DOCSLIB.ORG

Exploiting Ill-Secured Communication Inside the Computer

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Exploiting Ill-Secured Communication Inside the Computer Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer Thanh Bui and Siddharth Prakash Rao, Aalto University; Markku Antikainen, University of Helsinki; Viswanathan Manihatty Bojan and Tuomas Aura, Aalto University https://www.usenix.org/conference/usenixsecurity18/presentation/bui This paper is included in the Proceedings of the 27th USENIX Security Symposium. August 15–17, 2018 • Baltimore, MD, USA 978-1-939133-04-5 Open access to the Proceedings of the 27th USENIX Security Symposium is sponsored by USENIX. Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer Thanh Bui*, Siddharth Rao*, Markku Antikaineny, Viswanathan Bojan*, and Tuomas Aura* * Aalto University y University of Helsinki, Helsinki Institute for Information Technology Abstract the authorized insiders. They may be coworkers, family members, or guest users with console access. Operating systems provide various inter-process commu- Our focus is on the security of inter-process communi- nication (IPC) mechanisms. Software applications typi- cation (IPC), i.e. communication channels that are inter- cally use IPC for communication between frontend and nal to the computer. Computer software often comprises backend components, which run in different processes multiple components, such as a frontend application and on the same computer. This paper studies the security a backend database, which obviously need to exchange of how the IPC mechanisms are used in PC, Mac and information. Many modern desktop applications also of- Linux software. We describe attacks where a nonprivi- ten follow the design of web software and have a sepa- leged process impersonates the IPC communication end- rate UI component, which connects to the business logic points. The attacks are closely related to impersonation via a RESTful API. The UI may even be implemented in and man-in-the-middle attacks on computer networks but JavaScript and run in a web browser. take place inside one computer. The vulnerable IPC We assume the attacker to have login access as non- methods are ones where a server process binds to a name administrator or, at minimum, the ability to keep non- or address and waits for client communication. Our re- privileged processes running in the background. The at- sults show that application developers are often unaware tacker’s goal is to exploit IPC between the processes of of the risks and secure practices in using IPC. We find at- another user. The attacks that we discover are similar to tacks against several security-critical applications includ- those on the open networks, but they happen inside one ing password managers and hardware tokens, in which computer, where application developers often do not ex- another user’s process is able to steal and misuse sensi- pect adversaries. We therefore use the name man in the tive data such as the victim’s credentials. The vulnera- machine (MitMa) to describe these attackers. bilities can be exploited in enterprise environments with centralized access control that gives multiple users re- During the analysis of case-study applications, we ob- mote or local login access to the same host. Computers served that application developers have an ambiguous with guest accounts and shared computers at home are attitude towards local attackers and the security of IPC similarly vulnerable. channels. On one hand, these threats are not given much consideration. It is quite common to cite opinions of se- curity experts stating that attempts to defend against local 1 Introduction attackers are futile. On the other hand, the application implementations often make some attempt to authenti- People use personal computers (PC) for storing and pro- cate or encrypt the communication, but rarely with the cessing their most critical information, such as sensitive same prudence as seen in communication over physical work documents, private messages, or access credentials networks. to online accounts. These computers and the software Our main contribution is to highlight the importance running on them is designed to be personal, and the fo- of the adversary model where a nonprivileged user inter- cus of security engineering has therefore been on exter- cepts communication inside the computer. We demon- nal threats from unauthorized users and from the Inter- strate its seriousness with various examples of widely- net. Nevertheless, most PCs can be accessed by more deployed applications and compromises of critical data. than one authorized user, making them effectively multi- We show that the vulnerabilities are common and that user computers. In this paper, we analyze threats from exploiting them is not difficult. We also discuss potential USENIX Association 27th USENIX Security Symposium 1511 ing [41], that is, leaving login sessions in the background and resuming them later. Such background sessions