DOCSLIB.ORG

Footprinting and Brute Force Attacks Are Still in Use

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Beware of older cyber attacks Footprinting and brute force attacks are still in use IBM X-Force® Research Managed Security Services Report Click here to start ▶ ◀ Previous Next ▶ Contents Executive overview longer discussed much. One example is the TCP/ UDP port scan and TCP/UDP service sweep, Covering more than 18 years of vulnerability data, Executive overview which are part of an attack pattern known as the IBM® X-Force® database surpassed 100,000 Footprinting footprinting.2 Another is the password brute force entries in Q2 2016.1 That means there are a lot of attack pattern,3 one of the brute force attacks4 we Top 10 ports attack vectors at a criminal’s disposal. With much saw emerge decades ago and still see today. While of the media focus on new and emerging threats, Brute force password many products and services today require strong it’s easy to see how security teams might lose attacks passwords, weak passwords are still being used, sight of older, less newsworthy vulnerabilities and Secure shell (SSH) brute aiding criminals in carrying out successful brute attack vectors. force attacks force attacks.5 6 7 Persistence of SSH brute An assessment of recent data from IBM Managed Fortunately, many tools and mitigation techniques force top 20 attacker Security Services (IBM MSS), which continuously IP addresses to thwart these older kinds of cyber attack have monitors billions of events reported by more than been developed over the years. Organizations that SSH brute force top five 8,000 client devices in over 100 countries, reveals apply them in their environments will be better IP addresses some interesting findings about attack vectors no equipped to deal with the ongoing threat. File Transfer Protocol (FTP) brute force attacks Top five FTP brute force attacker IP addresses About this report Recommendations This IBM® X-Force® Research report was created by the Protect your enterprise IBM Managed Security Services Threat Research group, a while reducing cost team of experienced and skilled security analysts working and complexity diligently to keep IBM clients informed and prepared for the About IBM Security latest cybersecurity threats. This research team analyzes About the author security data from many internal and external sources, including event data, activity and trends sourced from References thousands of endpoints managed and monitored by IBM. 2 ◀ Previous Next ▶ Contents Footprinting Commonly used footprinting tools Most security analysts will agree that “nmap,” Executive overview Looking at the Common Attack Pattern Enumeration and Classification (CAPEC) made available in 1997, is the best known and most Footprinting 10 mechanisms of attack8, we see an attack pattern widely used network footprinting tool. “Scanrand” 11 12 13 Top 10 ports hierarchy. Footprinting9 is considered a meta (2002) , “amap” (2003) , “Unicornscan” (2005) , 14 attack pattern that falls under one of the top level “zmap” (2012) and “masscan” (2013) are also Brute force password popular. Newer tools such as “zmap” (2012) attacks categories, “Gather Information.” Often viewed as more of a pre-attack used to gather information on claim the ability to scan the entire Internet in Secure shell (SSH) brute 15 potential targets, the term encompasses several times ranging from five minutes to an hour. force attacks 16 attack techniques, among them network topology And masscan claims to do it in three minutes. Persistence of SSH brute mapping, host discovery, account footprinting, Scanning tools existed before 1997, for example the force top 20 attacker and port scanning. Generally, multiple ports are Internet Security Scanner (ISS) version 1.x that first IP addresses scanned in a port scan. appeared as a shareware product in 1992 and later 17 SSH brute force top five inspired a commercial product. IP addresses There’s also something called a service (or port) Another way to glean footprinting data is to use a File Transfer Protocol (FTP) sweep, in which multiple hosts in a network are brute force attacks checked for a specific open service port. Service search engine that is searching data from ongoing sweeps are often ignored, since they occur so Internet mapping projects. Shodan (2009) is one Top five FTP brute force of the most popular projects and is thought by attacker IP addresses regularly and aren’t something that warrants an 18 immediate response. The placement of network many to be the most comprehensive. Censys Recommendations sensors also impacts whether footprinting activity (2015) is geared towards computer scientists and 19 Protect your enterprise can be detected. If a sensor is behind a firewall researchers. Thingful (2013) is for Internet of 20 while reducing cost and the firewall is not configured to map ports to Things (IoT) devices. Internet mapping search and complexity internal systems, the scan activity won’t be logged. engines such as these allow attackers to gain About IBM Security access to footprinting information without actually sending packets to the victim, who then remains About the author unaware they’re being targeted. References 3 ◀ Previous Next ▶ Contents Top 10 ports Internet Assigned Executive overview In a sampling of IBM Managed Security Services Numbers Authority Destination customers over two days in Q1 2016, the telnet Rank Sweeps (IANA)-assigned Footprinting TCP port port (TCP port 23) received the most number of service description and popular use22 Top 10 ports sweeps, accounting for 79 percent of the events. 