DOCSLIB.ORG

Windows Vista Network Attack Surface Analysis Dr

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Windows Vista Network Attack Surface Analysis Dr Windows Vista Network Attack Surface Analysis Dr. James Hoagland, Principal Security Researcher Matt Conover, Principal Security Researcher, Tim Newsham, Independent Contractor, Ollie Whitehouse, Architect Symantec Advanced Threat Research Abstract A broad analysis was performed on the network-facing components of the Microsoft Windows VistaTM release version. Our analysis explores how it affects network security and how it differs from previous versions of Microsoft Windows. Windows Vista features a rewritten network stack, which introduces a number of core behavior changes. Windows Vista also introduces a number of new protocols, most importantly IPv6, its supporting protocols, and several IPv4 to IPv6 transition protocols. As a client operating system, Windows Vista will be widely deployed and as such is an important topic for security research. We studied the following protocols and technologies: LLTD, IPv4, IPv6, Teredo, TCP, SMB2 named pipes, MS-RPC, and the Windows Firewall. We also studied ARP, NDP, IGMP, MLD, ICMPv6, and UDP. CONTENTS I Introduction 5 II Link Layer Protocols 5 II-A LinkLayerTopologyDiscoveryprotocol . ................... 5 II-B AddressResolution .............................. .............. 6 III Network Layer 7 III-A IPBehavior .................................... ............ 7 III-A.1 IPv4IDGeneration ............................ ............ 7 III-A.2 IPFragmentationReassembly . ............... 7 III-A.3 SourceRouting ............................... ........... 8 III-B IPv4andIPv6SupportedProtocols . .................. 8 III-C TeredoandOtherTunnelingProtocols . .................... 8 III-D ICMP.......................................... .......... 9 III-E IGMPandMLD.................................... .......... 10 III-F DefectTesting................................. .............. 10 IV Transport Layer 10 IV-A EphemeralPorts................................. ............. 10 IV-B TCP ............................................ ........ 10 IV-C UDP ............................................ ........ 11 V Firewall 11 V-A FirewallRules................................... ............ 11 V-B InitialState.................................... ............. 11 V-C Configuration .................................... ........... 11 V-D Discovery ....................................... .......... 12 V-E Tunneling ....................................... .......... 12 VI Network Services 12 VI-A ActiveTCPPorts ................................. ............ 12 VI-B ActiveUDPPorts ................................. ............ 13 VI-C FileSharing .................................... ............ 13 VI-D RPCServicesOverTCP ............................. ............ 14 VII Unsolicited Traffic 14 VIII Conclusion 15 IX Future Work 16 References 16 Appendix I: Test networks 19 I-A MainTestNetwork ................................. ........... 19 I-B LLTDTestNetwork................................. ........... 19 I-C TeredoTestNetwork ............................... ............ 20 Appendix II: LLTD Introduction 21 II-A Background ..................................... ........... 21 II-B LLTDProtocolOverview ........................... .............. 21 II-C LLTDSecurityModel.............................. ............. 21 Appendix III: LLTD Analysis and Findings 24 III-A VistaLLTDImplementation . ................ 24 III-B DisablingLLTDWithinVista. ................. 24 III-C TopologyMapinVista ............................ .............. 25 III-D HostswithMultipleInterfaces . ................... 25 III-E InteractionwithOtherProtocols . .................... 26 III-F PolicyControls ................................ .............. 26 III-G MapperandResponderRelationship . ................... 27 III-H GenerationandSequenceNumbers. .................. 27 III-I DeviceSuppliedImages.. .... ... .... .... .... .... ................ 28 III-J InternalXMLRepresentation . .................. 29 III-K Attack: Spoof and ManagementURL IP Redirect . .................... 29 III-L Attack:SpoofonBridge .......................... ............... 29 III-M Attack:TotalSpoof ............................. ............... 30 III-N DenialofService ............................... .............. 30 III-O QualityofServiceComponent . ................. 32 III-P OtherAttemptedTestCases . ................ 