con- tinue to have running processes that can be used in the attacks. On macOS and Linux, it is also possible to leave processes running when the user logs out (e.g., with the nohup command). On Windows, user processes are killed at the end of the login session, and thus the MitMa attacker must remain logged in. Figure 1: MitMa attack MitMa attacker Method Linux macOS Windows Console login 3 3 3 Authenticated mitigation techniques. Finally, we believe that the obser- SSH 3 3 3 user vations of this paper will be valuable also in the ongoing Remote desktop N/A 3 N/A efforts to improve isolation between one user’s applica- Guest account Console login 3 3 3 tions. The rest of this paper is structured as follows. Sec- Table 1: MitMa attackers on different OSs tion 2 explains our adversary model. Section 3 describes IPC methods and the basic attack principles. Sections 4– The MitMa attacks can also be launched using guest 7 cover the vulnerabilities found in several classes of ap- accounts. The guest user can start the malicious process plications. Potential solutions are covered in Section 8 and leave the guest session in the background with fast while Section 9 discusses the results and Section 10 sur- user switching. We implemented the attacks described veys related work. Finally, Section 11 concludes the pa- in this paper with macOS High Sierra, Windows 7, and per. Windows 8.1. These operating systems have the guest account enabled by default. Windows 10 does not cur- 2 The adversary rently have a built-in guest account, though creating one is possible. In enterprise Windows domains, the avail- ability of the guest account depends on the group policy. This section describes the adversary model and explains The attacks can also be carried out remotely, for ex- its relevance in everyday information systems. ample, if SSH [56] has been enabled. On macOS, the We consider multi-user computers that may have pro- SSH server is started if the administrator chooses “Re- cesses of two or more users running at the same time. mote Login” from sharing preferences. Windows 10 in The attacker is a nonprivileged user who tries to steal the developer mode also starts an SSH server. The user sensitive information from or interfere with another user. might not realize this because earlier Windows versions It does this by intercepting communication between the required third-party SSH servers. victim user’s processes, as illustrated in Figure 1. The Another remote access method is remote desktop. malicious process is nonprivileged, and it typically runs Non-server versions of Windows allow only one inter- in the background and belongs to a different login ses- active session at a time. Thus, the attacker cannot access sion than the victim’s processes. The attack is similar the computer at the same time as the local users. How- to impersonation or man in the middle in computer net- ever, the remote desktop session can be left in the back- works, but since the communication takes place inside ground and resumed later, similar to fast user switching. one computer, we call it man in the machine (MitMa). The MitMa attack is technically possible also between Shared computers are common both in home and en- remote desktop sessions on a Windows Server. While the terprise environments. In a Windows domain, users are case-study applications considered in this paper are gen- centrally registered at the Active Directory (AD) and erally not run on Windows Server, there could be other they are typically able to log into each other’s worksta- vulnerable applications. tions. Linux and macOS workstations are commonly in- tegrated into AD or other centralized directory services. In addition to having its own user account, the MitMa 3 Client-server communication inside the attacker needs to be able to run a process in the back- computer ground when the victim user is working on the computer. Table 1 summarizes ways to achieve this. Personal com- Modern operating systems (OS) provide several means puters generally have not been designed for multiple si- for IPC. The vulnerabilities presented in this paper were multaneous users, but they do support fast user switch- found in IPC methods where a server process or device 1512 27th USENIX Security Symposium USENIX Association listens for connections from client processes. Specifi- do on the localhost because the legitimate server and at- cally, we consider network sockets, named pipes, and tacker cannot both bind to the same port number. Fortu- Universal Serial Bus (USB) communication. In this sec- nately for the attacker, many applications implement port tion, we give a high-level overview of these IPC mech- agility for IPC: if the primary port is taken, they choose anisms. The reader is referred e.g. to [47, 49] for more the next port number from a predefined list. This enables details. We also discuss the attack vectors that the MitMa the attacker to receive client connections on the primary attacker might exploit against each IPC type.