1 • 2 • 3 • 4 • 5 • 6 • 7 Port 80 is excluded from the network IDS signature 1 23 78.65% telnet Brute force password represented in this data due to the likelihood of 2 1433 2.61% Microsoft SQL Server attacks false positives because legitimate web traffic also 3 8080 2.14% HTTP alternate for port 80 uses port 80.21 Popular ports such as 25 (SMTP), Secure shell (SSH) brute 4 3306 1.59% MySQL force attacks 21 (FTP), 53 (DNS), 135 (RPC), 137 (NETBIOS), 139 MS WBT Server, Windows (NETBIOS), 445 (Microsoft-DS), and others ranked 5 3389 1.54% Persistence of SSH brute lower than the top 10. This is shown in Figure 1 Remote Desktop force top 20 attacker Active API Server Port, some IP addresses and Table 1. 6 3128 1.00% proxy servers (squid-http, 3proxy) SSH brute force top five To p 10 TCP service sweep destination ports 7 443 0.90% http protocol over TLS/SSL IP addresses 443 (HTTP over SSL) 0.90% Remote framebuffer, VNC 3128 (Active API) 1.00% File Transfer Protocol (FTP) 5900 (RmtFrameBuffer) 0.61% 8 5900 0.61% (virtual network computing), 3389 (MS WBT) 1.54% 9200 (WAP) 0.56% Apple Remote Desktop brute force attacks 3306 (MySQL) 1.59% 21320 (N/A) 0.54% WAP connectionless 1433 (SQL Server) 2.61% session service, EMC2 Top five FTP brute force 9 9200 0.56% 8080 (HTTP-alt) 2.14% (Legato) Networker or attacker IP addresses Sun Solstice Backup Other 9.87% Recommendations 10 21320 0.54% N/A Protect your enterprise All other 9.87% All other TCP ports combined while reducing cost and complexity Table 1. Rank, destination TCP port, sweeps and service description and popular use for About IBM Security the top 10 ports. Source: IBM MSS data. About the author References 23 (telnet); 78.65% Figure 1. Top 10 TCP service sweep destination ports. Source: IBM MSS data. 4 ◀ Previous Next ▶ Contents Ports provide multiple pieces of useful information. Banners can be particularly revealing. “Welcome Attackers may be seeking: to the ACME central bank system running Widgets Executive overview • Specific vulnerabilities for known services, such OS version 3.43.23c” reveals that the attacker Footprinting as Heartbleed on web servers has found both a prime target and an easy path to • Services that can be exploited for a brute force unauthorized access via what may be its operating Top 10 ports 1 • 2 • 3 • 4 • 5 • 6 • 7 password attack system’s many known vulnerabilities. Certain • Information on a target, such as what can be malware are also known to use many common Brute force password found in a login banner ports. Table 2 highlights those associated with the attacks top 10 TCP destination ports revealed in Table 1. Secure shell (SSH) brute force attacks Destination Rank Sweeps Trojans, worms or malware using the port Persistence of SSH brute TCP port force top 20 attacker ADM worm (May 1998), Aphex’s Remote Packet Sniffer, AutoSpY, ButtMan , Fire HacKer, My Very Own Trojan, 1 23 78.65% IP addresses Pest, RTB 666, Tiny Telnet Server - TTS, Truva Atl, Backdoor.Delf variants, Backdoor.Dagonit (2005.10.26) SSH brute force top five 2 1433 2.61% Digispid.B.Worm (2002.05.21), W32.Kelvir.R (2005.04.12), Voyager Alpha Force IP addresses Reverse WWW Tunnel Backdoor, RingZero, Screen Cutter, Mydoom.B (2004.01.28), W32.Spybot. OFN (2005.04.29), W32.Zotob.C@mm (2005.08.16), W32.Zotob.E(2005.08.16), Backdoor.Naninf.D File Transfer Protocol (FTP) (2006.02.01), Backdoor.Naninf.C (2006.01.31), W32.Rinbot.A (2007.03.02), Android.Acnetdoor 3 8080 2.14% brute force attacks (2012.05.16), Feodo/Geodo (a.k.a. Cridex or Bugat), Backdoor.Tjserv.D (2005.10.04), RemoConChubo, Brown Orifice, Feutel, Haxdoor, Hesive, Nemog, Ryknos, W32.Kelvir, W32.Mytob, W32.Opanki, W32. Top five FTP brute force Picrate, W32.Spybot, W32.Zotob, Webus attacker IP addresses 4 3306 1.59% Nemon backdoor (discovered 2004.08.16), W32.Mydoom.Q@mm, W32.Spybot Recommendations 5 3389 1.54% Backdoor.Win32.Agent.cdm, TSPY_AGENT.ADDQ Masters Paradise, Reverse WWW Tunnel Backdoor, RingZero, Mydoom.B (2004.01.28), W32.HLLW. Protect your enterprise 6 3128 1.00% Deadhat (2004.02.06) while reducing cost and complexity 7 443 0.90% W32.Kelvir.M (2005.04.05), Slapper, Civcat, Tabdim, W32.Kelvir, W32.Kiman About IBM Security 8 5900 0.61% Backdoor.Evivinc, W32.Gangbot (2007.01.22) 9 9200 0.56% Unknown About the author 10 21320 0.54% Spybot, TopArcadeHits malware installing unapproved proxy References Table 2.
Recommended publications
  • Password Cracking / Brute-Force Tools Password Cracking / Brute-Force Tools