33 Appendix IV: XML Format Used by Network Map 35 Appendix V: ARP Spoofing 36 Appendix VI: Neighbor Discovery Spoofing 37 Appendix VII: IPv4 ID Generation 38 Appendix VIII: IP Fragment Reassembly 40 VIII-A FragmentationBackground . .................. 40 VIII-B FragmentationTesting Methodology . ..................... 40 VIII-B.1 IPv4Methodology. ............. 40 VIII-B.2 IPv6Methodology. ............. 41 VIII-C TestCasesandResults . ................ 41 VIII-D Analysis ..................................... ............. 44 Appendix IX: Source Routing 46 Appendix X: IPv4 Protocol Enumeration 50 Appendix XI: IPv6 Next Header Enumeration 51 Appendix XII: Teredo Introduction 52 XII-A ProtocolOverview.............................. ............... 52 XII-B TeredoSecurityImplications . ................... 54 Appendix XIII: Teredo Analysis and Findings 55 XIII-A TeredoUseUnderVista. ................ 55 XIII-B VistaTeredoComponents. ................. 56 XIII-C DefaultTeredosettings . .................. 56 XIII-D Requirements for Elevated Privileges. ....................... 56 XIII-E DisablingTeredowithinVista . ................... 57 XIII-F Disabling the Microsoft Windows Firewall Disables Teredo ...................... 57 XIII-G SettingsStorage .............................. ................ 58 XIII-H TracingCode .................................. ............. 58 XIII-I ClientServicePortSelection . .................... 58 XIII-J SecureQualification. ................. 58 XIII-K Same NonceUsed With DifferentUDP Ports . ................... 60 XIII-L PingTests .................................... ............. 60 XIII-M SourceRouting ................................ .............. 61 XIII-N UseofAddressFlagBits . ................ 61 XIII-O OtherAttemptedTestCases . ................. 62 XIII-P VistaTeredoConclusions . .................. 62 Appendix XIV: Teredo IPHLPSVC Investigation 63 XIV-A IPHLPSVC.DLLTracingOutput . ................ 63 XIV-B AddressChecksinIPHLPSVC.DLL . ................ 64 XIV-C TeredoFunctionsfromIPHLPSVC.DLL . .................. 66 Appendix XV: Historic Attacks 68 Appendix XVI: IPv6 Options 69 XVI-A RandomOptionSending . .............. 69 XVI-B OrderedOptionSending . ............... 69 Appendix XVII: Ephemeral Ports 70 Appendix XVIII: TCP Initial Sequence Number Generation 72 Appendix XIX: TCP Segment Reassembly 75 XIX-A TestData...................................... ............ 75 XIX-B Analysis ...................................... ............ 75 Appendix XX: Stack Fingerprint 76 Appendix XXI: Windows Firewall Configuration 79 XXI-A Firewallruleset ............................... ............... 79 XXI-B InitialState.................................. ............... 79 XXI-C Firewall Changes with Configuration Changes . ...................... 83 XXI-C.1 SharingandDiscoveryControls . ................ 84 XXI-C.2 PeopleNearMe ................................ .......... 85 XXI-C.3 WindowsMeetingSpace . ............ 85 XXI-D Active Socket Changes with Configuration Changes . ...................... 86 XXI-D.1 FileSharing ................................. ........... 86 XXI-D.2 SharingandDiscoveryControls . ................ 86 XXI-D.3 PeopleNearMe ................................ .......... 87 XXI-D.4 WindowsMeetingSpace . ............ 87 Appendix XXII: Exposed TCP Services 89 Appendix XXIII: Exposed UDP Services 91 Appendix XXIV: RPC Endpoint Mapper Enumeration 92 Appendix XXV: Anonymous and Authenticated Access to Named Pipes 96 XXV-A NullSessionAccesstoNamedPipes. .................. 97 XXV-B Authenticated Session Access to Named Pipes . ..................... 97 Appendix XXVI: RPC Procedure Access 99 XXVI-A Tools........................................ ............ 99 XXVI-B DirectTCPAccess .............................. .............. 99 XXVI-C NullSessionNamedPipeAccess. .................. 106 XXVI-D Authenticated Session Named Pipe Access . ..................... 107 Appendix XXVII: Transition Traffic 112 XXVII-AVistaStartingUp . ................ 112 XXVII-BVistaShuttingDown . ................ 112 XXVII-C Vista Changing Static IPv4 Addresses . ...................... 113 Appendix XXVIII: Unsolicited Traffic 115 SYMANTEC ADVANCED THREAT RESEARCH 5 I. INTRODUCTION This paper details our analysis of the Windows Vista INDOWS VistaTM is Microsoft’s long anticipated, new network stack. The following sections give an overview of W client operating system. It is due to replace Windows our research and findings. The details of our testing scope, XP as Microsoft’s premier desktop operating system. Windows testing methodology, and results are in the appendices. The Vista represents a significant departure from previous Win- information is organized by network layer. In section II we dows systems, both in terms of its emphasis on security and discuss link layer protocols. Section III covers network layer its many new features. As security has grown in importance, protocols, and section IV covers transport layer protocols. Microsoft has paid increasing attention to it, evidenced by Section V covers Windows Firewall, a component whose the significant investment of resources that has been made. design encompasses many protocol layers. Section VI covers Windows Vista
