which is not that of the actual originating station; the term is commonly used to describe situations in which the motivation is considered nefarious by the speaker. Just as e-mail spoofing can make it appear that a message came from any e-mail address the sender chooses, caller ID forging can make a call appear to have come from any phone number the caller wishes. Because people are prone to assume a call is coming from the number (and hence, the associated person, or persons), this can call the service's value into question.

To use a typical service, a customer pays in advance for a PIN allowing them to make a call for a certain amount of minutes. To begin, the customer dials from any phone the toll free number given to them by the company and enters their PIN. They are then asked to enter the number they wish to call and the number they wish to appear on the caller ID. Once the "customer" selects the options, the call is then bridged and the person on the other end assumes someone else is calling them.

Many Caller ID forging service providers also allow customers to initiate spoofed calls from a web-based interface in addition to calling a toll free number and entering the ten digit number you want to display followed by the ten digit number you want to call. Some providers allow you to enter the name you would like to display along with the spoofed Caller ID number but in most parts of the United States for example, whatever name the local phone company has associated with the spoofed Caller ID number is the name that shows up on the Caller ID display.

Using a web-based spoofing form involves creating an account with a provider, logging in to their website and completing a form. Most companies require the following basic fields:

1: Source number 2: Destination number 3: Caller ID number

Once the user completes this form and clicks a button to initiate the call, the source number is first called. Once the source number line is picked up, the destination is then called and bridged together.

Some providers also offer the ability to record calls, change your voice and send SMS text messages.

Methods:

Caller ID is forged through a variety of methods and different technology. The most popular ways of spoofing Caller ID are through the use of Voice over IP or PRI lines.

Another method of spoofing is that of emulating the Bell 202 FSK signal. This method, informally called orange boxing, uses software that generates the audio signal which is then coupled to the telephone line during the call. The object is to deceive the called party into thinking that there is an incoming call waiting call from the spoofed number, when in fact there is no new incoming call. This technique often also involves an accomplice who may provide a secondary voice to complete the illusion of a call waiting call. Because the orange box cannot truly spoof incoming caller ID prior to answer, and relies to a certain extent on the guile of the caller, it is considered as much a social engineering technique as a technical hack.

Other methods include switch access to the SS7 network, and social engineering telephone company operators into placing calls for you from the desired phone number. Another method that is not used as often is VXML which was gaining popularity before VoIP took over.

History:

Many people do not realize that Caller ID Forging has been around since Caller ID was created. For over a decade Caller ID forging was used mainly by businesses with access to expensive PRI (Primary Rate Interface) telephone lines provided by local telephone carriers. A single PRI line can provided businesses with up to 23 telephone lines and all of these lines are capable of having unique telephone numbers. Caller ID forging, in it’s most basic form, was typically used by businesses to display one main telephone number on all outgoing calls, even though those calls were not really originating from those numbers.

In the early 2000’s phone hackers, also known as “phone phreaks” or “phreaks”, began using Orange boxing to attempt to spoof Caller ID. Orange boxing is done by using a device, usually special computer software, to send a series of tones down the line during the first few seconds of a phone call, attempting to emulate the Caller ID signal sent from the telephone office. Orange boxing is very crude and unreliable, as it has to be done within a short timeframe at the beginning of a call. Phone phreaks, without access to PRI lines or blind line services at the time, thought the technique was clever.

In late 2003 and early 2004 the same phone phreaks began to explore a relatively new platform for developing voice applications, known as VoiceXML or VXML, which was offered by companies such as Voxeo.

In 2005 a handful of new sites allowing you to spoof your Caller ID were quietly launched. Some of the sites were PiPhone.com, CallNotes.net, SecretCalls.net, StayUnknown.com, SpoofTech.com, SpoofTel.com, and SpoofCard.com.

Towards the end of May, another site, TheZeroGroup.com, launched offering Caller ID spoofing, amongst it's other phone related services. TheZeroGroup's site claims they are hosted off-shore to avoid any legal issues that may arise.

On June 13th the U.S. House of Representatives passed the "Truth in Caller ID Act of 2007" which would make it "unlawful for any person within the United States, in connection with any telecommunications service or VOIP service, to cause any caller identification service to transmit misleading or inaccurate caller identification information with the intent to defraud or cause harm." A similiar bill was passed onto the Senate in April, but the Senate hasn't acted on either of the bills yet.

In India,we do not have any law which is related to the crime made by hoaxters by spoofing caller id.







Orkut Server Side Session Handling Problems:

Overview:

1. Orkut fails to expire the orkut_state session cookie from the server side even when the
user logs off from Orkut upon clicking "Sign-Out" from the application. The cookie is
cleared from the client side (browser), but is not cleared from the server side. If reused,
it provides access to the user's Orkut account.

2. Upon logging in again, a new orkut_state session cookie is created, but the old session
cookies still stay active on the server side. Therefore, any session cookie can be reused
to gain access to the user's Orkut account.

Details:

When any user logs into “orkut.com” . data of cookie will be generated on server and it will be sent back to user after successful authentication process on server. If I come to know about cookie data of any victim remotely then I can access victim’s account without password ( and even user id).


After an access to victim's account, I can edit his/her social,personal,professional,contact profiles,i can also have an access to his/her albums,videos,testimonials.i can even stop victim to access his/her account by editing the contact email.

My aim is not to hack the orkut account and damaged any victim's data, but to create awareness among the people about the security risks over social networking websites.

Recently I had been interviewed by HEADLINES TODAY and I have proved live that any orkut account can be hacked. I am also going to do half an hour live show on AAJTAK.

More Details will be covered in LIVE demonstration.

Gmail Server Side Session Handling Problems:

Overview:

1. Gmail fails to expire the GX session cookie from the server side even when the user
logs off from Gmail upon clicking "Sign-Out" from the application. The cookie is
cleared from the client side (browser), but is not cleared from the server side. If reused,
it provides access to the user's Gmail account.

2. Upon logging in again, a new GX session cookie is created, but the old session cookies
still stay active on the server side. Therefore, any session cookie can be re-used to
gain access to the user's Gmail account.

The above article given by http://gprsinformation.blogspot.com/2010/08/call-forging-caller-id-forging-practice.html


SMS forging is a relatively new kind of high-tech felony, which uses the short message service (SMS), which is available on most mobile phones and personal digital assistants, to spoof or impersonate another user. The spoofing is often used to send viruses that can be carried from phone to phone and which can cause destructive behavior.

SMS spoofing became possible after many mobile/cellular operators had integrated their network communications with/in the Internet. So anybody could send SMS from the Internet using forms at the websites of mobile operators or even through e-mail. Unfortunately, the Internet forms designed to send SMS may have vulnerabilities that could lead hackers to be able to break the tunneling protocol that links the phones with the Internet.

Surprisingly, one can use legitimate SMS tools available on the market for spoofing. For instance, Clickatell, a provider of carrier-grade bulk SMS messaging solutions and applications that can be integrated and used immediately within a global environment, developed various software allowing users to send bulk and personalized SMS messaging to existing databases, Lotus Domino and other integrated SMS solutions. Therefore any person can purchase or even download evaluation software that would allow the individual to send a spoof SMS. Other providers such as FakeMyText and CloakText actually sell an anonymous texting service as their main service which can be used to spoof a SMS message from any international number.

