DOCSLIB.ORG

Security Testing Stanford CS155 Lecture

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Testing Stanford CS155 Lecture Network Security Testing CS 155 Elie Bursztein Why testing security • Get a snapshot of the current security • Evaluate the capacity to face intrusion • Test backup plan !""#$$%&'(%)*#+%,%*-./0123.40-%.0%.56%!76-%"02/36%"632/4.8%#69.4-:%$6.5010;0:8%$<-2<; &'%=2:29.%>((? !"#$%&'(#)%"*#%*#+,*-../00 !"# $$$%&#$$' $ ()*+,# $ (#,*+-./ $ !#0.-'1 $ 2#.")3)4)1/ $ 25'*54$ 6%((!227$ &+)8-3#0 $ 5 $ 9#.")3)4)1/$ :)+$ 5$ .")+)*1" $0#,*+-./ $.#0.; $ "#+#$ $ +#:#++#3$ .) $ 50 $5' $%((!22$ 5*3-.< $ $='$ %((!22 $5*3-. $-0 $5' $ 5,,*+5.#$ 9#50*+#9#'.$):$0#,*+-./$5.$5'$)&#+5.-)'54$4#8#4$."5.$-0$,4#5+$):$500*9&.-)'0$5'3$5'#,3).54$#8-3#',#<$ =0$5$9#.")3)4)1/$-.$-0$3#0-1'#3$.)$>#$,)'0-0.#'.$5'3$+#&#5.5>4#<$$$=0$5'$)&#'$0)*+,#$9#.")3)4)1/;$-.$ 544)?0$:)+$:+##$3-00#9-'5.-)'$):$-':)+95.-)'$5'3$-'.#44#,.*54$&+)&#+./<$ (-',#$-.0$0.5+.$5.$."#$#'3$):$@AAA;$."#$%((!22$B*-,C4/$1+#?$$.)$#',)9&500$544$0#,*+-./$,"5''#40$?-."$."#$ 5&&4-#3$#D&#+-#',#$):$.")*05'30$):$+#8-#?#+0<$E/$@AAF;$."#$%((!22$?50$')$4)'1#+$$,)'0-3#+#3$G*0.$5'$ #."-,54$"5,C-'1$:+59#?)+C<$H.$"53$>#,)9#$5$9#.")3)4)1/$.)$500*+#$0#,*+-./$?50$>#-'1$3)'#$+-1".$5.$ ."#$)&#+5.-)'54$4#8#4<$ $=0$5*3-.0$>#,59#$95-'0.+#59;$."#$'##3$:)+$5$0)4-3$9#.")3)4)1/$>#,59#$ ,+-.-,54<$$H'$@AAI;$."#$%((!22$,"5'1#3$:+)9$3#:-'-'1$.#0.0$>50#3$)'$0)4*.-)'0$0*,"$50$$:-+#?544$.#0.0$5'3$ +)*.#+$.#0.0$.)$$5$0.5'35+3$:)+$.")0#$?")$'##3#3$5$+#4-5>4#$0#,*+-./$.#0.$+5."#+$."5'$G*0.$5$,)9&4-5',#$ +#&)+.$$:)+$5$0&#,-:-,$+#1*45.-)'$)+$4#1-045.-)'< J-." $ K#+0-)' $ L; $ ."# $ %((!22 $ #',)9&500#0 $ .#0.0 $ :+)9 $ 544 $ ,"5''#40 $ M $ N*95' $ ; $ O"/0-,54; $ J-+#4#00;$ !#4#,)99*'-,5.-)'0; $ 5'3 $ P5.5 $ Q#.?)+C0< $ =$ 0#. $ ): $ 0#,*+-./ $ 9#.+-,0; $ ,544#3$ R-0C $ =00#009#'. $ K54*#0$ 6R=K07;$ &+)8-3# $ 5 $ &)?#+:*4 $ .))4 $ ."5. $ ,5' $ &+)8-3# $ 5 $ 1+5&"-,54 $ +#&+#0#'.5.-)' $ ): $ 0.5.#; $ 5'3 $ 0")?$ ,"5'1#0$-'$0.5.#$)8#+$.-9#<$!"-0$-'.#1+5.#0$?#44$?-."$5$S350">)5+3S$:)+$95'51#9#'.$5'3$-0$>#'#:-,-54$ :)+$>)."$-'.#+'54$5'3$#D.#+'54$.#0.-'1;$544)?-'1$5$,)9&5+-0)'T,)9>-'5.-)'$):$."#$.?)<$ $U*5'.-.5.-8#$ R-0C$25'51#9#'.$,5'$>#$3)'#$:+)9$."#$%((!22$=*3-.$+#&)+.$:-'3-'10;$&+)8-3-'1$5$9*,"$-9&+)8#3$ +#0*4.$3*#$.)$$9)+#$5,,*+5.#;$#++)+$:+##$+#0*4.0<$!"#$%((!22$-',4*3#0$-':)+95.-)'$:)+$&+)G#,.$&45''-'1;$ B*5'.-:/-'1$+#0*4.0;$5'3$."#$+*4#0$):$#'151#9#'.$:)+$&#+:)+9-'1$0#,*+-./$5*3-.0<$$!"#$9#.")3)4)1/$,5'$ >#$#50-4/$-'.#1+5.#3$?-."$#D-0.-'1$45?0$5'3$&)4-,-#0$.)