A port scanner is a program which attempts to connect to a list or range of TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) ports on a list or range of IP addresses.
Port scanners are used for network mapping and for network security assessments.
The first decision to make when running a port scanner is to determine the network range you want to scan. This could be a single IP address, a list of IP addresses, or a range of IP addresses.
The second decision is to determine
[ read more ]
The term port knocking refers to a type of host-to-host communication where the information flows across closed ports. The primary purpose of port knocking is to keep attackers from successfully conducting a port scan since the server will require the correct port knocking protocol or sequence before the port is opened. There are a few types of port knocking methods, including encoding information in a packet-payload or a port sequence. When the port knocking method is used, the data is sent to
[ read more ]
A personal firewall is a firewall-like software application which runs on a users PC.
Traditional software-based firewalls run as the only application on stand-alone computers which have been hardened to protect against hackers. Personal firewalls run on PC's along with all of the other applications required by the PC user.
Traditional firewalls protect entire networks. Personal firewalls are normally designed to protect only the PC upon which they are installed.
Because they run on the
[ read more ]
Free firewalls have become very common and represent an excellent alternative to commercial firewall packages.
Most of these firewalls run under some form of Linux, FreeBSD, or OpenBSD.
Many of these free firewalls are front-ends for the lower-level firewall packages which ship with these operating systems, such as pf (Packet Filter), ipf (IPFilter), ipfw (IPFirewall), and iptables.
Free firewall packages which you can download include:
Firestarter
Firesarter is a free firewall tool for Lin
[ read more ]
A mobile firewall is a hardware and software system that is designed to protect wireless communication networks from unauthorized access and use. The whole system works when it is used connectively and if the mobile node, the firewall hardware and software system, and the network itself are present and operational. The mobile communications firewall system is made and designed to safeguard the network's system together with all of the mobile clients or subscribers that make use of the servi
[ read more ]
"Malicious botnets", networks of "zombie" computers controlled and commanded by outsiders with nefarious intentions ranging from Directed Denial of Service (DDoS) attacks to simple spamming and ad insertions are considered by Internet security experts as the major threat in the coming months and years.
The Federal Bureau of Investigation (FBI) has recently announced that it has identified at least one million 'captive' computers in the United States. At the same ti
[ read more ]
Firewall protection works by blocking certain types of traffic between a source and a destination.
All network traffic has a source, a destination, and a protocol. This protocol is usually TCP, UDP, or ICMP.
If this protocol is TCP or UDP, there is a source port and a destination port. Most often the source port is a random port and the destination port is a well-known port number. For example, the destination port for HTTP is 80 and the destination port for DNS is 53.
If the protocol is ICMP
[ read more ]
Every packet based network has an MTU (Maximum Transmission Unit) size. The MTU is the size of the largest packet that that network can transmit.
Packets larger than the allowable MTU must be divided into smaller packets or fragments to enable them to traverse the network.
Network
Standard MTU
Ethernet
1500
Token Ring
4096
Packet Headers
Every IP packet has an IP (Internet Protocol) header that stores information about the packet, including:
Version
IHL
Typ
[ read more ]
A TCP sequence prediction attack is an attempt to hijack an existing TCP session by injecting packets which pretend to come from one computer involved in the TCP session.
The TCP Sequence Prediction Attack
TCP is a reliable connection-oriented layer 4 (Transport Layer) protocol. Packet transfer between hosts is accomplished by the layers below layer 4 and TCP takes responsibility to making certain the packets are delivered to higher layers in the protocol stack in the correct order. To accompl
[ read more ]
Wireless traffic is considered to be those Internet protocol packets that are transmitted through an 802.11a, b, g, n, or i wireless protocol.
Monitoring Requirements
There are a few things to consider when planning to setup wireless traffic monitoring. First, the user must determine what kind of traffic will be monitored. Is the traffic to or from local systems or to and from a system the user has no direct control of? Second, the user needs to have the appropriate wireless adapter installed
[ read more ]