There is also dedicated Open Source tool called SMS Spoof, which is a Palm OS application that allows individuals to send spoofed SMS messages. It uses a dialup connection to any EMI/UCP-compatible short message service center (SMSC) which supports the EMI/UCP protocol, as long as no authentication is required.

Details:
Every SMS sent from sender to receiver is in PDU format which is of 7bit .
07917283010010F5040BC87238880900F10000993092516195800AE8329BFD4697D9

Octet(s)Description:-

07Length of the SMSC information (in this case 7 octets)

91Type-of-address of the SMSC. (91 means international format of the phone number)

72 83 01 00 10 F5Service center number(in decimal semi-octets). The length of the phone number is odd (11), so a trailing F has been added to form proper octets. The phone number of this service center is "+27381000015".

04First octet of this SMS-DELIVER message .

0BAddress-Length. Length of the sender number (0B hex = 11 dec)

C8Type-of-address of the sender number

72 38 88 09 00 F1Sender number (decimal semi-octets), with a trailing F, By changing this format at the sender side,we can spoof sender ID of the SMS.

Wednesday, March 16, 2011

Introduction to Networking

A basic understanding of computer networks is requisite in order to understand the principles of network security. In this section, we'll cover some of the foundations of computer networking, then move on to an overview of some popular networks. Following that, we'll take a more in-depth look at TCP/IP, the network protocol suite that is used to run the Internet and many intranets. Once we've covered this, we'll go back and discuss some of the threats that managers and administrators of computer networks need to confront, and then some tools that can be used to reduce the exposure to the risks of network computing.

What is a Network?

A ``network'' has been defined[1] as ``any set of interlinking lines resembling a net, a network of roads || an interconnected system, a network of alliances.'' This definition suits our purpose well: a computer network is simply a system of interconnected computers. How they're connected is irrelevant, and as we'll soon see, there are a number of ways to do this.

The ISO/OSI Reference Model

The International Standards Organization (ISO) Open Systems Interconnect (OSI) Reference Model defines seven layers of communications types, and the interfaces among them. (See Figure 1.) Each layer depends on the services provided by the layer below it, all the way down to the physical network hardware, such as the computer's network interface card, and the wires that connect the cards together. An easy way to look at this is to compare this model with something we use daily: the telephone. In order for you and I to talk when we're out of earshot, we need a device like a telephone. (In the ISO/OSI model, this is at the application layer.) The telephones, of course, are useless unless they have the ability to translate the sound into electronic pulses that can be transferred over wire and back again. (These functions are provided in layers below the application layer.) Finally, we get down to the physical connection: both must be plugged into an outlet that is connected to a switch that's part of the telephone system's network of switches.
If I place a call to you, I pick up the receiver, and dial your number. This number specifies which central office to which to send my request, and then which phone from that central office to ring. Once you answer the phone, we begin talking, and our session has begun. Conceptually, computer networks function exactly the same way.
It isn't important for you to memorize the ISO/OSI Reference Model's layers; but it's useful to know that they exist, and that each layer cannot work without the services provided by the layer below it.


  
Figure 1: The ISO/OSI Reference Model
\begin{figure}
\begin{center}

\setlength {\unitlength}{0.00062500in}
 
\begingr...
 ...ical}}}
\put(301,-1786){\line( 1, 0){1875}}\end{picture}\end{center}\end{figure}

What are some Popular Networks?

Over the last 25 years or so, a number of networks and network protocols have been defined and used. We're going to look at two of these networks, both of which are ``public'' networks. Anyone can connect to either of these networks, or they can use types of networks to connect their own hosts (computers) together, without connecting to the public networks. Each type takes a very different approach to providing network services.

UUCP

UUCP (Unix-to-Unix CoPy) was originally developed to connect Unix (surprise!) hosts together. UUCP has since been ported to many different architectures, including PCs, Macs, Amigas, Apple IIs, VMS hosts, everything else you can name, and even some things you can't. Additionally, a number of systems have been developed around the same principles as UUCP.

Batch-Oriented Processing.

UUCP and similar systems are batch-oriented systems: everything that they have to do is added to a queue, and then at some specified time, everything in the queue is processed.

Implementation Environment.

UUCP networks are commonly built using dial-up (modem) connections. This doesn't have to be the case though: UUCP can be used over any sort of connection between two computers, including an Internet connection. Building a UUCP network is a simple matter of configuring two hosts to recognize each other, and know how to get in touch with each other. Adding on to the network is simple; if hosts called A and B have a UUCP network between them, and C would like to join the network, then it must be configured to talk to A and/or B. Naturally, anything that C talks to must be made aware of C's existence before any connections will work. Now, to connect D to the network, a connection must be established with at least one of the hosts on the network, and so on. Figure 2 shows a sample UUCP network.


  
Figure 2: A Sample UUCP Network
\begin{figure}
\begin{center}

\setlength {\unitlength}{0.00041700in}
 
\begingr...
 ...
\put(376,-1411){
\framebox 
(1800,1125){}}\end{picture}\end{center}\end{figure}

In a UUCP network, users are identified in the format host!userid. The ``!'' character (pronounced ``bang'' in networking circles) is used to separate hosts and users. A bangpath is a string of host(s) and a userid like A!cmcurtin or C!B!A!cmcurtin. If I am a user on host A and you are a user on host E, I might be known as A!cmcurtin and you as E!you. Because there is no direct link between your host (E) and mine (A), in order for us to communicate, we need to do so through a host (or hosts!) that has connectivity to both E and A. In our sample network, C has the connectivity we need. So, to send me a file, or piece of email, you would address it to C!A!cmcurtin. Or, if you feel like taking the long way around, you can address me as C!B!A!cmcurtin.
The ``public'' UUCP network is simply a huge worldwide network of hosts connected to each other.

Popularity.

The public UUCP network has been shrinking in size over the years, with the rise of the availability of inexpensive Internet connections. Additionally, since UUCP connections are typically made hourly, daily, or weekly, there is a fair bit of delay in getting data from one user on a UUCP network to a user on the other end of the network. UUCP isn't very flexible, as it's used for simply copying files (which can be netnews, email, documents, etc.) Interactive protocols (that make applications such as the World Wide Web possible) have become much more the norm, and are preferred in most cases. However, there are still many people whose needs for email and netnews are served quite well by UUCP, and its integration into the Internet has greatly reduced the amount of cumbersome addressing that had to be accomplished in times past.

Security.