Load more

Recommended publications
  • Configuring DNS
    Configuring DNS The Domain Name System (DNS) is a distributed database in which you can map hostnames to IP addresses through the DNS protocol from a DNS server. Each unique IP address can have an associated hostname. The Cisco IOS software maintains a cache of hostname-to-address mappings for use by the connect, telnet, and ping EXEC commands, and related Telnet support operations. This cache speeds the process of converting names to addresses. Note You can specify IPv4 and IPv6 addresses while performing various tasks in this feature. The resource record type AAAA is used to map a domain name to an IPv6 address. The IP6.ARPA domain is defined to look up a record given an IPv6 address. • Finding Feature Information, page 1 • Prerequisites for Configuring DNS, page 2 • Information About DNS, page 2 • How to Configure DNS, page 4 • Configuration Examples for DNS, page 13 • Additional References, page 14 • Feature Information for DNS, page 15 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
    [Show full text]
  • Testing-Prepare.Pdf
    Prepare Update your system so you can connect to the staging server to perform testing – required for all users EXCEPT “new users.” If you are not certain how to complete the steps listed in Prepare, you should abort testing efforts. Breaking your “hosts” file may prevent applications that use the Internet, such as your Web browser, from functioning properly. Also note that this will make non-CMS www.ndsu.edu sites unavailable while you are testing until you perform the clean-up steps on page 11 of this packet. Windows XP 1. Close all browser windows 2. Open My Computer 3. Browse to Local Disk (C:) > WINDOWS > system32 > drivers > etc 4. Double-click hosts 5. In the Open With dialog window, select Notepad and click OK 6. At the end of the file, AFTER 127.0.0.1 localhost, add a new line with the following entry 134.129.111.243 www.ndsu.edu workspaces.ndsu.edu An example of what the file should look like follows these directions Note that if you usually sign in somewhere other than “workspaces.ndsu.edu” you should add that address to the end of this list, for example like 134.129.111.243 www.ndsu.edu workspaces.ndsu.edu english.ndsu.edu 7. Save the file Remember to complete the clean-up steps on page 11 of this packet when you are done testing Windows Vista 1. Close all browser windows 2. Click the Start menu > All Programs > Accessories > and RIGHT-CLICK Notepad 3. Choose Run as administrator 4. In the User Account Control dialog, click Continue or if you are not an administrator, provide a password for an administrator account and click OK 5.
    [Show full text]
  • With ANSIBLE Sessions
    SANOG32 bdNOG9 02-10 August, 2018 Dhaka, Bangladesh NETWORK Imtiaz Rahman AUTOMATION (NetDevOps) SBAC Bank Limited [email protected] https://imtiazrahman.com with ANSIBLE Sessions • Session 1: o 14:30 PM – 16:00 PM (Theory with example) • Session 2: o 16:30 PM – 18:00 PM (Configuration and hands on LAB) Today’s Talk 1. Devops/NetDevOps ? 6. Ansible Language Basics 2. Why automation ? 7. Ansible encryption decryption 3. Tools for automation 8. How to run 4. Why Ansible ? 9. Demo 5. Ansible introduction 10. Configuration & Hands on LAB DevOps >devops ? DevOps >devops != DevOps DevOps integrates developers and operations teams In order to improve collaboration and productivity by automating infrastructure, automating workflows and continuously measuring application performance Dev + Ops = DevOps NetDevOps NetDevOps = Networking + DevOps infrastructure as code Why automation ? Avoid Avoid repeated Faster Identical typographical task deployment configuration error (Typos) Tools for automation What is ANSIBLE? • Open source IT automation tool • Red hat Enterprise Linux, CentOS, Debian, OS X, Ubuntu etc. • Need python Why ANSIBLE? • Simple • Push model • Agentless Why ANSIBLE? Puppet SSL Puppet Puppet master Client/agent Ansible Agentless Controller SSH node Managed with ansible node’s How it works 1 2 3 4 Run playbook SSH SSH Laptop/Desktop/ Copy python Run Module Delete Module Server module on device from device Return result 5 What can be done?? • Configuration Management • Provisioning VMs or IaaS instances • Software Testing • Continuous
