DOCSLIB.ORG

Part I: Practice

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Part I: Practice Part I: Practice DNS Test (using Windows 7) Assume my IPADDRESS is 192.168.1.1: and doing a tracert to www.microsoft.com We like to find the servers which are authoritative for the subdomain www.microsoft.com : Cls Nslookup Service Some simple exercises in window command prompt ‐ Make sure you understand how they work. C:>ipconfig /displaydns ; check your dns cache C:>ipconfig /flushdns ; clear your dns cache C:>nslookup www.linuxjournal.com Locate the root server Change the root server to one of the root servers and then type com to lookup the servers that are authoritative for .com: They are 1‐m.rootservers.net (13 all together) Check: http://www.verisign.com/domain‐ name‐services/find‐registrar/index.html To see who is who! Any of these servers can authoritative for www.microsoft.com We need to find which name server is authoritative for Microsoft.com These servers are directed by a.root‐ servers.net name server We now find the authoritative servers of Microsoft.com We need to change to the subdomain authoritative server. We check the status to make sure we are using the right server name Note that seems like the server does not have any records about www.microsoft.com We change the type to see if there are any aliases used in place of www.microsoft.com toggle.www.ms.akadns.net We have to search for TLD which has records of .net: We changed our name server connected to the domain We changed our name server connected to the domain We now search for authoritative servers for .net In the next step we point to this server we point to this server We check the status to make sure / we can use host command We now point to a different subdomain We finally find the IP address to the www.microsoft.com / note that this is the same as what we got from the VisualRoute screen Note that the authoritative server for www.microsoft.com could not have been found from VisualRoute! In this exercise we note that there are a lot of A records associated with www.microsoft.com and in fact, www.microsoft.com is a CNAME of lb1.www.ms.akadns.net – We achieved this using recursive DNS servers. This example shows how the DNS name resolution works and you should understand how name resolution works in the background. Note that we could have found the above results by simply doing the following: Part I: Exercise In this part of the exercise you should do the following: 1‐ Use VisualRoute or (tracert) to trace packets to www.sonoma.edu server. Show a snapshot of your results. a. How many hops does it take? b. How many peering points do you observe along the path? c. What is the IP address of www.sonoma.edu . d. Is www.sonoma.edu an alias? If so, what is the actual name of the server? 2‐ Clearly name all the authoritative servers which participate in name resolving. You must repeat the steps above to show which servers are used to complete name resolution. Use a figure similar to below to describe your answer. 3‐ Clear up your DNS cache. Using your browser try to reach www.sonoma.edu. a. Check your DNS cache. What do you see? Explain your answer. 4‐ Would nslookup commands you used above work in Linux OS? If not what will be equivalent command? .
Load more

Recommended publications
  • Dig, a DNS Query Tool for Windows and Replacement for Nslookup 2008-04-15 15:29
    dig, a DNS query tool for Windows and replacement for nslookup 2008-04-15 15:29 Disclaimer dig (dig for Windows ) (dig is a powerful tool to investigate [digging into] the DNS system) Source of the binary is from ftp.isc.org Manual Page of dig, in the cryptic Unix style, for reference only. (1) Download: Windows 2000 or Windows XP or Windows Vista ( dig version 9.3.2) Create a folder c:\dig Download this dig-files.zip and save it to c:\dig Use winzip or equivalent to extract the files in dig-files.zip to c:\dig Note: If msvcr70.dll already exists in %systemroot%\system32\ , then you can delete c:\dig\msvcr70.dll Note: Included in dig-files.zip is a command line whois, version 4.7.11: The canonical site of the whois source code is http://ftp.debian.org/debian/pool/main/w/whois/ The whois.exe file inside dig-files.zip is compiled using cygwin c++ compiler. (2) Do a file integrity check (why ? Because some virus checkers destroy dll files) Click Start.. Run ... type CMD (a black screen pops up) cd c:\dig sha1 * You should see some SHA1 hashes (in here, SHA1 hash is used as an integrity check, similar to checksums). Compare your hashes with the following table. SHA1 v1.0 [GPLed] by Stephan T. Lavavej, http://stl.caltech.edu 6CA70A2B 11026203 EABD7D65 4ADEFE3D 6C933EDA cygwin1.dll 57487BAE AA0EB284 8557B7CA 54ED9183 EAFC73FA dig.exe 97DBD755 D67A5829 C138A470 8BE7A4F2 6ED0894C host.exe D22E4B89 56E1831F F0F9D076 20EC19BF 171F0C29 libbind9.dll 81588F0B E7D3C6B3 20EDC314 532D9F2D 0A105594 libdns.dll E0BD7187 BBC01003 ABFE7472 E64B68CD 1BDB6BAB libeay32.dll F445362E 728A9027 96EC6871 A79C6307 054974E4 libisc.dll B3255C0E 4808A703 F95C217A 91FFCD69 40E680C9 libisccfg.dll DFBDE4F9 E25FD49A 0846E97F D813D687 6DC94067 liblwres.dll 61B8F573 DB448AE6 351AE347 5C2E7C48 2D81533C msvcr70.dll BDA14B28 7987E168 F359F0C9 DD96866D 04AB189B resolv.conf 1112343A 319C3EEE E44BF261 AE196C96 289C70E2 sha1.exe 21D20035 2A5B64E2 69FEA407 4D78053F 3C7A2738 whois.exe If your hashes are the same as the above table, then your files pass the integrity check.