UUCP, like any other application, has security tradeoffs. Some strong points for its security is that it is fairly limited in what it can do, and it's therefore more difficult to trick into doing something it shouldn't; it's been around a long time, and most its bugs have been discovered, analyzed, and fixed; and because UUCP networks are made up of occasional connections to other hosts, it isn't possible for someone on host E to directly make contact with host B, and take advantage of that connection to do something naughty. On the other hand, UUCP typically works by having a system-wide UUCP user account and password. Any system that has a UUCP connection with another must know the appropriate password for the uucp or nuucp account. Identifying a host beyond that point has traditionally been little more than a matter of trusting that the host is who it claims to be, and that a connection is allowed at that time. More recently, there has been an additional layer of authentication, whereby both hosts must have the same sequence number , that is a number that is incremented each time a connection is made.
Hence, if I run host B, I know the uucp password on host A. If, though, I want to impersonate host C, I'll need to connect, identify myself as C, hope that I've done so at a time that A will allow it, and try to guess the correct sequence number for the session. While this might not be a trivial attack, it isn't considered very secure.

The Internet

Internet: This is a word that I've heard way too often in the last few years. Movies, books, newspapers, magazines, television programs, and practically every other sort of media imaginable has dealt with the Internet recently.

What is the Internet?

The Internet is the world's largest network of networks . When you want to access the resources offered by the Internet, you don't really connect to the Internet; you connect to a network that is eventually connected to the Internet backbone , a network of extremely fast (and incredibly overloaded!) network components. This is an important point: the Internet is a network of networks  -- not a network of hosts. A simple network can be constructed using the same protocols and such that the Internet uses without actually connecting it to anything else. Such a basic network is shown in Figure 3.


  
Figure 3: A Simple Local Area Network
\begin{figure}
\begin{center}

\setlength {\unitlength}{0.00041700in}
 
\begingr...
 ...ult}B}}}
\put(376,-661){\line( 1, 0){9000}}\end{picture}\end{center}\end{figure}

I might be allowed to put one of my hosts on one of my employer's networks. We have a number of networks, which are all connected together on a backbone , that is a network of our networks. Our backbone is then connected to other networks, one of which is to an Internet Service Provider (ISP) whose backbone is connected to other networks, one of which is the Internet backbone.
If you have a connection ``to the Internet'' through a local ISP, you are actually connecting your computer to one of their networks, which is connected to another, and so on. To use a service from my host, such as a web server, you would tell your web browser to connect to my host. Underlying services and protocols would send packets (small datagrams) with your query to your ISP's network, and then a network they're connected to, and so on, until it found a path to my employer's backbone, and to the exact network my host is on. My host would then respond appropriately, and the same would happen in reverse: packets would traverse all of the connections until they found their way back to your computer, and you were looking at my web page.
In Figure 4, the network shown in Figure 3 is designated ``LAN 1'' and shown in the bottom-right of the picture. This shows how the hosts on that network are provided connectivity to other hosts on the same LAN, within the same company, outside of the company, but in the same ISP cloud , and then from another ISP somewhere on the Internet.


  
Figure 4: A Wider View of Internet-connected Networks
\begin{figure}
\begin{center}

\setlength {\unitlength}{0.00041700in}
 
\begingr...
 ...one}}}
\put(7651,-7036){\line( 1, 0){4304}}\end{picture}\end{center}\end{figure}

The Internet is made up of a wide variety of hosts, from supercomputers to personal computers, including every imaginable type of hardware and software. How do all of these computers understand each other and work together?

TCP/IP: The Language of the Internet

 TCP/IP (Transport Control Protocol/Internet Protocol) is the ``language'' of the Internet. Anything that can learn to ``speak TCP/IP'' can play on the Internet. This is functionality that occurs at the Network (IP) and Transport (TCP) layers in the ISO/OSI Reference Model. Consequently, a host that has TCP/IP functionality (such as Unix, OS/2, MacOS, or Windows NT) can easily support applications (such as Netscape's Navigator) that uses the network.

Open Design

One of the most important features of TCP/IP isn't a technological one: The protocol is an ``open'' protocol, and anyone who wishes to implement it may do so freely. Engineers and scientists from all over the world participate in the IETF (Internet Engineering Task Force) working groups that design the protocols that make the Internet work. Their time is typically donated by their companies, and the result is work that benefits everyone.

IP

As noted, IP is a ``network layer'' protocol. This is the layer that allows the hosts to actually ``talk'' to each other. Such things as carrying datagrams, mapping the Internet address (such as 10.2.3.4) to a physical network address (such as 08:00:69:0a:ca:8f), and routing, which takes care of making sure that all of the devices that have Internet connectivity can find the way to each other.

Understanding IP

IP has a number of very important features which make it an extremely robust and flexible protocol. For our purposes, though, we're going to focus on the security of IP, or more specifically, the lack thereof.

Attacks Against IP

A number of attacks against IP are possible. Typically, these exploit the fact that IP does not perform a robust mechanism for authentication , which is proving that a packet came from where it claims it did. A packet simply claims to originate from a given address, and there isn't a way to be sure that the host that sent the packet is telling the truth. This isn't necessarily a weakness, per se , but it is an important point, because it means that the facility of host authentication has to be provided at a higher layer on the ISO/OSI Reference Model. Today, applications that require strong host authentication (such as cryptographic applications) do this at the application layer.

IP Spoofing.

This is where one host claims to have the IP address of another. Since many systems (such as router access control lists) define which packets may and which packets may not pass based on the sender's IP address, this is a useful technique to an attacker: he can send packets to a host, perhaps causing it to take some sort of action. Additionally, some applications allow login based on the IP address of the person making the request (such as the Berkeley r-commands )[2]. These are both good examples how trusting untrustable layers can provide security that is -- at best -- weak.

IP Session Hijacking.

This is a relatively sophisticated attack, first described by Steve Bellovin [3]. This is very dangerous, however, because there are now toolkits available in the underground community that allow otherwise unskilled bad-guy-wannabes to perpetrate this attack. IP Session Hijacking is an attack whereby a user's session is taken over, being in the control of the attacker. If the user was in the middle of email, the attacker is looking at the email, and then can execute any commands he wishes as the attacked user. The attacked user simply sees his session dropped, and may simply login again, perhaps not even noticing that the attacker is still logged in and doing things. For the description of the attack, let's return to our large network of networks in Figure 4. In this attack, a user on host A is carrying on a session with host G. Perhaps this is a telnet session, where the user is reading his email, or using a Unix shell account from home. Somewhere in the network between A and G sits host H which is run by a naughty person. The naughty person on host H watches the traffic between A and G, and runs a tool which starts to impersonate A to G, and at the same time tells A to shut up, perhaps trying to convince it that G is no longer on the net (which might happen in the event of a crash, or major network outage). After a few seconds of this, if the attack is successful, naughty person has ``hijacked'' the session of our user. Anything that the user can do legitimately can now be done by the attacker, illegitimately. As far as G knows, nothing has happened.
This can be solved by replacing standard telnet-type applications with encrypted versions of the same thing. In this case, the attacker can still take over the session, but he'll see only ``gibberish'' because the session is encrypted. The attacker will not have the needed cryptographic key(s) to decrypt the data stream from G, and will, therefore, be unable to do anything with the session.

TCP

TCP is a transport-layer protocol. It needs to sit on top of a network-layer protocol, and was designed to ride atop IP. (Just as IP was designed to carry, among other things, TCP packets.) Because TCP and IP were designed together and wherever you have one, you typically have the other, the entire suite of Internet protocols are known collectively as ``TCP/IP.'' TCP itself has a number of important features that we'll cover briefly.