$500*+#$5$.")+)*1"$0#,*+-./$5*3-.$."+)*1"$544$ ,"5''#40< H.$-0$+#,)99#'3#3$."5.$/)*$+#53$."+)*1"$."#$%((!22$)',#$,)9&4#.#4/$>#:)+#$&*..-'1$-.$-'.)$&+5,.-,#<$ H.$5-90$.)$>#$5$0.+5-1".M:)+?5+3$.))4$:)+$."#$-9&4#9#'.5.-)'$5'3$3),*9#'.5.-)'$):$5$0#,*+-./$.#0.<$ V*+."#+$500-0.5',#$:)+$.")0#$?")$'##3$"#4&$-'$*'3#+0.5'3-'1$5'3$-9&4#9#'.-'1$."-0$9#.")3)4)1/$-0$ 585-45>4#$5.$."#$H(WX%2$?#>0-.#<$$ SCOPE 1'$2%3, !"#$&+-95+/$&*+&)0#$):$."-0$95'*54$-0$.)$&+)8-3#$5$ 0,-#'.-:-, $ 9#.")3)4)1/ $ :)+ $ ."# $ 5,,*+5.#$ ,"5+5,.#+-Y5.-)' $ ): $ 0#,*+-./ $ ."+)*1" $ #D59-'5.-)'$ 5'3$,)++#45.-)'$):$.#0.$+#0*4.0$-'$5$,)'0-0.#'.$5'3$ +#4-5>4#$?5/<$ $!"-0$95'*54$-0$535&.5>4#$.)$549)0.$ 5'/$5*3-.$./&#;$-',4*3-'1$&#'#.+5.-)'$.#0.0;$#."-,54$ "5,C-'1; $ 0#,*+-./ $ 500#009#'.0; $ 8*4'#+5>-4-./$ 500#009#'.0; $ +#3M.#59-'1; $ >4*#M.#59-'1; $ 5'3 $ 0)$ :)+."<$H.$-0$?+-..#'$50$5$0#,*+-./$+#0#5+,"$3),*9#'.$ 5'3 $ -0 $ 3#0-1'#3 $ :)+ $ $ :5,.*54 $ 0#,*+-./ $ 8#+-:-,5.-)'$ 5'3$&+#0#'.5.-)'$):$9#.+-,0$)'$5$&+):#00-)'54$4#8#4<$ OSSTMM !!%@/6<.4A6%@0BB0-9%>'C%=../4D2.40-EF0-@0BB6/34<;EF0G6/4A9%>((HE>((?I%*"+@!$ !""#$$%@6/.4J43<.40-%J0/%=214.0/9I%=-<;89.9I%<-1%"632/4.8%K/0J69940-<;9%,%LLL'49630B'0/:I%LLL'099.BB'0/: % Results • Date /type • Duration • Auditor and analyst associated • Test type • Scope • Test index • Channel test • Test vector • Verified test and metrics calculations of the operational protection levels, loss controls, and security limitations • Knowledge of which tests have been completed, not completed, or only partially completed, and to what extent • Any issues regarding the test and the validity of the results • Test error margins • Any processes which influence the security limitations • Any unknowns or anomalies • !""#$$%&'(%)*#+%,%*-./0123.40-%.0%.56%!76-%"02/36%"632/4.8%#69.4-:%$6.5010;0:8%$<-2<; &'%=2:29.%>((? !"#$%&'()* !"#$%&'()*+&,+ +'%&-(#*(.+ +/&.0+'+,*.+"1+-*(*2'%+$"%&)&*,3+/0*2*+ +.0*+.4$*+"1+)"#$%&'()*+2*56&2*7+ 7*$*(7,+6$"(+.0*+2*-&"(+'(7+)622*(.%4+26%&(-+-"8*2(#*(.3+&(76,.24+'(7+96,&(*,,+.4$*,3+'(7+,6$$"2.&(-+ %*-&,%'.&"(:++!"#$%&'()*++&,+)"#$6%,"24;+0"/*8*23+',+/&.0+'(4+".0*2+.02*'.3+'+2&,<+',,*,,#*(.+#6,.+9*+ #'7*+/0*.0*2+"2+(".+."+&(8*,.+&(+'(4+.4$*+"1+)"#$%&'()*:+ +=1.*(3+ +)"#$%&'()*+&,+(".+',+9%')<+'(7+ /0&.*+',+&.+'$$*'2,+."+9*:++>0*+=??>@@+2*)"-(&A*,+.02**+.4$*,+"1+)"#$%&'()*B C: D*-&,%'.&"(:+ +!"#$%&'()*+/&.0+%*-&,%'.&"(+&,+&(+'))"27'()*+."+.0*+2*-&"(+/0*2*+.0*+%*-&,%'.&"(+ )'( + 9* + *(1"2)*7: + >0* + ,.2*(-.0 + '(7 + )"##&.#*(. + ." + .0* + %*-&,%'.