    [Show full text]
  • 1. Run Nslookup to Obtain the IP Address of a Web Server in Europe
    1. Run nslookup to obtain the IP address of a Web server in Europe. frigate:Desktop drb$ nslookup home.web.cern.ch Server: 130.215.32.18 Address: 130.215.32.18#53 Non-authoritative answer: home.web.cern.ch canonical name = drupalprod.cern.ch. Name: drupalprod.cern.ch Address: 137.138.76.28 Note that the #53 denotes the DNS service is running on port 53. 2. Run nslookup to determine the authoritative DNS servers for a university in Asia. frigate:Desktop drb$ nslookup -type=NS tsinghua.edu.cn Server: 130.215.32.18 Address: 130.215.32.18#53 Non-authoritative answer: tsinghua.edu.cn nameserver = dns2.tsinghua.edu.cn. tsinghua.edu.cn nameserver = dns.tsinghua.edu.cn. tsinghua.edu.cn nameserver = dns2.edu.cn. tsinghua.edu.cn nameserver = ns2.cuhk.edu.hk. Authoritative answers can be found from: dns2.tsinghua.edu.cn internet address = 166.111.8.31 ns2.cuhk.edu.hk internet address = 137.189.6.21 ns2.cuhk.edu.hk has AAAA address 2405:3000:3:6::15 dns2.edu.cn internet address = 202.112.0.13 dns.tsinghua.edu.cn internet address = 166.111.8.30 Note that there can be multiple authoritative servers. The response we got back was from a cached record. To confirm the authoritative DNS servers, we perform the same DNS query of one of the servers that can provide authoritative answers. frigate:Desktop drb$ nslookup -type=NS tsinghua.edu.cn dns.tsinghua.edu.cn Server: dns.tsinghua.edu.cn Address: 166.111.8.30#53 tsinghua.edu.cn nameserver = dns2.edu.cn.
    [Show full text]
  • Command Reference Guide for Cisco Prime Infrastructure 3.9
    Command Reference Guide for Cisco Prime Infrastructure 3.9 First Published: 2020-12-17 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Tanium™ Appliance Deployment Guide
    Tanium™ Appliance Deployment Guide Version 1.5.6 June 06, 2020 The information in this document is subject to change without notice. Further, the information provided in this document is provided “as is” and is believed to be accurate, but is presented without any warranty of any kind, express or implied, except as provided in Tanium’s customer sales terms and conditions. Unless so otherwise provided, Tanium assumes no liability whatsoever, and in no event shall Tanium or its suppliers be liable for any indirect, special, consequential, or incidental damages, including without limitation, lost profits or loss or damage to data arising out of the use or inability to use this document, even if Tanium Inc. has been advised of the possibility of such damages. Any IP addresses used in this document are not intended to be actual addresses. Any examples, command display output, network topology diagrams, and other figures included in this document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Please visit https://docs.tanium.com for the most current Tanium product documentation. This documentation may provide access to or information about content, products (including hardware and software), and services provided by third parties (“Third Party Items”). With respect to such Third Party Items, Tanium Inc. and its affiliates (i) are not responsible for such items, and expressly disclaim all warranties and liability of any kind related to such Third Party Items and (ii) will not be responsible for any loss, costs, or damages incurred due to your access to or use of such Third Party Items unless expressly set forth otherwise in an applicable agreement between you and Tanium.