Guaranteed Packet Delivery

Probably the most important is guaranteed packet delivery. Host A sending packets to host B expects to get acknowledgments back for each packet. If B does not send an acknowledgment within a specified amount of time, A will resend the packet. Applications on host B will expect a data stream from a TCP session to be complete, and in order. As noted, if a packet is missing, it will be resent by A, and if packets arrive out of order, B will arrange them in proper order before passing the data to the requesting application.
This is suited well toward a number of applications, such as a telnet session. A user wants to be sure every keystroke is received by the remote host, and that it gets every packet sent back, even if this means occasional slight delays in responsiveness while a lost packet is resent, or while out-of-order packets are rearranged.
It is not suited well toward other applications, such as streaming audio or video, however. In these, it doesn't really matter if a packet is lost (a lost packet in a stream of 100 won't be distinguishable) but it does matter if they arrive late (i.e., because of a host resending a packet presumed lost), since the data stream will be paused while the lost packet is being resent. Once the lost packet is received, it will be put in the proper slot in the data stream, and then passed up to the application.

UDP

UDP (User Datagram Protocol) is a simple transport-layer protocol. It does not provide the same features as TCP, and is thus considered ``unreliable.'' Again, although this is unsuitable for some applications, it does have much more applicability in other applications than the more reliable and robust TCP.

Lower Overhead than TCP

One of the things that makes UDP nice is its simplicity. Because it doesn't need to keep track of the sequence of packets, whether they ever made it to their destination, etc., it has lower overhead than TCP. This is another reason why it's more suited to streaming-data applications: there's less screwing around that needs to be done with making sure all the packets are there, in the right order, and that sort of thing.

Risk Management: The Game of Security

It's very important to understand that in security, one simply cannot say ``what's the best firewall?'' There are two extremes: absolute security and absolute access. The closest we can get to an absolutely secure machine is one unplugged from the network, power supply, locked in a safe, and thrown at the bottom of the ocean. Unfortunately, it isn't terribly useful in this state. A machine with absolute access is extremely convenient to use: it's simply there, and will do whatever you tell it, without questions, authorization, passwords, or any other mechanism. Unfortunately, this isn't terribly practical, either: the Internet is a bad neighborhood now, and it isn't long before some bonehead will tell the computer to do something like self-destruct, after which, it isn't terribly useful to you. This is no different from our daily lives. We constantly make decisions about what risks we're willing to accept. When we get in a car and drive to work, there's a certain risk that we're taking. It's possible that something completely out of control will cause us to become part of an accident on the highway. When we get on an airplane, we're accepting the level of risk involved as the price of convenience. However, most people have a mental picture of what an acceptable risk is, and won't go beyond that in most circumstances. If I happen to be upstairs at home, and want to leave for work, I'm not going to jump out the window. Yes, it would be more convenient, but the risk of injury outweighs the advantage of convenience.
Every organization needs to decide for itself where between the two extremes of total security and total access they need to be. A policy needs to articulate this, and then define how that will be enforced with practices and such. Everything that is done in the name of security, then, must enforce that policy uniformly.

Types And Sources Of Network Threats

Now, we've covered enough background information on networking that we can actually get into the security aspects of all of this. First of all, we'll get into the types of threats there are against networked computers, and then some things that can be done to protect yourself against various threats.

Denial-of-Service

DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address. These are the nastiest, because they're very easy to launch, difficult (sometimes impossible) to track, and it isn't easy to refuse the requests of the attacker, without also refusing legitimate requests for service. The premise of a DoS attack is simple: send more requests to the machine than it can handle. There are toolkits available in the underground community that make this a simple matter of running a program and telling it which host to blast with requests. The attacker's program simply makes a connection on some service port, perhaps forging the packet's header information that says where the packet came from, and then dropping the connection. If the host is able to answer 20 requests per second, and the attacker is sending 50 per second, obviously the host will be unable to service all of the attacker's requests, much less any legitimate requests (hits on the web site running there, for example).
Such attacks were fairly common in late 1996 and early 1997, but are now becoming less popular.
Some things that can be done to reduce the risk of being stung by a denial of service attack include
  • Not running your visible-to-the-world servers at a level too close to capacity
  • Using packet filtering to prevent obviously forged packets from entering into your network address space. Obviously forged packets would include those that claim to come from your own hosts, addresses reserved for private networks as defined in RFC 1918 [4], and the loopback network (127.0.0.0).
  • Keeping up-to-date on security-related patches for your hosts' operating systems.

Unauthorized Access

``Unauthorized access'' is a very high-level term that can refer to a number of different sorts of attacks. The goal of these attacks is to access some resource that your machine should not provide the attacker. For example, a host might be a web server, and should provide anyone with requested web pages. However, that host should not provide command shell access without being sure that the person making such a request is someone who should get it, such as a local administrator.

Executing Commands Illicitly

It's obviously undesirable for an unknown and untrusted person to be able to execute commands on your server machines. There are two main classifications of the severity of this problem: normal user access, and administrator access. A normal user can do a number of things on a system (such as read files, mail them to other people, etc.) that an attacker should not be able to do. This might, then, be all the access that an attacker needs. On the other hand, an attacker might wish to make configuration changes to a host (perhaps changing its IP address, putting a start-up script in place to cause the machine to shut down every time it's started, or something similar). In this case, the attacker will need to gain administrator privileges on the host.

Confidentiality Breaches

We need to examine the threat model: what is it that you're trying to protect yourself against? There is certain information that could be quite damaging if it fell into the hands of a competitor, an enemy, or the public. In these cases, it's possible that compromise of a normal user's account on the machine can be enough to cause damage (perhaps in the form of PR, or obtaining information that can be used against the company, etc.) While many of the perpetrators of these sorts of break-ins are merely thrill-seekers interested in nothing more than to see a shell prompt for your computer on their screen, there are those who are more malicious, as we'll consider next. (Additionally, keep in mind that it's possible that someone who is normally interested in nothing more than the thrill could be persuaded to do more: perhaps an unscrupulous competitor is willing to hire such a person to hurt you.)

Destructive Behavior

Among the destructive sorts of break-ins and attacks, there are two major categories.

Data Diddling.

The data diddler is likely the worst sort, since the fact of a break-in might not be immediately obvious. Perhaps he's toying with the numbers in your spreadsheets, or changing the dates in your projections and plans. Maybe he's changing the account numbers for the auto-deposit of certain paychecks. In any case, rare is the case when you'll come in to work one day, and simply know that something is wrong. An accounting procedure might turn up a discrepancy in the books three or four months after the fact. Trying to track the problem down will certainly be difficult, and once that problem is discovered, how can any of your numbers from that time period be trusted? How far back do you have to go before you think that your data is safe?

Data Destruction.

Some of those perpetrate attacks are simply twisted jerks who like to delete things. In these cases, the impact on your computing capability -- and consequently your business -- can be nothing less than if a fire or other disaster caused your computing equipment to be completely destroyed.