    [Show full text]
  • Cisco IOS Easy IP
    WHITE PAPER Cisco IOS Easy IP Summary • Conserve registered IP addresses Cisco IOS Easy IP enables transparent and dynamic IP • Maximize IP address manageability address allocation for hosts in remote environments via Remote networks have variable numbers of end systems that DHCP, reduces router configuration tasks via dynamic PPP/ need access to the Internet. Hence, ISPs are interested in IPCP address negotiation, conserves IP addresses via PAT, allocating just one IP address to each remote LAN. and minimizes Internet access costs for remote offices. In enterprise networks where telecommuter populations Cisco IOS Easy IP is a combination of the following are growing extremely fast, network administrators need functionality: solutions that ease configuration and management of remote • Port Address Translation (PAT), a subset of Network routers and provide conservation and dynamic allocation of Address Translation (NAT) IP addresses within their networks. Such solutions are • Dynamic PPP/IPCP WAN interface IP address negotiation especially important when network administrators • Cisco IOS DHCP Server implement large dialup user pools where ISDN plays a major This paper describes the features and benefits of Cisco IOS role. Easy IP, provides a technical discussion of how it works, As part of Cisco IOS software, the premier platform that including details on the Cisco IOS DHCP Server, and includes delivers network services and enables networked availability, packaging, and platform support information. applications, Cisco IOS Easy IP is a scalability/connectivity service that provides solutions for each of these challenges. It Introduction provides cost savings, scalability, conservation of registered Exponential growth in the remote access router market has IP addresses, and eases router deployment by nontechnical created new challenges for Internet service providers (ISPs) users.
    [Show full text]
  • Microsoft Patches Were Evaluated up to and Including CVE-2020-1587
    Honeywell Commercial Security 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2020-1587. Patches not listed below are not applicable to a Pro-Watch system. 2020 – Microsoft® Patches Tested with Pro-Watch CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability CVE-2020-1577 DirectWrite Information Disclosure Vulnerability CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1565 Windows Elevation of Privilege Vulnerability CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability
    [Show full text]
  • Compare Tools Pro Report for Virtual Class
    Compare Tools Pro Report for Virtual Class www.spsp.ir Products included in this report: • Citrix GoToMeeting 7.6 • ClickMeeting • WebEx Meetings Premium • Adobe Connect 9.3 • AnyMeeting Pro • ReadyTalk Web Meeting • omNovia Web Conference • Microsoft Lync Online • iLinc for meetings • AT&T Connect 9.5 • Microsoft Office Live Meeting* • Microsoft NetMeeting* COMPARE TOOLS PRO REPORT LEGAL NOTICE © 2016 Publicare Marketing Communications GmbH ("Publicare"). All Rights Reserved. Nature of the information provided in this document The analyses and statements provided in this document are statements of opinion as of the date indicated on the website, and are not statements of fact. The analyses and statements are not recommendations to purchase or use any specific product, or to make any investment decisions. Publicare assumes no obligation to update the content following its publication in any form or format. The content provided herein is not a substitute for the customer's own skill, judgment and experience when evaluating potentially suitable web conferencing tools. Before purchasing or using any specific tool customer shall always thoroughly test a trial version of this tool, and shall seek independent information on its capabilities and limitations from the tool's producer or distributor. Limited license Customer's right to use the content provided herein is limited to customer's internal use to evaluate web conferencing tools that might be suitable for customer's own use. Any use for the purposes of third parties, any transfer of the provided content to third parties, as well as any publication or making available thereof are not permitted. This limited right to use may neither be transferred nor sub-licensed by customer to any third party.