    Password Cracking / Brute-Force Tools Password Cracking / Brute-Force Tools

    Color profile: Disabled Hacking / Anti-Hacker Tool Kit, 3rd Ed / Shema, Davis, Cowen & Philipp / 226286-9 / Chapter 8 Composite Default screen Presented by: 8 PasswordPassword CrackingCracking // Brute-ForceBrute-Force ToolsTools 195 Reproduced from the book “Anti-Hacker Tool Kit, Third Edition." Copyright © 2006, The McGraw-Hill Companies, Inc. Reproduced by permission of The McGraw-Hill Companies, Two Penn Plaza, NY, NY 10121-2298. Written permission of The McGraw-Hill Companies, Inc. is required for all other uses. P:\010Comp\Hacking\286-9\ch08.vp Monday, January 23, 2006 12:28:07 PM Color profile: Disabled Hacking / Anti-Hacker Tool Kit, 3rd Ed / Shema, Davis, Cowen & Philipp / 226286-9 / Chapter 8 Composite Default screen 196 Anti-Hacker Tool Kit smile, a house key, a password. Whether you’re trying to get into a nightclub, your house, or your computer, you will need something that only you possess. On a Acomputer network, users’ passwords have to be strong enough so that Dwayne can’t guess Norm’s password and Norm can’t steal Dwayne’s password (since Dwayne might have written it on the bottom of his keyboard). Bottom line—one weak password can circumvent secure host configurations, up-to-date patches, and stringent firewall rules. In general an attacker has two choices when trying to ascertain a password. He can ob- tain a copy of the password or hash if encrypted and then use brute-force tools to crack the encrypted hash. Or he can try to guess a password. Password cracking is an old technique that is most successful because humans are not very good random sequence generators.
  • An Internet-Wide View of Internet-Wide Scanning