Where Do They Come From?

How, though, does an attacker gain access to your equipment? Through any connection that you have to the outside world. This includes Internet connections, dial-up modems, and even physical access. (How do you know that one of the temps that you've brought in to help with the data entry isn't really a system cracker looking for passwords, data phone numbers, vulnerabilities and anything else that can get him access to your equipment?) In order to be able to adequately address security, all possible avenues of entry must be identified and evaluated. The security of that entry point must be consistent with your stated policy on acceptable risk levels.

Lessons Learned

From looking at the sorts of attacks that are common, we can divine a relatively short list of high-level practices that can help prevent security disasters, and to help control the damage in the event that preventative measures were unsuccessful in warding off an attack.

Hope you have backups

This isn't just a good idea from a security point of view. Operational requirements should dictate the backup policy, and this should be closely coordinated with a disaster recovery plan, such that if an airplane crashes into your building one night, you'll be able to carry on your business from another location. Similarly, these can be useful in recovering your data in the event of an electronic disaster: a hardware failure, or a breakin that changes or otherwise damages your data.

Don't put data where it doesn't need to be

Although this should go without saying, this doesn't occur to lots of folks. As a result, information that doesn't need to be accessible from the outside world sometimes is, and this can needlessly increase the severity of a break-in dramatically.

Avoid systems with single points of failure

Any security system that can be broken by breaking through any one component isn't really very strong. In security, a degree of redundancy is good, and can help you protect your organization from a minor security breach becoming a catastrophe.

Stay current with relevant operating system patches

Be sure that someone who knows what you've got is watching the vendors' security advisories. Exploiting old bugs is still one of the most common (and most effective!) means of breaking into systems.

Watch for relevant security advisories

In addition to watching what the vendors are saying, keep a close watch on groups like CERT and CIAC. Make sure that at least one person (preferably more) is subscribed to these mailing lists

Have someone on staff be familiar with security practices

Having at least one person who is charged with keeping abreast of security developments is a good idea. This need not be a technical wizard, but could be someone who is simply able to read advisories issued by various incident response teams, and keep track of various problems that arise. Such a person would then be a wise one to consult with on security related issues, as he'll be the one who knows if web server software version such-and-such has any known problems, etc. This person should also know the ``dos'' and ``don'ts'' of security, from reading such things as the ``Site Security Handbook.''[5]

Firewalls

As we've seen in our discussion of the Internet and similar networks, connecting an organization to the Internet provides a two-way flow of traffic. This is clearly undesirable in many organizations, as proprietary information is often displayed freely within a corporate intranet (that is, a TCP/IP network, modeled after the Internet that only works within the organization). In order to provide some level of separation between an organization's intranet and the Internet, firewalls have been employed. A firewall is simply a group of components that collectively form a barrier between two networks.
A number of terms specific to firewalls and networking are going to be used throughout this section, so let's introduce them all together.
Bastion host.
A general-purpose computer used to control access between the internal (private) network (intranet) and the Internet (or any other untrusted network). Typically, these are hosts running a flavor of the Unix operating system that has been customized in order to reduce its functionality to only what is necessary in order to support its functions. Many of the general-purpose features have been turned off, and in many cases, completely removed, in order to improve the security of the machine.
Router.
A special purpose computer for connecting networks together. Routers also handle certain functions, such as routing , or managing the traffic on the networks they connect.
Access Control List (ACL).
Many routers now have the ability to selectively perform their duties, based on a number of facts about a packet that comes to it. This includes things like origination address, destination address, destination service port, and so on. These can be employed to limit the sorts of packets that are allowed to come in and go out of a given network.
Demilitarized Zone (DMZ).
The DMZ is a critical part of a firewall: it is a network that is neither part of the untrusted network, nor part of the trusted network. But, this is a network that connects the untrusted to the trusted. The importance of a DMZ is tremendous: someone who breaks into your network from the Internet should have to get through several layers in order to successfully do so. Those layers are provided by various components within the DMZ.
Proxy.
This is the process of having one host act in behalf of another. A host that has the ability to fetch documents from the Internet might be configured as a proxy server , and host on the intranet might be configured to be proxy clients . In this situation, when a host on the intranet wishes to fetch the <http://www.interhack.net/> web page, for example, the browser will make a connection to the proxy server, and request the given URL. The proxy server will fetch the document, and return the result to the client. In this way, all hosts on the intranet are able to access resources on the Internet without having the ability to direct talk to the Internet.

Types of Firewalls

There are three basic types of firewalls, and we'll consider each of them.

Application Gateways

The first firewalls were application gateways, and are sometimes known as proxy gateways. These are made up of bastion hosts that run special software to act as a proxy server. This software runs at the Application Layer of our old friend the ISO/OSI Reference Model, hence the name. Clients behind the firewall must be proxitized (that is, must know how to use the proxy, and be configured to do so) in order to use Internet services. Traditionally, these have been the most secure, because they don't allow anything to pass by default, but need to have the programs written and turned on in order to begin passing traffic.

  
Figure 5: A sample application gateway
\begin{figure}
\begin{center}

\setlength {\unitlength}{0.00041700in}
 
\begingr...
 ...{375}}
\put(2926,-961){\vector( 0, 1){675}}\end{picture}\end{center}\end{figure}

These are also typically the slowest, because more processes need to be started in order to have a request serviced. Figure 5 shows a application gateway.

Packet Filtering

Packet filtering is a technique whereby routers have ACLs (Access Control Lists) turned on. By default, a router will pass all traffic sent it, and will do so without any sort of restrictions. Employing ACLs is a method for enforcing your security policy with regard to what sorts of access you allow the outside world to have to your internal network, and vice versa. There is less overhead in packet filtering than with an application gateway, because the feature of access control is performed at a lower ISO/OSI layer (typically, the transport or session layer). Due to the lower overhead and the fact that packet filtering is done with routers, which are specialized computers optimized for tasks related to networking, a packet filtering gateway is often much faster than its application layer cousins. Figure 6 shows a packet filtering gateway.
Because we're working at a lower level, supporting new applications either comes automatically, or is a simple matter of allowing a specific packet type to pass through the gateway. (Not that the possibility of something automatically makes it a good idea; opening things up this way might very well compromise your level of security below what your policy allows.)
There are problems with this method, though. Remember, TCP/IP has absolutely no means of guaranteeing that the source address is really what it claims to be. As a result, we have to use layers of packet filters in order to localize the traffic. We can't get all the way down to the actual host, but with two layers of packet filters, we can differentiate between a packet that came from the Internet and one that came from our internal network. We can identify which network the packet came from with certainty, but we can't get more specific than that.

Hybrid Systems

In an attempt to marry the security of the application layer gateways with the flexibility and speed of packet filtering, some vendors have created systems that use the principles of both.