&"( + )"#*, + 12"# + $2*8&"6,%4+ ,6))*,,16%+%*-'%+'2-6#*(.,+'(7+'$$2"$2&'.*%4+,*.+'(7+E6,.+*(1"2)*#*(.+#*',62*,:+F'&%62*+."+ )"#$%4+/&.0+%*-&,%'.&"(+#'4+%*'7+."+)2&#&('%+)0'2-*,: G: H*-6%'.&"(:+ +!"#$%&'()*+."+2*-6%'.&"(+&,+&(+'))"27'()*+."+.0*+&(76,.24+"2+/&.0&(+.0*+-2"6$+ /0*2*+.0*+2*-6%'.&"(+)'(+9*+*(1"2)*7:++F'&%62*+."+)"#$%4+/&.0+*,.'9%&,0*7+2*-6%'.&"(,++"1.*(+ %*'7,+."+7&,#&,,'%+12"#+.0*+-2"6$3+'+%",,+"1+$2&8&%*-*,3+'+#"(*.'24+1&(*3+)&8&%+)0'2-*,3+'(7+&(+,"#*+ )',*,+/0*2*+%*-&,%'.&"(+*I&,.,+."+,6$$"2.+.0*+2*-6%'."24+9"743+)2&#&('%+)0'2-*,: J: K"%&)4:+!"#$%&'()*+."+$"%&)4+&,+&(+'))"27'()*+."+.0*+96,&(*,,+"2+"2-'(&A'.&"(+/0*2*+.0*+$"%&)4+ )'(+9*+*(1"2)*7:++F'&%62*+."+)"#$%4+/&.0+$"%&)4++"1.*(+%*'7,+."+7&,#&,,'%+12"#+.0*+"2-'(&A'.&"(3+ '+%",,+"1+$2&8&%*-*,3+'+#"(*.'24+1&(*3+)&8&%+)0'2-*,3+'(7+&(+,"#*+)',*,+/0*2*+%*-&,%'.&"(+*I&,.,+."SCOPE + ,6$$"2.+.0*+$"%&)4+#'<*2,3+)2&#&('%+)0'2-*,: OSSTMM >0*+=??>@@+&,+7*8*%"$*7+/&.0+)"()*2(+1"2+#'E"2+%*-&,%'.&"(+'(7+2*-6%'.&"(,:++L,+(".+'%%+)"#$%&'()*+&,+ )2*'.*7+*56'%%43+.0*+#'&(+1")6,+"1+.0*+=??>@@+&,+,*)62&.4:++D*-&,%'.&"(+'(7+2*-6%'.&"(+.0'.+7*.'&%+.0*+ $62)0',&(-+"1+,$*)&1&)+$2"76).,+"2+,*28&)*,3+"1.*(+.02"6-0+,$*)&'%%4+%"99&*7+*11"2.,3+#'4+0'8*+-""7+ &(.*(.&"(,;+0"/*8*23+.0*+=??>@@+)'((".+7&2*).%4+#**.+.0*,*+$'2.&)6%'2+2*56&2*#*(.,:+ +L,+%*-&,%'.&"(+ '(7+2*-6%'.&"(+#'4+9*+'67&.*7+*&.0*2+6(7*2+.0*+%*..*2+"1+.0*+%'/+"2+.0*+,$&2&.+"1+.0*+%'/3+7*$*(7&(-+ 6$"(+.0*+'67&.&(-+9"743+$2""1+$2"$*2+'(7+8'%&7+"$*2'.&"('%+$2".*).&"(+'(7+)"(.2"%,+,6)0+.0'.+',+)'(+ !!%@/6<.4A6%@0BB0-9%>'C%=../4D2.40-EF0-@0BB6/34<;EF0G6/4A9%>((HE>((?I%*"+@!$ !""#$$%@6/.4J43<.40-%J0/%=214.0/9I%=-<;89.9I%<-1%"632/4.8%K/0J69940-<;9%,%LLL'49630B'0/:I%LLL'099.BB'0/: %% !""#$$%&'(%)*#+%,%*-./0123.40-%.0%.56%!76-%"02/36%"632/4.8%#69.4-:%$6.5010;0:8%$<-2<; &'%=2:29.%>((? !"#$%&'()*"+')*(,"+ !"#$%&'() *+#,('-./*',*0-*%12&#330*(#&1*(4 *#-$4150,,*033*64&1,*0-7*,()3#,*46*,#$%&'()*(#,(, *6&41*(8#* '-(&%,'4-**(4*(8#*80-7,94-*0%7'(:**+8#*0553'$0('4-*46*(8#*1#(847434.)*6&41*(8',*10-%03*;'33*-4(*7#(#&* 6&41*(8#*$84,#-*()5#*46*(#,('-.:**Security Test Type OSSTMM <4;#=#&> * 0, * 0 * ,(0-70&7> * (8', * 1#(847434.) * ', * -4( * (4 * 2# * 64334;#7 * !4669(8#9,8#36/: * * ?&0$('$03* '153#1#-(0('4-*46*(8#*@""+AA*&#B%'&#,*7#6'-'-.*'-7'='7%03*(#,('-.*5&0$('$#,*(4*1##(*(8#*&#B%'&#1#-(,* 7#6'-#7*8#&#:**+8',*1#0-,*(80(*#=#-*;8#-*64334;'-.*(8',*1#(847434.)>*)4%&*0553'$0('4-*46*'(*0-7*)4%&* (#$8-'B%#*;'33*&#63#$(*(8#*()5#*46*(#,(*)4%*80=#*$84,#-:**+#,(*()5#,*10)*2#>*2%(*0&#-C(*3'1'(#7*(4>*4-#*46* (8#,#*,'D*$4114-*()5#,E +8#*0%7'(4&*#-.0.