    An Internet-Wide View of Internet-Wide Scanning

    This paper appeared in Proceedings of the 23rd USENIX Security Symposium, August 2014. An Internet-Wide View of Internet-Wide Scanning Zakir Durumeric Michael Bailey J. Alex Halderman University of Michigan University of Michigan University of Michigan [email protected] [email protected] [email protected] Abstract scanning, and successfully fingerprint ZMap and Mass- can. We present a broad view of the current scanning While it is widely known that port scanning is widespread, landscape, including analyzing who is performing large neither the scanning landscape nor the defensive reactions scans, what protocols they target, and what software and of network operators have been measured at Internet scale. providers they use. In some cases we can determine the In this work, we analyze data from a large network tele- identity of the scanners and the intent of their scans. scope to study scanning activity from the past year, un- We find that scanning practice has changed dramati- covering large horizontal scan operations and identifying cally since previous studies from 5–10 years ago [5,39,45]. broad patterns in scanning behavior. We present an analy- Many large, likely malicious scans now originate from sis of who is scanning, what services are being targeted, bullet-proof hosting providers instead of from botnets. and the impact of new scanners on the overall landscape. Internet-scale horizontal scans have become common. Al- We also analyze the scanning behavior triggered by recent most 80% of non-Conficker probe traffic originates from vulnerabilities in Linksys routers, OpenSSL, and NTP. scans targeting ≥1% of the IPv4 address space and 68% We empirically analyze the defensive behaviors that orga- from scans targeting ≥10%.
  • Hydra: a Declarative Approach to Continuous Integration1

    Hydra: a Declarative Approach to Continuous Integration1

    Hydra: A Declarative Approach to Continuous Integration1 Eelco Dolstra, Eelco Visser Department of Software Technology, Faculty of Electrical Engineering, Mathematics and Computer Science (EWI), Delft University of Technology, The Netherlands Abstract There are many tools to support continuous integration: the process of automatically and con- tinuously building a project from a version management repository. However, they do not have good support for variability in the build environment: dependencies such as compilers, libraries or testing tools must typically be installed manually on all machines on which automated builds are performed. In this paper we present Hydra, a continuous build tool based on Nix, a package manager that has a purely functional language for describing package build actions and their dependencies. This allows the build environment for projects to be produced automatically and deterministically, and so significantly reduces the effort to maintain a continuous integration en- vironment. 1. Introduction Hydra is a tool for continuous integration testing and software release that uses a purely func- tional language to describe build jobs and their dependencies. Continuous integration (Fowler and Foemmel 2006) is a simple technique to improve the quality of the software development process. An automated system continuously or periodically checks out the source code of a project, builds it, runs tests, and produces reports for the developers. Thus, various errors that might accidentally be committed into the code base are automatically caught. Such a system allows more in-depth testing than what developers could feasibly do manually: • Portability testing: The software may need to be built and tested on many different plat- forms.
  • Who Is Knocking on the Telnet Port: a Large-Scale Empirical Study of Network Scanning

    Who Is Knocking on the Telnet Port: a Large-Scale Empirical Study of Network Scanning

    Session 15: Network Security 2 ASIACCS’18, June 4–8, 2018, Incheon, Republic of Korea Who is Knocking on the Telnet Port: A Large-Scale Empirical Study of Network Scanning Hwanjo Heo Seungwon Shin KAIST KAIST ETRI [email protected] [email protected] ABSTRACT this information (i.e., who serves what) is absolutely imperative for Network scanning is the primary procedure preceding many net- attackers. Hence, attackers aggressively gather this information by work attacks. Until recently, network scanning has been widely directly searching target hosts or even employing already deployed studied to report a continued growth in volume and Internet-wide malware (e.g., botnet) for efficiency. trends including the underpinning of distributed scannings by lin- As such, since this network scanning is an indispensable process gering Internet worms. It is, nevertheless, imperative to keep us for cyber attacks, attention should still be paid to it, even though informed with the current state of network scanning, for factual it has been studied, investigated, and monitored for a long time. and comprehensive understanding of the security threats we are Indeed, researchers and practitioners have already deeply surveyed, facing, and new trends to serve as the presage of imminent threats. analyzed, and measured this behavior [3, 8, 26, 34, 35]. However, it In this paper, we analyze the up-to-date connection-level log should be kept in mind that the characteristics of network scanning data of a large-scale campus network to study the recent scanning (e.g., main target services and scan origins) are quite sensitive to the trends in breadth.
  • 4. Offensive and Defensive Network Security Cryptoworks21 • July 15, 2021