  
Figure 6: A sample packet filtering gateway
\begin{figure}
\begin{center}

\setlength {\unitlength}{0.00041700in}
 
\begingr...
 ...{525}}
\put(2926,-961){\vector( 0, 1){675}}\end{picture}\end{center}\end{figure}

In some of these systems, new connections must be authenticated and approved at the application layer. Once this has been done, the remainder of the connection is passed down to the session layer, where packet filters watch the connection to ensure that only packets that are part of an ongoing (already authenticated and approved) conversation are being passed.
Other possibilities include using both packet filtering and application layer proxies. The benefits here include providing a measure of protection against your machines that provide services to the Internet (such as a public web server), as well as provide the security of an application layer gateway to the internal network. Additionally, using this method, an attacker, in order to get to services on the internal network, will have to break through the access router, the bastion host, and the choke router.

So, what's best for me?

Lots of options are available, and it makes sense to spend some time with an expert, either in-house, or an experienced consultant who can take the time to understand your organization's security policy, and can design and build a firewall architecture that best implements that policy. Other issues like services required, convenience, and scalability might factor in to the final design.

Some Words of Caution

The business of building firewalls is in the process of becoming a commodity market. Along with commodity markets come lots of folks who are looking for a way to make a buck without necessarily knowing what they're doing. Additionally, vendors compete with each other to try and claim the greatest security, the easiest to administer, and the least visible to end users. In order to try to quantify the potential security of firewalls, some organizations have taken to firewall certifications. The certification of a firewall means nothing more than the fact that it can be configured in such a way that it can pass a series of tests. Similarly, claims about meeting or exceeding U.S. Department of Defense ``Orange Book'' standards, C-2, B-1, and such all simply mean that an organization was able to configure a machine to pass a series of tests. This doesn't mean that it was loaded with the vendor's software at the time, or that the machine was even usable. In fact, one vendor has been claiming their operating system is ``C-2 Certified'' didn't make mention of the fact that their operating system only passed the C-2 tests without being connected to any sort of network devices. Such gauges as market share, certification, and the like are no guarantees of security or quality. Taking a little bit of time to talk to some knowledgeable folks can go a long way in providing you a comfortable level of security between your private network and the big, bad Internet.
Additionally, it's important to note that many consultants these days have become much less the advocate of their clients, and more of an extension of the vendor. Ask any consultants you talk to about their vendor affiliations, certifications, and whatnot. Ask what difference it makes to them whether you choose one product over another, and vice versa. And then ask yourself if a consultant who is certified in technology XYZ is going to provide you with competing technology ABC, even if ABC best fits your needs.

Single Points of Failure

Many ``firewalls'' are sold as a single component: a bastion host, or some other black box that you plug your networks into and get a warm-fuzzy, feeling safe and secure. The term ``firewall'' refers to a number of components that collectively provide the security of the system. Any time there is only one component paying attention to what's going on between the internal and external networks, an attacker has only one thing to break (or fool!) in order to gain complete access to your internal networks. See the Internet Firewalls FAQ for more details on building and maintaining firewalls.

Secure Network Devices

It's important to remember that the firewall is only one entry point to your network. Modems, if you allow them to answer incoming calls, can provide an easy means for an attacker to sneak around (rather than through ) your front door (or, firewall). Just as castles weren't built with moats only in the front, your network needs to be protected at all of its entry points.

Secure Modems; Dial-Back Systems

If modem access is to be provided, this should be guarded carefully. The terminal server , or network device that provides dial-up access to your network needs to be actively administered, and its logs need to be examined for strange behavior. Its passwords need to be strong -- not ones that can be guessed. Accounts that aren't actively used should be disabled. In short, it's the easiest way to get into your network from remote: guard it carefully. There are some remote access systems that have the feature of a two-part procedure to establish a connection. The first part is the remote user dialing into the system, and providing the correct userid and password. The system will then drop the connection, and call the authenticated user back at a known telephone number. Once the remote user's system answers that call, the connection is established, and the user is on the network. This works well for folks working at home, but can be problematic for users wishing to dial in from hotel rooms and such when on business trips.
Other possibilities include one-time password schemes, where the user enters his userid, and is presented with a ``challenge,'' a string of between six and eight numbers. He types this challenge into a small device that he carries with him that looks like a calculator. He then presses enter, and a ``response'' is displayed on the LCD screen. The user types the response, and if all is correct, he login will proceed. These are useful devices for solving the problem of good passwords, without requiring dial-back access. However, these have their own problems, as they require the user to carry them, and they must be tracked, much like building and office keys.
No doubt many other schemes exist. Take a look at your options, and find out how what the vendors have to offer will help you enforce your security policy effectively.

Crypto-Capable Routers

A feature that is being built into some routers is the ability to use session encryption between specified routers. Because traffic traveling across the Internet can be seen by people in the middle who have the resources (and time) to snoop around, these are advantageous for providing connectivity between two sites, such that there can be secure routes. See the Snake Oil FAQ [6] for a description of cryptography, ideas for evaluating cryptographic products, and how to determine which will most likely meet your needs.

Virtual Private Networks

Given the ubiquity of the Internet, and the considerable expense in private leased lines, many organizations have been building VPNs (Virtual Private Networks). Traditionally, for an organization to provide connectivity between a main office and a satellite one, an expensive data line had to be leased in order to provide direct connectivity between the two offices. Now, a solution that is often more economical is to provide both offices connectivity to the Internet. Then, using the Internet as the medium, the two offices can communicate. The danger in doing this, of course, is that there is no privacy on this channel, and it's difficult to provide the other office access to ``internal'' resources without providing those resources to everyone on the Internet.
VPNs provide the ability for two offices to communicate with each other in such a way that it looks like they're directly connected over a private leased line. The session between them, although going over the Internet, is private (because the link is encrypted), and the link is convenient, because each can see each others' internal resources without showing them off to the entire world.
A number of firewall vendors are including the ability to build VPNs in their offerings, either directly with their base product, or as an add-on. If you have need to connect several offices together, this might very well be the best way to do it.

Conclusions

Security is a very difficult topic. Everyone has a different idea of what ``security'' is, and what levels of risk are acceptable. The key for building a secure network is to define what security means to your organization . Once that has been defined, everything that goes on with the network can be evaluated with respect to that policy. Projects and systems can then be broken down into their components, and it becomes much simpler to decide whether what is proposed will conflict with your security policies and practices. Many people pay great amounts of lip service to security, but do not want to be bothered with it when it gets in their way. It's important to build systems and networks in such a way that the user is not constantly reminded of the security system around him. Users who find security policies and systems too restrictive will find ways around them. It's important to get their feedback to understand what can be improved, and it's important to let them know why what's been done has been, the sorts of risks that are deemed unacceptable, and what has been done to minimize the organization's exposure to them.

Security is everybody's business, and only with everyone's cooperation, an intelligent policy, and consistent practices, will it be achievable.


Ethernet Network ArchitectureEthernet

Ethernet is the most popular physical layer LAN technology in use today. Other LAN types include Token Ring, Fast Ethernet, Fiber Distributed Data Interface (FDDI), Asynchronous Transfer Mode (ATM) and LocalTalk. Ethernet is popular because it strikes a good balance between speed, cost and ease of installation. These benefits, combined with wide acceptance in the computer marketplace and the ability to support virtually all popular network protocols, make Ethernet an ideal networking technology for most computer users today. The Institute for Electrical and Electronic Engineers (IEEE) defines the Ethernet standard as IEEE Standard 802.3. This standard defines rules for configuring an Ethernet network as well as specifying how elements in an Ethernet network interact with one another. By adhering to the IEEE standard, network equipment and network protocols can communicate efficiently.