#,*(8#*(0&.#(*;'(8*-4*5&'4&*F-4;3#7.#*46*'(,*7#6#-,#,>*0,,#(,>* 4&*$80--#3,:**+8#*(0&.#(*',*5&#50&#7*64&*(8#*0%7'(>*F-4;'-.*'-*07=0-$#*033*(8#* 7#(0'3,*46*(8#*0%7'(:* *G*23'-7*0%7'(*5&'10&'3)*(#,(,*(8#*,F'33,*46*(8#*0%7'(4&:* *+8#* - ./&01 2&#07(8 * 0-7 * 7#5(8 * 46 * 0 * 23'-7 * 0%7'( * $0- * 4-3) * 2# * 0, * =0,( * 0, * (8# * 0%7'(4&C,* 0553'$023#*F-4;3#7.#*0-7*#66'$'#-$)*0334;,:**H-*I@A"JI*0-7*"?JI"JI>*(8',*',* 46(#- * &#6#&&#7 * (4 * 0, * J(8'$03 * <0$F'-. * 0-7 * '- * 4(8#& * ?<K""JI * 0-7 * <LA"JI* $80--#3,>*(8',*',*.#-#&033)*,$&'5(#7*0,*M0&*N01'-.*4&*O43#*?30)'-.: +8#*0%7'(4&*#-.0.#,*(8#*(0&.#(*;'(8*-4*5&'4&*F-4;3#7.#*46*'(,*7#6#-,#,>*0,,#(,>* 4&*$80--#3,:**+8#*(0&.#(*',*-4(*-4('6'#7*'-*07=0-$#*46*(8#*,$45#*46*(8#*0%7'(>*(8#* $80--#3,*(#,(#7>*4&*(8#*(#,(*=#$(4&,:**G*74%23#*23'-7*0%7'(*(#,(,*(8#*,F'33,*46*(8#* 2 34$5/")./&01 0%7'(4&*0-7*(8#*5&#50&#7-#,,*46*(8#*(0&.#(*(4*%-F-4;-*=0&'023#,*46*0.'(0('4-:* +8#*2&#07(8*0-7*7#5(8*46*0*23'-7*0%7'(*$0-*4-3)*2#*0,*=0,(*0,*(8#*0%7'(4&C,* 0553'$023#*F-4;3#7.#*0-7*#66'$'#-$)*0334;,:**+8',*',*03,4*F-4;-*0,*0*P30$F*P4D* G%7'(*4&*?#-#(&0('4-*+#,(:** !!%@/6<.4A6%@0BB0-9%>'C%=../4D2.40-EF0-@0BB6/34<;EF0G6/4A9%>((HE>((?I%*"+@!$ !""#$$%@6/.4J43<.40-%J0/%=214.0/9I%=-<;89.9I%<-1%"632/4.8%K/0J69940-<;9%,%LLL'49630B'0/:I%LLL'099.BB'0/: %& Channel • Physsec • Human • Physical • SPECSEC • Wireless communication • COMSEC • Data networks • Telecommunication OSSTMM Hacker Skill Level T 1 Tier 2 Tier 3 Network techniques toolbox • Network scouting • Os fingerprinting • Vulnerability scanner • Network trace analysis Network scouting Scouting toolbox • Unix standard tools • Nmap (“Network Mapper”) • Free and open source • Leading network scanner Why scouting is important ? • Scouting is the first step • You can’t attack what you don’t know Scouting Process overview Hosts Ports Services Vulnerabilities Topological Mapping DNS info Ping Traceroute Firewalking Whois Domain Name: STANFORD.EDU Registrant: Stanford University The Board of Trustees of the Leland Stanford Junior University 241 Panama Street, Pine Hall, Room 115 Stanford, CA 94305-4122 UNITED STATES Whois Administrative Contact: Domain Admin Stanford University 241 Panama Street Pine Hall, Room 115 Stanford, CA 94305-4122 UNITED STATES (650) 723-4328 [email protected] Whois Name Servers: ARGUS.STANFORD.EDU 171.64.7.115 AVALLONE.STANFORD.EDU 171.64.7.88 ATALANTE.STANFORD.EDU 171.64.7.61 AERATHEA.STANFORD.EDU 152.3.104.250 Digging DNS record • Dig stanford.edu • ;; ANSWER SECTION: • stanford.edu.