    [Show full text]
  • Introduction to Computer Networking
    www.PDHcenter.com PDH Course E175 www.PDHonline.org Introduction to Computer Networking Dale Callahan, Ph.D., P.E. MODULE 7: Fun Experiments 7.1 Introduction This chapter will introduce you to some networking experiments that will help you improve your understanding and concepts of networks. (The experiments assume you are using Windows, but Apple, Unix, and Linux systems will have similar commands.) These experiments can be performed on any computer that has Internet connectivity. The commands can be used from the command line using the command prompt window. The commands that can be used are ping, tracert, netstat, nslookup, ipconfig, route, ARP etc. 7.2 PING PING is a network tool that is used on TCP/IP based networks. It stands for Packet INternet Groper. The idea is to verify if a network host is reachable from the site where the PING command issued. The ping command uses the ICMP to verify if the network connections are intact. When a PING command is issued, a packet of 64 bytes is sent to the destination computer. The packet is composed of 8 bytes of ICMP header and 56 bytes of data. The computer then waits for a reply from the destination computer. The source computer receives a reply if the connection between the two computers is good. Apart from testing the connection, it also gives the round trip time for a packet to return to the source computer and the amount of packet loss [19]. In order to run the PING command, go to Start ! Run and in the box type “cmd”.
    [Show full text]
  • An Introduction to DNS and DNS Tools
    An Introduction to DNS and DNS Tools http://0-delivery.acm.org.innopac.lib.ryerson.ca/10.1145/380000/374803... An Introduction to DNS and DNS Tools Neil Anuskiewicz Abstract The explosive growth of the Internet was made possible, in part, by DNS. The domain name system (DNS) hums along behind the scenes and, as with running water, we largely take it for granted. That this system just works is a testament to the hackers who designed and developed DNS and the open-source package called Bind, thereby introducing a scalable Internet to the world. Before DNS and Bind, /etc/hosts was the only way to translate IP addresses to human-friendly hostnames and vice versa. This article will introduce the concepts of DNS and three commands with which you can examine DNS information: host, dig and nslookup. The DNS is a distributed, hierarchical database where authority flows from the top (or root) of the hierarchy downward. When Linux Journal registered linuxjournal.com, they got permission from an entity that had authority at the root or top level. The Internet Corporation for Assigned Names and Numbers (ICANN) and a domain name registrar, transferred authority for linuxjournal.com to Linux Journal, which now has the authority to create subdomains such as embedded.linuxjournal.com, without the involvement of ICANN and a domain name registrar. When trying to understand the structure of the DNS, think of an inverted tree--the very structure of the UNIX filesystem. Each branch of the tree is within a zone of authority; more than one branch of this tree can be within a single zone.
    [Show full text]
  • Linux for HPC Timothy H
    Linux for HPC Timothy H. Kaiser, Ph.D. Spring 2014 "1 Linux for HPC • Overview • File system (more details next slide) • Logging in • ssh • Some tools for doing ssh • What happens • Environment • what it effects • how it gets set • how to change it • modules "2 Files Linux, more details • The file system • moving around • listing • hidden files • “wildcards” • deleting • creating/removing directories • creating files • touch • edit • pipe • redirect "3 Editing • gedit (GUI) • gvim (GUI) • emacs (GUI) • nano • Remote editing • Not covered • vi • emacs "4 Creating programs • compilers • make • configure • cmake "5 Advanced ssh • Setting up keys • .ssh/config file • alias • Specific configurations • Tunneling • External tunneling "6 HPC and Parallel Programming • What is it? • How do you run parallel "7 Not covered… • Running HPC applications • Shell programming… • See: http://geco.mines.edu/scripts/ • This needs to be updated for our current system • Skip everything between “Running Bash Scripts” and “Redirection” "8 Let's get going... "9 Operating Systems • What is an operating system • What a user uses to use the computer • It is the interface between a user and the computer • Controls the computer • Presents “stuff” to the user • Interface • GUI • Text • Voice/Sound "10 From Unix to Linux • The Unix operating system was conceived and implemented by Ken Thompson and Dennis Ritchie (both of AT&T Bell Laboratories) in 1969 and first released in 1970. • The History of Linux began in 1991 with the commencement of a personal project by a Finnish student, Linus Torvalds, to create a new free operating system kernel. • Linux has been ported to all major platforms and its open development model has led to an exemplary pace of development.