    4. Offensive and Defensive Network Security Cryptoworks21 • July 15, 2021

    Fundamentals of Network Security 4. Offensive and defensive network security CryptoWorks21 • July 15, 2021 Dr Douglas Stebila https://www.douglas.stebila.ca/teaching/cryptoworks21 Fundamentals of Network Security • Basics of Information Security – Security architecture and infrastructure; security goals (confidentiality, integrity, availability, and authenticity); threats/vulnerabilities/attacks; risk management • Cryptographic Building Blocks – Symmetric crypto: ciphers (stream, block), hash functions, message authentication codes, pseudorandom functions – Public key crypto: public key encryption, digital signatures, key agreement • Network Security Protocols & Standards – Overview of networking and PKI – Transport Layer Security (TLS) protocol – Overview: SSH, IPsec, Wireless (Tool: Wireshark) • Offensive and defensive network security – Offensive: Pen-tester/attack sequence: reconnaissance; gaining access; maintaining access (Tool: nmap) • Supplemental material: denial of service attacks – Defensive: Firewalls and intrusion detection • Access Control & Authentication; Web Application Security – Access control: discretionary/mandatory/role-based; phases – Authentication: something you know/have/are/somewhere you are – Web security: cookies, SQL injection – Supplemental material: Passwords 3 Assignment 2 2a) Offensive network 2b) Defensive network security security • Use nmap to scan • Set up firewall rules in services running on your Kali to prevent your computer certain types of – Will be scanning from outbound traffic (egress guest
  • Identifying Vulnerabilities Using Internet-Wide Scanning Data

    Identifying Vulnerabilities Using Internet-Wide Scanning Data

    Identifying Vulnerabilities Using Internet-wide Scanning Data Jamie O’Hare, Rich Macfarlane, Owen Lo School of Computing Edinburgh Napier University Edinburgh, United Kingdom 40168785, r.macfarlane, [email protected] Abstract—Internet-wide scanning projects such as Shodan and of service, through the considerable time and resources re- Censys, scan the Internet and collect active reconnaissance results quired to perform the scans. Due to this potential issue, as for online devices. Access to this information is provided through well as specific legal requirements, vulnerability assessment associated websites. The Internet-wide scanning data can be used to identify devices and services which are exposed on the Internet. tools typically require permission from the target organization It is possible to identify services as being susceptible to known- before being used. vulnerabilities by analysing the data. Analysing this information The known vulnerabilities identified by these tools are is classed as passive reconnaissance, as the target devices are associated with a specific Common Vulnerabilities and Ex- not being directly communicated with. This paper goes on to posure (CVE), which highlights a vulnerability for a specific define this as contactless active reconnaissance. The vulnerability identification functionality in these Internet-wide scanning tools is service. A CVE entry contains information associated with currently limited to a small number of high profile vulnerabilities. the vulnerability including a Common Platform Enumeration This work looks towards extending these features through the (CPE) and a Common Vulnerability Scoring System (CVSS). creation of a tool Scout which combines data from Censys The CPE ties a CVE to a specific product and version, while and the National Vulnerability Database to passively identify the CVSS provides an impact score.
  • Nessus 6.8 User Guide