Load more

Recommended publications
  • Informational Internet Relay
    Network Working Group C. Kalt Request for Comments: 2813 April 2000 Updates: 1459 Category: Informational Internet Relay Chat: Server Protocol Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. Abstract While based on the client-server model, the IRC (Internet Relay Chat) protocol allows servers to connect to each other effectively forming a network. This document defines the protocol used by servers to talk to each other. It was originally a superset of the client protocol but has evolved differently. First formally documented in May 1993 as part of RFC 1459 [IRC], most of the changes brought since then can be found in this document as development was focused on making the protocol scale better. Better scalability has allowed existing world-wide networks to keep growing and reach sizes which defy the old specification. Kalt Informational [Page 1] RFC 2813 Internet Relay Chat: Server Protocol April 2000 Table of Contents 1. Introduction ............................................... 3 2. Global database ............................................ 3 2.1 Servers ................................................ 3 2.2 Clients ................................................ 4 2.2.1 Users ............................................. 4 2.2.2 Services .......................................... 4 2.3 Channels ..............................................
    [Show full text]
  • Ubuntu Server Guide Ubuntu Server Guide Copyright © 2010 Canonical Ltd
    Ubuntu Server Guide Ubuntu Server Guide Copyright © 2010 Canonical Ltd. and members of the Ubuntu Documentation Project3 Abstract Welcome to the Ubuntu Server Guide! It contains information on how to install and configure various server applications on your Ubuntu system to fit your needs. It is a step-by-step, task-oriented guide for configuring and customizing your system. Credits and License This document is maintained by the Ubuntu documentation team (https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see the contributors page1 This document is made available under the Creative Commons ShareAlike 2.5 License (CC-BY-SA). You are free to modify, extend, and improve the Ubuntu documentation source code under the terms of this license. All derivative works must be released under this license. This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER. A copy of the license is available here: Creative Commons ShareAlike License2. 3 https://launchpad.net/~ubuntu-core-doc 1 ../../libs/C/contributors.xml 2 /usr/share/ubuntu-docs/libs/C/ccbysa.xml Table of Contents 1. Introduction ........................................................................................................................... 1 1. Support .......................................................................................................................... 2 2. Installation ............................................................................................................................
    [Show full text]
  • Botnets, Zombies, and Irc Security
    Botnets 1 BOTNETS, ZOMBIES, AND IRC SECURITY Investigating Botnets, Zombies, and IRC Security Seth Thigpen East Carolina University Botnets 2 Abstract The Internet has many aspects that make it ideal for communication and commerce. It makes selling products and services possible without the need for the consumer to set foot outside his door. It allows people from opposite ends of the earth to collaborate on research, product development, and casual conversation. Internet relay chat (IRC) has made it possible for ordinary people to meet and exchange ideas. It also, however, continues to aid in the spread of malicious activity through botnets, zombies, and Trojans. Hackers have used IRC to engage in identity theft, sending spam, and controlling compromised computers. Through the use of carefully engineered scripts and programs, hackers can use IRC as a centralized location to launch DDoS attacks and infect computers with robots to effectively take advantage of unsuspecting targets. Hackers are using zombie armies for their personal gain. One can even purchase these armies via the Internet black market. Thwarting these attacks and promoting security awareness begins with understanding exactly what botnets and zombies are and how to tighten security in IRC clients. Botnets 3 Investigating Botnets, Zombies, and IRC Security Introduction The Internet has become a vast, complex conduit of information exchange. Many different tools exist that enable Internet users to communicate effectively and efficiently. Some of these tools have been developed in such a way that allows hackers with malicious intent to take advantage of other Internet users. Hackers have continued to create tools to aid them in their endeavors.