    [Show full text]
  • Pursue the Attackers - Identify and Investigate Lateral Movement Based on Behavior Pattern
    Pursue the Attackers - Identify and Investigate Lateral Movement Based on Behavior Pattern - Shusei Tomonaga (JPCERT/CC) Keisuke Muda (Internet Initiative Japan Inc.) Self-introduction Shusei Tomonaga Analysis Center at JPCERT/CC Malware analysis, Forensics investigation. Written up posts on malware analysis and technical findings on this blog and Github. —http://blog.jpcert.or.jp/ —https://github.com/JPCERTCC/aa-tools 1 Copyright ©2017 JPCERT/CC All rights reserved. Self-introduction Keisuke Muda Internet Initiative Japan Inc. (IIJ) Analyst, Security Operation Center, Security Business Department, Advanced Security Division As a member of IIJ SOC, primarily working on: —Analysis of logs sent from customers’ networks —Research/Analysis of software vulnerabilities —Enhancement of IIJ SOC service and the service infrastructure 2 Copyright ©2017 JPCERT/CC All rights reserved. Challenge of Incident Response • Many hosts need to be investigated for APT Incident Response • Logs required for investigation are not always recorded • Difficult to detect Lateral Movement 3 Copyright ©2017 JPCERT/CC All rights reserved. Approach If you know what logs are recorded with the lateral movement tools, IR will be easier. For lateral movement, a limited set of tools are used in many different incidents. There are some common patterns in the lateral movement methods. 4 Copyright ©2017 JPCERT/CC All rights reserved. This Presentation Topics Overview of APT Incident and 1 Lateral Movement Tools Used by Attackers for 2 Lateral Movement 3 Tracing Attacks Analysis of Tools Used by 4 Attackers 5 Copyright ©2017 JPCERT/CC All rights reserved. Overview of APT Incident and 1 Lateral Movement Tools Used by Attackers for 2 Lateral Movement 3 Tracing Attacks Analysis of Tools Used by 4 Attackers 6 Copyright ©2017 JPCERT/CC All rights reserved.
    [Show full text]
  • You Can't Do That with Nslookup: a DNS(SEC) Troubleshooting Tutorial
    You can’t do that with nslookup: A DNS(SEC) troubleshooting tutorial Michael Sinatra Energy Sciences Network NANOG 53 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science What this tutorial is about • Learning how to use advanced tools to troubleshoot DNS and DNSSEC issues. • dig • dnscap/nmsg • dnsviz • others • Understanding DNS and DNSSEC pitfalls and where you can get into trouble. • Understanding how DNSSEC complicates the DNS picture. • Learning how basic troubleshooting techniques can help you solve complex problems. Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science What this tutorial is not about • An introduction to DNS. • An introduction to DNSSEC. (See Matt Larson’s excellent DNSSEC tutorial from NANOG 51 or earlier today.) • A commentary on the “complexity” of DNSSEC and why we should throw up our arms and run away (we definitely shouldn’t). • A discussion of DNS and/or DNSSEC implementations, and/or of automation tools for DNSSEC. • I assume a working knowledge of DNS, and also of UNIX, its command line, and how to install and/or compile packages in your favorite modern UNIX variant. Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science Why? • You’re here, so you probably have an answer in your head. • In most organizations DNS is a part-time job. • Sometimes it barely works. • Sometimes it doesn’t really work but there’s nobody to fix it. • Even if your organization has a competent DNS person, your users have to get to other people’s resources. • Ever hear the complaint “I can resolve www.foo.com from {home, $ISP, $other_company} but not here.