    [Show full text]
  • EECS 122, Lecture 18
    Where We Are So Far… EECS 122, Lecture 18 Today’s Topics: • Networking concepts – remote access to resources Review of Where We Are – controlled sharing Introduction to Transport Layer • multiplexing: TDM, Stat Mux UDP: The User Datagram Protocol – protocols and layering • ISO reference model, encapsulation Introduction to Reliability • service model, error detection • end-to-end argument • soft state Kevin Fall, [email protected] Where We Are So Far… Where We Are So Far… • Development of the Internet • Direct-link networks – interconnection of heterogeneous networks – signals, modulation, error detection – simple best-effort service model – best-effort delivery between attached – fully-connected graph of hosts (routing) stations – possible error correction using codes • Internet scaling issues – MAC protocols, Ethernet – use of hierarchies in routing, addresses, DNS – use of caching in DNS Where We Are So Far… What We Are Missing… • The Internet Protocol • Access to process-level information – IP service model – currently, can only send traffic from one • best-effort datagram model computer to another • error detection in header only – no way to indicate which process or service • consistent, abstract packet, addressing should receive it • routing • Reliable transport • signaling (ICMP) – no way to know whether data received was • multicasting, IGMP, multicast routing correct • IP futures with IPv6 – no way to correct for delivery errors 1 Problem Set #3 The Transport Layer • Peterson & Davie: • provide application-to-application
    [Show full text]
  • Requirements
    Requirements • System Requirements, page 1 • Considerations for Thin Clients, page 3 • Port Requirements, page 4 • Supported Codecs, page 5 • AnyConnect Profiles and the Cisco ASA, page 5 System Requirements Important Each of the components listed in the following table must meet the requirements. Use of unsupported components can result in a nonfunctional deployment. Component Requirements SUSE Linux thin clients—Hardware SP2-supported hardware: Dell Wyse Z50D or D50D SP3-supported hardware: Dell Wyse D50Q, Z50Q, or Z50QQ Note For information about video resolution and performance, see Video Resolution, on page 3. SUSE Linux Platform SP2 Image 11.2.092 SUSE Linux Platform SP3 Image 11.3.092 Deployment and Installation Guide for Cisco Virtualization Experience Media Engine for SUSE Linux Release 11.0 1 Requirements System Requirements Component Requirements Hosted virtual desktop OS (server-side) • Microsoft Windows 7 32 bit • Microsoft Windows 7 64 bit • Microsoft Windows 8 32 bit • Microsoft Windows 8 64 bit • Microsoft Windows 8.1 32 bit • Microsoft Windows 8.1 64 bit Connection broker for the hosted virtual desktop • Citrix XenDesktop 7.1, 7.5, or 7.6 • Citrix Xenapp 6.5, 7.5 or 7.6—Published desktops only • VMware Horizon View 5.3—Published desktops only • VMware Horizon 6.0 (with View)—Published desktops only • VMware Horizon 6 version 6.1.0—Published desktops only Receiver or client (on the thin client) The platform SP2 or SP3 image includes the required receiver or client. Cisco Unified Communications client Cisco Jabber for Windows 11.0 running on the hosted virtual desktop on the hosted virtual desktop (HVD).
    [Show full text]
  • Companion to Deliverable D3.1 Survey on DPWS
    Ref. Ares(2011)1133498 - 24/10/2011 ICT IP Project Companion to Deliverable D3.1 Survey on DPWS http://www.choreos.eu template v8 Project Number : FP7-257178 Project Title : CHOReOS Large Scale Choreographies for the Future Internet Deliverable Number : Companion to D3.1 Title of Deliverable : Survey on DPWS Nature of Deliverable : Report Dissemination level : Public Licence : Creative Commons Attribution 3.0 License Version : 1.0 Contractual Delivery Date : 30 September 2011 Contributing WP : WP3 Editor(s) : Sandrine Beauche (INRIA) Author(s) : Sandrine Beauche (INRIA) Abstract Device Profile for Web Service (DPWS) is a specification to enable Web Services on resource constrained devices. In particular, tackling the mobility of these devices, this specification allows discovering services dynamically and accessing them. So, DPWS seems to be successor to UPnP, relying on a subset of the Web Services standards and SOAP messages over UDP in order to deal with resource constraints. The founders of this specification are Microsoft as well as the actors of the SIRENA European ITEA project, who aimed at leveraging SOA architectures to seamlessly interconnect embedded devices in the domain of industrial applications, telecommunications and automation. This project was a first promising contribution. As a follow-up to this, these actors are working on (1) extensions to add more features, like reliability and security, (2) new implementations to deal with a higher diversity of devices, from tiny devices to servers, and (3) tools to facilitate incorporating DPWS in other new technologies, and to improve device management in Windows or e-Management in factories. In this document, we survey the DPWS specifications, the existing implementations, and the related projects that apply or improve DPWS.