    [Show full text]
  • Ubuntu Server Guide Ubuntu Server Guide Copyright © 2016 Contributors to the Document
    Ubuntu Server Guide Ubuntu Server Guide Copyright © 2016 Contributors to the document Abstract Welcome to the Ubuntu Server Guide! It contains information on how to install and configure various server applications on your Ubuntu system to fit your needs. It is a step-by-step, task-oriented guide for configuring and customizing your system. Credits and License This document is maintained by the Ubuntu documentation team (https://wiki.ubuntu.com/DocumentationTeam). A list of contributors is below. This document is made available under the Creative Commons ShareAlike 3.0 License (CC-BY-SA). You are free to modify, extend, and improve the Ubuntu documentation source code under the terms of this license. All derivative works must be released under this license. This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER. A copy of the license is available here: Creative Commons ShareAlike License1. Contributors to this document are: • Members of the Ubuntu Documentation Project2 • Members of the Ubuntu Server Team3 • Contributors to the Community Help Wiki4 • Other contributors can be found in the revision history of the serverguide5 and ubuntu-docs6 bzr branches available on Launchpad. 1 https://creativecommons.org/licenses/by-sa/3.0/ 2 https://launchpad.net/~ubuntu-core-doc 3 https://launchpad.net/~ubuntu-server 4 https://help.ubuntu.com/community/ 5 https://bazaar.launchpad.net/~ubuntu-core-doc/serverguide/trunk/changes 6 https://bazaar.launchpad.net/~ubuntu-core-doc/ubuntu-docs/trunk/changes Table of Contents 1.
    [Show full text]
  • Open Source Used in Cisco 910 Industrial Router 1.1
    Open Source Used In Cisco 910 Industrial Router 1.1 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Text Part Number: 78EE117C99-67490505 Open Source Used In Cisco 910 Industrial Router 1.1 1 This document contains licenses and notices for open source software used in this product. With respect to the free/open source software listed in this document, if you have any questions or wish to receive a copy of any source code to which you may be entitled under the applicable free/open source license(s) (such as the GNU Lesser/General Public License), please contact us at [email protected]. In your requests please include the following reference number 78EE117C99-67490505 Contents 1.1 bridge-utils 1.5 1.1.1 Available under license 1.2 busybox 1.20.2 1.2.1 Available under license 1.3 curl 7.32.0 1.3.1 Available under license 1.4 dhcp 4.1-ESV-R8 1.4.1 Available under license 1.5 ebtables v2.0.10-4 1.5.1 Available under license 1.6 eventlog 0.2.12 :1.el6 1.6.1 Available under license 1.7 expat 2.1.0 1.7.1 Available under license 1.8 flex 2.5.37 1.8.1 Available under license 1.9 glib 2.38.2 1.9.1 Available under license 1.10 hostapd 0.7.3 1.10.1 Available under license 1.11 iproute2 3.7.0 1.11.1 Available under license 1.12 ipsec-tools 0.8.0 1.12.1 Available under license 1.13 iptables 1.4.18 1.13.1 Available under license Open Source Used In Cisco 910 Industrial Router 1.1 2 1.14 ipv6calc 0.92.0
    [Show full text]
  • Static Security Analysis Based on Input-Related Software Faults
    Static security analysis based on input-related software faults Csaba Nagy Spiros Mancoridis Department of Software Engineering Department of Computer Science University of Szeged Drexel University Szeged, Hungary Philadelphia, USA [email protected] [email protected] Abstract scanning tool is available, it is difficult to locate security faults during a code review: in general, a good code review It is important to focus on security aspects during the can uncover around 50% of the security problems [9]. development cycle to deliver reliable software. However, This paper presents an approach to helping developers locating security faults in complex systems is difficult and locate faults that are related to security by identifying parts there are only a few effective automatic tools available to of the source code that involve user input. The focus is on help developers. In this paper we present an approach to the input-related parts of the source code, since attackers help developers locate vulnerabilities by marking parts of commonly exploit security vulnerabilities by passing mal- the source code that involve user input. We focus on input- formed input data to applications. Mishandling input data related code, since an attacker can usually take advantage can be a source of common security faults in many lan- of vulnerabilities by passing malformed input to the appli- guages that support pointer arithmetic such as C and C++. cation. The main contributions of this work are two metrics Examples of security faults are buffer overflows, format to help locate faults during a code review, and algorithms to string vulnerabilities, and integer overflows [19].