    [Show full text]
  • Part I - Gathering WHOIS Information
    Part I - Gathering WHOIS Information Exercise 1: command-line WHOIS queries: in the following exercise you will use a Linux system to perform WHOIS lookups from a command-line. This requires outbound TCP port 43 access. As mentioned in the lecture discussion, ICANN is the authoritative registry for all top-level domains (TLDs) and is a great starting point for all manual WHOIS queries. NOTE: in practice, the Internet Assigned Numbers Authority (IANA) handles the day-to-day operations, which is located online at www.iana.org. 1. Start your BackTrack VM 2. Make sure you are connected to the Internet 3. Open a Linux shell 4. At the prompt, type the following (only type what's in bold): user1@bt:~$ whois net -h whois.iana.org | less Syntax breakdown: whois: command name net: search the .net TLD -h whois.iana.org: connect to server whose hostname is whois.iana.org (which is the authoritative registry for all TLDs) | less: send the output to the less paging program so you can view the results one page at a time. Use your up/down arrows to scroll text on the screen. 5. Who is the authoritative registry for .net? What is their WHOIS server domain name? 6. At the Linux prompt, type the following (only type what's in bold): user1@bt:~$ whois intermedia.net -h whois.verisign-grs.com | less Syntax breakdown: whois: command name intermedia.net: target domain you’re interested in finding out registrar information on -h whois.verisign-grs.com: connect to server whose hostname is VeriSign Global Registry Services (which is VeriSign's WHOIS server) | less: send the output to the less paging program so you can view the results one page at a time 7.
    [Show full text]
  • IP/Networking Commands
    IP/Networking Commands There are a lot of IP commands with short descriptions listed here but you should only need the ones mentioned here at the top of the page to diagnose and configure your network. C:>ping C:>ipconfig C:>ipconfig /all C:>ipconfig /release C:>ipconfig /renew C:\>nbtstat –a Remember when typing from the command prompt you can only type one command per line, and press Enter after each one to execute it. C:\>arp –a: is short for address resolution protocol, It will show the IP address of your computer along with the IP address and MAC address of your router. C:\>hostname: This is the simplest of all TCP/IP commands. It simply displays the name of your computer. C:\>ipconfig: The ipconfig command displays information about the host (the computer your sitting at)computer TCP/IP configuration. C:\>ipconfig /all: This command displays detailed configuration information about your TCP/IP connection including Router, Gateway, DNS, DHCP, and type of Ethernet adapter in your system. C:\>Ipconfig /renew: Using this command will renew all your IP addresses that you are currently (leasing) borrowing from the DHCP server. This command is a quick problem solver if you are having connection issues, but does not work if you have been configured with a static IP address. C:\>Ipconifg /release: This command allows you to drop the IP lease from the DHCP server. C:\>ipconfig /flushdns: This command is only needed if you’re having trouble with your networks DNS configuration. The best time to use this command is after network configuration frustration sets in, and you really need the computer to reply with flushed.
    [Show full text]
  • LINUX Commands
    LINUX Commands alias Create an alias apropos Search Help manual pages (man -k) awk Find and Replace text, database sort/validate/index break Exit from a loop builtin Run a shell builtin bzip2 Compress or decompress named file(s) cal Display a calendar case Conditionally perform a command cat Display the contents of a file cd Change Directory cfdisk Partition table manipulator for Linux chgrp Change group ownership chmod Change access permissions chown Change file owner and group chroot Run a command with a different root directory cksum Print CRC checksum and byte counts clear Clear terminal screen cmp Compare two files comm Compare two sorted files line by line command Run a command - ignoring shell functions continue Resume the next iteration of a loop cp Copy one or more files to another location cron Daemon to execute scheduled commands crontab Schedule a command to run at a later time csplit Split a file into context-determined pieces cut Divide a file into several parts date Display or change the date & time dc Desk Calculator dd Data Dump - Convert and copy a file ddrescue Data recovery tool declare Declare variables and give them attributes df Display free disk space diff Display the differences between two files diff3 Show differences among three files dig DNS lookup dir Briefly list directory contents dircolors Colour setup for `ls' dirname Convert a full pathname to just a path dirs Display list of remembered directories du Estimate file space usage echo Display message on screen egrep Search file(s) for lines that match an
    [Show full text]