    [Show full text]
  • TECDEV-1500.Pdf
    TECDEV-1500 Getting Started: Network Automation with Ansible Gowtham Tamilselvan Jason Froehlich Yogi Raghunathan Network Automation ? • Becoming agile and move at scale • Reduce deployment time while reducing OPEX cost • Reduce human error; improve the efficiency and reliability of the networks TECDEV-1500 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Speaker Introduction Speaker Introduction - Gowtham • Network Consulting Engineer for 7+ years at Cisco • Supporting large Telecom Service Provider in the US • Primarily focused on R&S and SP technologies • Cisco Live Distinguished Speaker TECDEV-1500 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Speaker Introduction - Jason • Network Consulting Engineer for 7+ years at Cisco • CCIE R&S • Supporting large Telecom Service Provider in the US • NOC Team at CiscoLive US/LATAM • Primarily focused on R&S and SP technologies TECDEV-1500 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Speaker Introduction - Yogi • Sr. Solution Integration Architect, Customer Experience • Supporting Service Providers in the US • Mass Scaled Networking, Segment Routing • Interests: • Operational & Test Automation • Software Defined Networks (SDN) TECDEV-1500 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Session Objective • Get started with Ansible • Learn to read and write playbooks • Automate simple tasks for IOS and XR devices TECDEV-1500 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Time Schedule • Lecture Session 1- 30 Mins • Playbook Exercise – 90 Mins • Break – 15 mins • Lecture Session 2 – 20 Mins • Automating Exercise – 90 Mins • Conclusion – 10 mins TECDEV-1500 © 2019 Cisco and/or its affiliates.
    [Show full text]
  • Non-Trivial Off-Path Network Measurements Without Shared Side-Channel Resource Exhaustion." (2019)
    University of New Mexico UNM Digital Repository Computer Science ETDs Engineering ETDs Fall 12-14-2019 Non-Trivial Off-Path Network Measurements without Shared Side- Channel Resource Exhaustion Geoffrey I. Alexander Follow this and additional works at: https://digitalrepository.unm.edu/cs_etds Part of the Digital Communications and Networking Commons Recommended Citation Alexander, Geoffrey I.. "Non-Trivial Off-Path Network Measurements without Shared Side-Channel Resource Exhaustion." (2019). https://digitalrepository.unm.edu/cs_etds/102 This Dissertation is brought to you for free and open access by the Engineering ETDs at UNM Digital Repository. It has been accepted for inclusion in Computer Science ETDs by an authorized administrator of UNM Digital Repository. For more information, please contact [email protected], [email protected], [email protected]. Non-Trivial Off-Path Network Measurements without Shared Side-Channel Resource Exhaustion by Geoffrey Alexander B.A., Computer Science, University of New Mexico, 2011 M.S., Computer Science, University of New Mexico, 2015 DISSERTATION Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy Computer Science The University of New Mexico Albuquerque, New Mexico December 2019 Acknowledgments I would like to thank my advisor, Dr. Jedidiah R. Crandall for supporting and helping with my research over the years. I would also like to thank my dissertation committee: Dr. Soraya Abad-Mota, Dr. Phillipa Gill, and Dr. Jedidiah McClurg for serving on my dissertation committee and for their valuable feedback and suggestions on this dissertation. I would also like to thank Dr. Abdullah Mueen for his guidance when performing the clustering analysis carried out in Chapter 5.
    [Show full text]
  • BASS Application Sharing System
    BASS Application Sharing System Omer Boyaci and Henning Schulzrinne Department of Computer Science, Columbia University fboyaci,[email protected] 1 Introduction Application and desktop sharing allows two or more people to col- laborate on a single document, drawing or project in real-time. We have developed an application and desktop sharing platform called BASS which is efficient, reliable and independent of the operating system. It scales well via heterogenous multicast, sup- ports all applications, and features true application sharing. Any application can be shared, including word processors, browsers, Powerpoint or video players. Also, the participants do not need to install the application. BASS is based on a client-server architec- ture. The server is the computer which runs the shared application. Clients receive screen updates from the server and send keyboard and mouse events to the server. Figure 2: BASS Figure 3: UVNC formation from other non-shared applications. Shared application may open new child windows such as those for selecting options or fonts. UltraVNC and MAST failed to share child windows. A true application sharing system must blank all the non-shared windows and must transfer all the child windows of the shared application. Figure 1: Desktop with overlapping windows Figure 4: Mast client view Application sharing differs from desktop sharing. In desktop For example, if a user wants to share only the “Internet Ex- sharing, a server distributes any screen update. In application shar- plorer” application, which has the title “Windows Live Hotmail - ing, the server distributes screen updates if and only if they belong Windows Internet Explorer”, from the desktop seen in (Figure 1), to the shared application’s windows.
    [Show full text]