    [Show full text]
  • Strong Dependencies Between Software Components
    Specific Targeted Research Project Contract no.214898 Seventh Framework Programme: FP7-ICT-2007-1 Technical Report 0002 MANCOOSI Managing the Complexity of the Open Source Infrastructure Strong Dependencies between Software Components Pietro Abate ([email protected]) Jaap Boender ([email protected]) Roberto Di Cosmo ([email protected]) Stefano Zacchiroli ([email protected]) Universit`eParis Diderot, PPS UMR 7126, Paris, France May 24, 2009 Web site: www.mancoosi.org Contents 1 Introduction . .2 2 Strong dependencies . .3 3 Strong dependencies in Debian . .7 3.1 Strong vs direct sensitivity: exceptions . .9 3.2 Using strong dominance to cluster data . 11 3.3 Debian is a small world . 11 4 Efficient computation . 12 5 Applications . 13 6 Related works . 16 7 Conclusion and future work . 17 8 Acknowledgements . 18 A Case Study: Evaluation of debian structure . 21 Abstract Component-based systems often describe context requirements in terms of explicit inter-component dependencies. Studying large instances of such systems|such as free and open source software (FOSS) distributions|in terms of declared dependencies between packages is appealing. It is however also misleading when the language to express dependencies is as expressive as boolean formulae, which is often the case. In such settings, a more appropriate notion of component dependency exists: strong dependency. This paper introduces such notion as a first step towards modeling semantic, rather then syntactic, inter-component relationships. Furthermore, a notion of component sensitivity is derived from strong dependencies, with ap- plications to quality assurance and to the evaluation of upgrade risks. An empirical study of strong dependencies and sensitivity is presented, in the context of one of the largest, freely available, component-based system.
    [Show full text]
  • Irc: Why It Failed Irc: Why It Failed
    CADEY IRC: WHY IT FAILED IRC: WHY IT FAILED INTRODUCTION ▸ Cadey - https://christine.website/contact ▸ Xe on GitHub: https://github.com/Xe ▸ Former handles: Niichan, shadowh511, Xena ▸ Any opinions expressed in this talk are my own and not the opinions of any group I am affiliated with, including my employer. IRC: WHY IT FAILED IRC: INTERNET RELAY CHAT ▸ RFC 1459 ▸ Each message is an individual line of text, terminated by \r\n ▸ :source COMMAND par1 par2 parn :extended parameter ▸ IRCv3 adds tags @foo=bar ▸ Numerical status codes with error messages ▸ Vendor-dependent IRC: WHY IT FAILED IRC: INTERNET RELAY CHAT ▸ Clients joining and parting channels and servers didn't have much state ▸ Server to server links didn't have much state either ▸ ChanServ / NickServ + ircd improvements to hack around it ▸ Users had to manually log in with additional client configuration that differed by network IRC: WHY IT FAILED SERVER TO SERVER LINKING IRC: WHY IT FAILED SERVER TO SERVER LINKING ▸ When the connection between any two irc daemons hiccups or resets for any reason, the other side instantly gives up and removes all of the information about all of the clients and channels that server had ▸ The server network "splits" into two networks until it heals. ▸ Netsplit ▸ Most IRC daemons have nondeterministic linking protocols IRC: WHY IT FAILED EXAMPLE SESSION (EDITED FOR BREVITY) > NICK NotCadey > USER Cadey * * :Cadey Orca < :luna.local 001 NotCadey :Welcome to the Internet Relay Network NotCadey! < :luna.local 002 :Your host is luna.local < :luna.local
    [Show full text]
  • IRC Jenisch, Morocutti
    WAP / IRC Jenisch, Morocutti IRC - Internet Relay Chat Protocol, Communication, Applications Jenisch Alexander Morocutti Nikolaus [email protected] [email protected] Previous Page Quit Full Screen Next Page WAP / IRC Jenisch, Morocutti Introduction • Facts. • How it works. • IRC specifiaction. • Communication. • Messages Details. • Applications. Previous Page Quit Full Screen Next Page WAP / IRC Jenisch, Morocutti Facts • IRC provides a way of communicating in real time with people from all over the world. • Consists of various separate networks of IRC servers. • The largest nets are EFnet (the original IRC net), Undernet, IRCnet, DALnet, and Quakenet. • Jarkko Oikarinen, Department of Information Processing Science in University of Oulu (finnland) 1988. • Based on TCP/IP. Previous Page Quit Full Screen Next Page WAP / IRC Jenisch, Morocutti How it works Generally, the user runs a program to connect to a server on one of the IRC nets, and the server relays information to and from other servers on the same net. Once connected to an IRC server on an IRC network, you can join one or more channels and converse with others. Conversations may be public (where everyone in a channel can see what you type) or private (messages between only two people). • Channels: A channel is a named group of one or more clients which will all receive messages addressed to that channel. Channel names usually begin with a ’#’, and are registered in the channel list of the irc net. • Nicknames: Each user is known on IRC by a unique nick. • Channel ops: Channels are controlled by channel operators, or just ’ops’ for short, who can control the channel by choosing who may join (by ’banning’ some users), who must leave (by ’kicking’ them out), and even who may speak (by making the channel ’moderated’)! • IRC ops: IRC ops manage the servers themselves.