    Nessus 6.8 User Guide

    Nessus 6.8 User Guide Last Updated: 8/17/2016 Table of Contents Getting Started 11 About Nessus Products 12 About Nessus Plugins 15 Hardware Requirements 17 Supported Operating Systems 18 Nessus License & Activation Code 21 Setup Nessus 22 Product Download 23 Pre-install Nessus 25 Deployment 26 Host Based Firewalls 27 IPv6 Support 28 Virtual Machines 29 Anti-virus Software 30 Security Warnings 31 Install Nessus and Nessus Agents 32 Nessus Installation 33 Install Nessus on Mac OS X 34 Install Nessus on Linux 36 Install Nessus on Windows 37 Nessus Agent Install 39 Install a Nessus Agent on Mac OS X 40 Copyright © 2016. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc. SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners. Install a Nessus Agent on Linux 43 Install a Nessus Agent on Windows 47 Upgrade Nessus and Nessus Agents 51 Nessus Upgrade 52 Upgrade from Evaluation 53 Mac Upgrade 54 Linux Upgrade 55 Windows Upgrade 56 Nessus Agents: Upgrade 57 Installation - Web Browser Portion 58 Nessus (Home, Professional, or Manager) 60 Link to Nessus Manager 61 Link to Tenable Cloud 64 Managed by SecurityCenter 66 Install Nessus while Offline 67 Register Nessus Offline 71 Generate Challenge Code 73 Generate Your License 74 Download and Copy License File (nessus.license) 75 Register Your License with Nessus 76 Download and Copy Plugins 77 Install Plugins Manually 78 Remove Nessus and Nessus Agents 79 Nessus Removal 80 Copyright © 2016.
  • Cuteftp Mac Professional V3.1 User Guide

    Cuteftp Mac Professional V3.1 User Guide

    v3 User Guide GlobalSCAPE, Inc. (GSB) Corporate Headquarters 4500 Lockhill-Selma Road, Suite 150 Address: San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical Support: (210) 366-3993 Web Support: http://www.globalscape.com/support/ © 2004 GlobalSCAPE, Inc. All Rights Reserved Table of Contents Getting Started with CuteFTP Mac 3 Professional .................................................................................. 7 Customer Service ............................................................................................................................. 7 Lost Serial Number ........................................................................................................................... 7 Comprehensive Support Programs .................................................................................................... 7 About FTP (File Transfer Protocol) .................................................................................................... 7 About CuteFTP Mac .......................................................................................................................... 7 CuteFTP Mac's Features: .................................................................................................................. 8 About FTP (File Transfer Protocol) .................................................................................................... 8 System Requirements ......................................................................................................................
  • German Cities Exposed a Shodan-Based Security Study on Exposed Cyber Assets in Germany

    German Cities Exposed a Shodan-Based Security Study on Exposed Cyber Assets in Germany

    German Cities Exposed A Shodan-based Security Study on Exposed Cyber Assets in Germany Natasha Hellberg and Rainer Vosseler Trend Micro Forward-Looking Threat Research (FTR) Team A TrendLabs Research Paper Contents TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and 4 should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Exposed Cyber Assets Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro 5 reserves the right to modify the contents of this document at any time without prior notice. Translations of any material into other languages are Exposed Cities: intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise Germany related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or 12 enforcement purposes. Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro Exposed Cyber Assets makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree in Germany that access to and use of and reliance on this document and the content thereof is at your own risk.
  • An Intelligent Improvement of Internet-Wide Scan Engine for Fast Discovery of Vulnerable Iot Devices

    An Intelligent Improvement of Internet-Wide Scan Engine for Fast Discovery of Vulnerable Iot Devices

    S S symmetry Article An Intelligent Improvement of Internet-Wide Scan Engine for Fast Discovery of Vulnerable IoT Devices Hwankuk Kim ID , Taeun Kim and Daeil Jang * Korea Internet & Security Agency, 9, Jinheung-gil, Naju-si, Jeollanam-do 58324, Korea; [email protected] (H.K.); [email protected] (T.K.) * Correspondence: [email protected]; Tel.: +82-61-820-1274 Received: 31 March 2018; Accepted: 7 May 2018; Published: 10 May 2018 Abstract: Since 2016, Mirai and Persirai malware have infected hundreds of thousands of Internet of Things (IoT) devices and created a massive IoT botnet, which caused distributed denial of service (DDoS) attacks. IoT malware targets vulnerable IoT devices, which are vulnerable to security risks. Techniques are needed to prevent IoT devices from being exploited by attackers. However, unlike high-performance PCs, IoT devices are lightweight, low-power, and low-cost, having performance limitations regarding processing and memory, which makes it difficult to install security and anti-malware programs. Recently, several studies have been attempted to quickly search for vulnerable internet-connected devices to solve this real issue. Issues yet to be studied still exist regarding these types of internet-wide scan technologies, such as filtering by security devices and a shortage of collected operating system (OS) information. This paper proposes an intelligent internet-wide scan model that improves IP state scanning with advanced internet protocol (IP) randomization, reactive protocol (port) scanning, and OS fingerprinting scanning, applying k* algorithm in order to find vulnerable IoT devices. Additionally, we describe the experiment’s results compared to the existing internet-wide scan technologies, such as ZMap and Shodan.
  • Andrews Ku 0099M 16872 DA