Fast Ethernet

For Ethernet networks that need higher transmission speeds, the Fast Ethernet standard (IEEE 802.3u) has been established. This standard raises the Ethernet speed limit from 10 Megabits per second (Mbps) to 100 Mbps with only minimal changes to the existing cable structure. There are three types of Fast Ethernet: 100BASE-TX for use with level 5 UTP cable, 100BASE-FX for use with fiber-optic cable, and 100BASE-T4 which utilizes an extra two wires for use with level 3 UTP cable. The 100BASE-TX standard has become the most popular due to its close compatibility with the 10BASE-T Ethernet standard. For the network manager, the incorporation of Fast Ethernet into an existing configuration presents a host of decisions. Managers must determine the number of users in each site on the network that need the higher throughput, decide which segments of the backbone need to be reconfigured specifically for 100BASE-T and then choose the necessary hardware to connect the 100BASE-T segments with existing 10BASE-T segments. Gigabit Ethernet is a future technology that promises a migration path beyond Fast Ethernet so the next generation of networks will support even higher data transfer speeds.

Token Ring ArchitectureToken Ring

Token Ring is another form of network configuration which differs from Ethernet in that all messages are transferred in a unidirectional manner along the ring at all times. Data is transmitted in tokens, which are passed along the ring and viewed by each device. When a device sees a message addressed to it, that device copies the message and then marks that message as being read. As the message makes its way along the ring, it eventually gets back to the sender who now notes that the message was received by the intended device. The sender can then remove the message and free that token for use by others.

Various PC vendors have been proponents of Token Ring networks at different times and thus these types of networks have been implemented in many organizations.

FDDI architectureFDDI

FDDI (Fiber-Distributed Data Interface) is a standard for data transmission on fiber optic lines in a local area network that can extend in range up to 200 km (124 miles). The FDDI protocol is based on the token ring protocol. In addition to being large geographically, an FDDI local area network can support thousands of users.

Protocols:

Network protocols are standards that allow computers to communicate. A protocol defines how computers identify one another on a network, the form that the data should take in transit, and how this information is processed once it reaches its final destination. Protocols also define procedures for handling lost or damaged transmissions or "packets." TCP/IP (for UNIX, Windows NT, Windows 95 and other platforms), IPX (for Novell NetWare), DECnet (for networking Digital Equipment Corp. computers), AppleTalk (for Macintosh computers), and NetBIOS/NetBEUI (for LAN Manager and Windows NT networks) are the main types of network protocols in use today.

Although each network protocol is different, they all share the same physical cabling. This common method of accessing the physical network allows multiple protocols to peacefully coexist over the network media, and allows the builder of a network to use common hardware for a variety of protocols. This concept is known as "protocol independence,"

Some Important Protocols and their job:
Protocol Acronym Its Job
Point-To-Point TCP/IP The backbone protocol of the internet. Popular also for intranets using the internet
Transmission Control Protocol/internet Protocol TCP/IP The backbone protocol of the internet. Popular also for intranets using the internet
Internetwork Package Exchange/Sequenced Packet Exchange IPX/SPX This is a standard protocol for Novell Network Operating System
NetBIOS Extended User Interface NetBEUI This is a Microsoft protocol that doesn't support routing to other networks
File Transfer Protocol FTP Used to send and receive files from a remote host
Hyper Text Transfer Protocol HTTP Used for the web to send documents that are encoded in HTML.
Network File Services NFS Allows network nodes or workstations to access files and drives as if they were their own.
Simple Mail Transfer Protocol SMTP Used to send Email over a network
Telnet Used to connect to a host and emulate a terminal that the remote server can recognize

This is always a huge topic and it seems simple to many of us but the fact of the matter is we have a lot of "new" people so we need to be clear about this sort of thing. (Note all commands should be run as root or with sudo)

1. To start networking in Backtrack 4 final issue the following command.

/etc/init.d/networking start

This will attempt to start all the interfaces in the /etc/network/interfaces file.

root@bt:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet dhcp

auto eth2
iface eth2 inet dhcp

auto ath0
iface ath0 inet dhcp

auto wlan0
iface wlan0 inet dhcp

If you don't have or don't want some of these interfaces then simply remove the from this file and they will not start.

If you need to set a static IP just set the variables in the /etc/network/interfaces file

auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

You will also need to make sure you set a nameserver in /etc/resolv.conf

root@bt:~# cat /etc/resolv.conf
nameserver 192.168.0.1

So for example if all you have is eth0 and wlan0 on your system and you want them both to get a adress via DHCP then remove every thing else for the file with the exception of the lo interface. Here is a example.

root@bt:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto wlan0
iface wlan0 inet dhcp

Now if are lazy and want all this to start at boot you can simply issue this command as root

update-rc.d networking defaults

This will create all the proper sym-links

What about ssh?

So while I am on the subject I may as well go over ssh. In order to use ssh on backtrack 4 final you need to generate the keys first.

sshd-generate

after that you can start ssh like this:

/etc/init.d/ssh start

or you can add it to the boot sequence like this:

update-rc.d ssh defaults

Well thats enough to get up and running. I hope this was somewhat helpful to any one just getting started with backtrack.
You can reveal passwords hidden behind asterisks or ******* easily. For Windows users, they can see the hidden password quickly using the free software in which I will demonstrate below. It does not take more than 10 secs.

Reveal Hidden Password - Password Hacking


Features of the the Software – Asterisk Key

  • Uncovers hidden passwords on password dialog boxes and web pages
  • State of the art password recovery engine – all passwords are recovered instantly
  • Multilingual passwords are supported
  • Full install/uninstall support
  • Its Free
[External Link ] Download the Asterisk Key.
KeyloggersA Keylogger allows you to secretly track all activities from all computer users and automatically receive logs to a desire e-mail/FTP accounting.

With a Keylogger you can read their chat conversations, look at their e-mails and even watch the sites they surfed to.

By activating Keyloggers, you can monitor everything (Including blocking unwanted programs).
Keylogger allows you to register all keystrokes typed including language-specific characters, talk and messages conversations, passwords, e-mails, clipboard information, microphone sounds, screenshots capturing, desktop and Internet activity (like sites your kids have visited).

Features of Keyloggers

  • The keylogger automatically activate it self when windows starts and is completely invisible.
  • The Keylogger is not listed in Task Manager, Windows Task Bar, System Tray, MSConfig (Startup entry), Uninstall list(Add/Remove programs) And start menu.
  • The keylogger also Hides its files.
  • All In One Keylogger has very experienced Log Viewer.
  • Allows you to aspect, browse, delete, check, type and colander your log files.
  • All In One Keylogger viewer allows you to view logs by dates and level the total log.
  • The Key logger Log-Viewer can be set to mark only dates when log was registered.
  • It also supports HTML and plain-text reports and “Slide Show” for screen snapshot pictures.
  • From immediately you can know what your kids and employees are doing on the PC and maintain a backup of your typed data.
  • Away from home, it can send you logs by E-mail, FTP or LAN.
Hope this helps you to understand what a Keylogger is.