    [Show full text]
  • Making Your Own Botnet – Premium Noob Proof 100% Working Guide by D00MR4ZR
    Making Your Own Botnet – Premium Noob Proof 100% Working Guide By D00MR4ZR Hello and thanks on purchasing this e-book fellow hackers, I want to greet you and teach you how to become a professional through easy to follow steps on making a network of infected computers. First you need to get a server, and we will start with getting a Virtual Private Server which are cheap and good for starters. To start go here: http://www.joinvps.com/vps_hosting And order desired VPS. After your order has been done you will need to install IRCd on your server. To do that you must connect to your server via Putty which you can get here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Also in the JoinVPS Control Panel, access the server via ISP Manager and follow the wizard for choosing the root password, you can see about that in text which follows. ISPmanager ISPmanager Lite control panel works from the Internet browser and gives the great range of opportunities for Virtual hosting accounts and the full servers control. Due to the Multi-level access system, each user who has an account on your VPS hosting, will have his own options set in ISPmanager Lite. User-friendly interface will help you to control your servers easily. Buying our Virtual Private Server, you will get access to ISPmanager Lite. Just log in with your user name and password, and you will see that Video channel everything was made for your comfort. Documentation Forum The Multi-level access system allows every user access to the functions he/she needs.
    [Show full text]
  • IRC: the Internet Relay Chat
    IRC: The Internet Relay Chat Tehran Linux Users Group Overview ● What is IRC? ● A little bit of “How it all began?” ● Yet another Client/Server model ● RFC-1459 ● The culture itself ● IRC Implementations ● IRC HOW-TO ● FreeNode ● Resources What is IRC? ● Internet Relay Chat (IRC) is a form of real-time Internet chat or synchronous conferencing. It is mainly designed for group (many-to-many) communication in discussion forums called channels, but also allows one- to-one communication and data transfers via private message. ● IRC was created by Jarkko "WiZ" Oikarinen in late August 1988 to replace a program called MUT (MultiUser talk) on a BBS called OuluBox in Finland. Oikarinen found inspiration in a chat system known as Bitnet Relay, which operated on the BITNET. ● IRC gained prominence when it was used to report on the Soviet coup attempt of 1991 throughout a media blackout. It was previously used in a similar fashion by Kuwaitis during the Iraqi invasion. Relevant logs are available from ibiblio archive. ● IRC client software is available for virtually every computer operating system. A little bit of “How it all began?” ● While working at Finland's University of Oulu in August 1988, he wrote the first IRC server and client programs, which he produced to replace the MUT (MultiUser Talk) program on the Finnish BBS OuluBox. Using the Bitnet Relay chat system as inspiration, Oikarinen continued to develop IRC over the next four years, receiving assistance from Darren Reed in co- authoring the IRC Protocol. In 1997, his development of IRC earned Oikarinen a Dvorak Award for Personal Achievement— Outstanding Global Interactive Personal Communications System; in 2005, the Millennium Technology Prize Foundation, a Finnish public-private partnership, honored him with one of three Special Recognition Awards.
    [Show full text]
  • 2017-02-03.1 Fosdem
    Encrypting Matrix Building a universal end-to-end encrypted communication ecosystem with Matrix and Olm [email protected] http://www.matrix.org What is Matrix? A non-profit open standard for defragmenting communication Creating a global encrypted communication meta-network that bridges all the existing silos & liberates our communication to be controlled only by us. Skype Slack IRC Gitter Github 5 Skype Slack IRC Gitter Github 6 No single party owns your conversations. Conversations are shared over all participants. 7 Use Matrix for: Group Chat (and 1:1) WebRTC Signalling Bridging Comms Silos Internet of Things Data …and anything else which needs to pubsub persistent data to the world. 8 Why are you re-inventing XMPP!?!? 9 WE ARE NOT. 10 How is this different to XMPP? • Completely different philosophy & architecture: – A single, monolithic, consistent, spec. – Different primitives: • Syncing decentralised conversation history (not message passing / pubsub) • Group conversation as a first class citizen • E2E crypto as a first class citizen – HTTP+JSON as the baseline API (but you can use other transports too!) – Core focus on defragmentation and bridging (hence the name “matrix”). 11 Matrix Architecture Clients Home Servers Application Servers Identity Servers The Matrix Ecosystem Matrix Matrix Web iOS Android Console Console Console c lient - matrix- matrix- side Other react- angular- MatrixKit (iOS) Clients sdk sdk matrix-android-sdk matrix-js-sdk matrix-ios-sdk The Matrix Specification (Client/Server API) server Synapse Dendrite Matrix
    [Show full text]