    Andrews Ku 0099M 16872 DA

    Evaluating the Proliferation and Pervasiveness of Leaking Sensitive Data in the Secure Shell Protocol and in Internet Protocol Camera Frameworks Ron Andrews B.S. Computer Science, University of Kansas, 2003 Submitted to the graduate degree program in Electrical Engineering and Computer Science Department and the Graduate Faculty of the University of Kansas in partial fulfillment of the requirements for the degree of Masters of Science in Computer Science. Chair: Alexandru G. Bardas Fengjun Li Bo Luo Date defended: Nov 18, 2019 The Dissertation Committee for Ron Andrews certifies that this is the approved version of the following dissertation : Evaluating the Proliferation and Pervasiveness of Leaking Sensitive Data in the Secure Shell Protocol and in Internet Protocol Camera Frameworks Chair: Alexandru G. Bardas Date approved: Nov 18, 2019 ii Abstract In George Orwell’s nineteen eighty-four: A novel, there is fear regarding what “Big Brother”, knows due to the fact that even thoughts could be “heard”. Though we are not quite to this point, it should concern us all in what data we are transferring, both intentionally and unintentionally, and whether or not that data is being “leaked”. In this work, we consider the evolving landscape of IoT devices and the threat posed by the pervasive botnets that have been forming over the last several years. We look at two specific cases in this work. One being the practical application of a botnet system actively executing a Man in the Middle Attack against SSH, and the other leveraging the same paradigm as a case of eavesdropping on Internet Protocol (IP) cameras.
  • VSC HPC Tutorial for Vrije Universiteit Brussel Mac Users

    VSC HPC Tutorial for Vrije Universiteit Brussel Mac Users

    VLAAMS SUPERCOMPUTER Innovative Computing CENTRUM for A Smarter Flanders HPC Tutorial Last updated: August 26 2021 For Mac Users Authors: Franky Backeljauw5, Stefan Becuwe5, Geert Jan Bex3, Geert Borstlap5, Jasper Devreker2, Stijn De Weirdt2, Andy Georges2, Balázs Hajgató1,2, Kenneth Hoste2, Kurt Lust5, Samuel Moors1, Ward Poelmans1, Mag Selwa4, Álvaro Simón García2, Bert Tijskens5, Jens Timmerman2, Kenneth Waegeman2, Toon Willems2 Acknowledgement: VSCentrum.be 1Free University of Brussels 2Ghent University 3Hasselt University 4KU Leuven 5University of Antwerp 1 Audience: This HPC Tutorial is designed for researchers at the Vrije Universiteit Brussel and affiliated institutes who are in need of computational power (computer resources) and wish to explore and use the High Performance Computing (HPC) core facilities of the Flemish Supercomputing Centre (VSC) to execute their computationally intensive tasks. The audience may be completely unaware of the VUB-HPC concepts but must have some basic understanding of computers and computer programming. Contents: This Beginners Part of this tutorial gives answers to the typical questions that a new VUB- HPC user has. The aim is to learn how to make use of the HPC. Beginners Part Questions chapter title What is a VUB-HPC exactly? 1 Introduction to HPC Can it solve my computational needs? How to get an account? 2 Getting an HPC Account How do I connect to the VUB-HPC and 3 Connecting to the HPC infrastructure transfer my files and programs? How to start background jobs? 4 Running batch jobs How to start jobs with user interaction? 5 Running interactive jobs Where do the input and output go? 6 Running jobs with input/output data Where to collect my results? Can I speed up my program by explor- 7 Multi core jobs/Parallel Computing ing parallel programming techniques? Troubleshooting 8 Troubleshooting What are the rules and priorities of 9 HPC Policies jobs? FAQ 10 Frequently Asked Questions The Advanced Part focuses on in-depth issues.