Tuesday, March 15, 2011

Introduction
A Programing Language should be designed to support certain kind of data, such as numbers,characters,strings etc. To get useful output known as information. A program is a set of statements for a specific task, which will be executed in a sequential form. These statements/instructions are formed using certain words and symbols according to the rules known as syntax rules or grammar of the language. Every program must follow accurately the syntax rules supported by the language.

The C Character set
The characters used to form words,numbers and expressions depend upon the computer on which the program runs. The Characters in C are classified in to four categories.
1. Letters-------------> Ex: A to Z and a to z

2. Digits--------------> Ex: All decimal digits 0 to 9

3. White spaces--------> Ex: Blank space, Horizontal tab, Vertical tab, New line, Form feed

4. Special characters--> Ex:, . ; " ' ! | / \ ~ _ $ ? & ^ * - + < > ( ) [ ] { } % # = @

The C Keywords
The C keywords are reserved words by the compiler. All the C keywords have been assigned fixed meaning. The Keywords cannot be used as variable names because they have been assigned fixed jobs. However, few C compilers allow to construct variable names, which exactly coincides with the keywords. It is suggested not to mix up keywords with variable names.
Keywords:

auto-----break-----case----char----const----continue----default----do

double----else-----enum-----extern-------float--------for-----goto----if
int----long----register---return---short---signed----sizeof---static
struct----switch----typedef----union---unsigned---void---volatile----while
In addition to these standard keywords some more like asm,typeof,huge,interrupt,near,etc.
Identifiers
Identifiers are names of variables,functions, and arrays. They are user-defined names, consisting of sequence of letters and digits, with the letters as the first character. Lower case letters are preferred. However, the upper case letters are also permitted. The (_) under score symbol can be used as an identifier.
Examples:1. #define N 10 2. # define a 15

Here 'N' and 'a' are user-defined identifiers

Constants
The Constants in C are applicable to the values, which do not change during the execution of a program. There are several types of constants in C. They are

1. Numeric Constants

2. Character Constants

Numeric Constants
Numeric Constants Classifieds into several categories.They are

* Integer constants
These are the sequence of numbers from 0 to 9 without decimal points or fractional part or any other symbols. It requires minimum two bytes and maximum four bytes. Integer constants could either be positive or negative or maybe zero. The number without a sign is assumed as positive.

Example: 50,70,+80,-15 etc.

* Real constants
Real constants often as floating point constants. Integer constants are unfit to represent many quantities. Many parameters or quantities are defined not only in integers but also in real numbers. For example length, height, prize, distance etc. are measured in real numbers.

Example: 1.0,2.3450,3.14 etc.

The real constants can be written in exponential notation,which contains a fractional part and an exponential part. For example, the value 2456.123 can be written as 2.4561Xe+3.

The General format of the real number contains mantissa and an exponent. The mantissa is either a real number represented in decimal or an integer.The exponent is an integer number which may be positive or nagative. The letter 'e' separating the mantissa and exponent can be written in lower case or upper case.

Character Constants
* Single character constants:

A characteer constant is a single character. They are also represented with a single digit or a single special symbol or white space enclosed within a pair of single quote marks.

Example: 'a','d','m',etc.

* String constants:

String constants are sequence of characters enclosed within a double quote
marks. The string may be a combination of all kinds of symbols.

Example: "Hello","Sample","Ramana" etc.

Variables
A variable is a data name used for storing a data value. A variable is a name which is used for storing some value in it. Its value may be changed during the program execution of a program. A variable name may be declared based on the meaning of the operation.

Example: height,weight, average, sum, mul etc.

Rules for defining variables
1. They must begin with a character without spaces but underscore is permitted.

2. The length of the variable varies from compiler to compiler. Generally most of the compilers support 8 characters excluding extension. However, the ANSI standard recognizes the maximum length of a variable upto 31 characters.

3. The variable should not be a C keyword.

4. The variable names may be a combination of upper and lower characters. For example Sum and sum are not the same.

5. The variable name should not start with a digit.

Data Types
All C compilers support a variety of data types. This enables the programmer to select the appropriate data type as per the need of the application. Which type of data is storing in a variable is known as data type. Generally data is represented using numbers or characters. The numbers may be integers or real.

A C language programmer has to tell the system before-hand, the type of numbers or characters he is using in his program. These are data types. There are many data types in C language. A C programmer has to use appropriate data type as per his requirement.

C language data types can be broadly classified as

* Primary data type

* Derived data type

* User-defined data type
All C Compilers accept the following fundamental data types

1. Integer -------------------------------------> int

2. Character ----------------------------------> char

3. Floating Point ------------------------------> float

4. Double precision floating point------------> double

5. Void ---------------------------------------> void

The size and range of each data type is given in the below

* char -----------------------------------> -128 to 127

* int -----------------------------------> -32768 to +32767

* float ---------------------------------->3.4 e-38 to 3.4 e+38

* double --------------------------------> 1.7 e-308 to 1.7 e+308

Integer Type :
Integers are whole numbers with a machine dependent range of values. A good programming language as to support the programmer by giving a control on a range of numbers and storage space. C has 3 classes of integer storage namely short int, int and long int. All of these data types have signed and unsigned forms. A short int requires half the space than normal integer values. Unsigned numbers are always positive and consume all the bits for the magnitude of the number. The long and unsigned integers are used to declare a longer range of values.

Floating Point Types :
Floating point number represents a real number with 6 digits precision. Floating point numbers are denoted by the keyword float. When the accuracy of the floating point number is insufficient, we can use the double to define the number. The double is same as float but with longer precision. To extend the precision further we can use long double which consumes 80 bits of memory spaces.

Void Type :
Using void data type, we can specify the type of a function. It is a good practice to avoid functions that does not return any values to the calling function.

Character Type :
A single character can be defined as a defined as a character type of data. Characters are usually stored in 8 bits of internal storage. The qualifier signed or unsigned can be explicitly applied to char. While unsigned characters have values between 0 and 255, signed characters have values from –128 to 127.

Data types and their control strings

Data Type------------------->Size(bytes)--------->Range---------------------------->Control String

Char................................................ 1 ............................... -128 to 127............................................... %c

Unsigned Char............................... 1 ............................... 0 to 255...................................................... %c

Short or int................................... 2 ............................. -32,768 to 32,767 .................................... %i or %d

Unsigned int ................................. 2 .................................. 0 to 655355............................................... %u

Long................................................ 4 ................................. -2147483648 to 2147483647.................. %ld

Unsigned long............................... 4 ..................................... 0 to 4294967295................................. %lu

Float............................................... 4 .................................... 3.4e-38 to 3.4e+38.................. %f or %g

Double.............................................. 8 ................................... 1.7e-308 to 1.7e+308.......................... %lf

Long Double......................................... 10 .......................... 3.4e-4932 to 1.1e+4932.................. %lf