Load more

Recommended publications
  • Network/Socket Programming in Java
    Network/Socket Programming in Java Rajkumar Buyya Elements of C-S Computing a client, a server, and network Request Client Server Network Result Client machine Server machine java.net n Used to manage: c URL streams c Client/server sockets c Datagrams Part III - Networking ServerSocket(1234) Output/write stream Input/read stream Socket(“128.250.25.158”, 1234) Server_name: “manjira.cs.mu.oz.au” 4 Server side Socket Operations 1. Open Server Socket: ServerSocket server; DataOutputStream os; DataInputStream is; server = new ServerSocket( PORT ); 2. Wait for Client Request: Socket client = server.accept(); 3. Create I/O streams for communicating to clients is = new DataInputStream( client.getInputStream() ); os = new DataOutputStream( client.getOutputStream() ); 4. Perform communication with client Receiive from client: String line = is.readLine(); Send to client: os.writeBytes("Hello\n"); 5. Close sockets: client.close(); For multithreade server: while(true) { i. wait for client requests (step 2 above) ii. create a thread with “client” socket as parameter (the thread creates streams (as in step (3) and does communication as stated in (4). Remove thread once service is provided. } Client side Socket Operations 1. Get connection to server: client = new Socket( server, port_id ); 2. Create I/O streams for communicating to clients is = new DataInputStream( client.getInputStream() ); os = new DataOutputStream( client.getOutputStream() ); 3. Perform communication with client Receiive from client: String line = is.readLine(); Send to client: os.writeBytes("Hello\n");
    [Show full text]
  • Retrofitting Privacy Controls to Stock Android
    Saarland University Faculty of Mathematics and Computer Science Department of Computer Science Retrofitting Privacy Controls to Stock Android Dissertation zur Erlangung des Grades des Doktors der Ingenieurwissenschaften der Fakultät für Mathematik und Informatik der Universität des Saarlandes von Philipp von Styp-Rekowsky Saarbrücken, Dezember 2019 Tag des Kolloquiums: 18. Januar 2021 Dekan: Prof. Dr. Thomas Schuster Prüfungsausschuss: Vorsitzender: Prof. Dr. Thorsten Herfet Berichterstattende: Prof. Dr. Michael Backes Prof. Dr. Andreas Zeller Akademischer Mitarbeiter: Dr. Michael Schilling Zusammenfassung Android ist nicht nur das beliebteste Betriebssystem für mobile Endgeräte, sondern auch ein ein attraktives Ziel für Angreifer. Um diesen zu begegnen, nutzt Androids Sicher- heitskonzept App-Isolation und Zugangskontrolle zu kritischen Systemressourcen. Nutzer haben dabei aber nur wenige Optionen, App-Berechtigungen gemäß ihrer Bedürfnisse einzuschränken, sondern die Entwickler entscheiden über zu gewährende Berechtigungen. Androids Sicherheitsmodell kann zudem nicht durch Dritte angepasst werden, so dass Nutzer zum Schutz ihrer Privatsphäre auf die Gerätehersteller angewiesen sind. Diese Dissertation präsentiert einen Ansatz, Android mit umfassenden Privatsphäreeinstellun- gen nachzurüsten. Dabei geht es konkret um Techniken, die ohne Modifikationen des Betriebssystems oder Zugriff auf Root-Rechte auf regulären Android-Geräten eingesetzt werden können. Der erste Teil dieser Arbeit etabliert Techniken zur Durchsetzung von Sicherheitsrichtlinien
    [Show full text]
  • Inter-Process Communication, Analysis, Guidelines and Its Impact on Computer Security
    The 7th International Conference for Informatics and Information Technology (CIIT 2010) INTER-PROCESS COMMUNICATION, ANALYSIS, GUIDELINES AND ITS IMPACT ON COMPUTER SECURITY Zoran Spasov Ph.D. Ana Madevska Bogdanova T-Mobile Macedonia Institute of Informatics, FNSM Skopje, Macedonia Skopje, Macedonia ABSTRACT Finally the conclusion will offer a summary of the available programming techniques and implementations for the In this paper we look at the inter-process communication Windows platforms. We will note the security risks and the (IPC) also known as inter-thread or inter-application best practices to avoid them. communication from other knowledge sources. We will look and analyze the different types of IPC in the Microsoft II. INTER -PROCESS COMMUNICATION (IPC) Windows operating system, their implementation and the usefulness of this kind of approach in the terms of Inter-Process Communication (IPC) stands for many communication between processes. Only local techniques for the exchange of data among threads in one or implementation of the IPC will be addressed in this paper. more processes - one-directional or two-directional. Processes Special emphasis will be given to the system mechanisms that may be running locally or on many different computers are involved with the creation, management, and use of connected by a network. We can divide the IPC techniques named pipes and sockets. into groups of methods, grouped by their way of This paper will discuss some of the IPC options and communication: message passing, synchronization, shared techniques that are available to Microsoft Windows memory and remote procedure calls (RPC). We should programmers. We will make a comparison between Microsoft carefully choose the IPC method depending on data load that remoting and Microsoft message queues (pros and cons).
    [Show full text]
  • How to XDP (With Snabb)
    How to XDP (with Snabb) Max Rottenkolber <[email protected]> Tuesday, 21 January 2020 Table of Contents Intro 1 Creating an XDP socket 2 Mapping the descriptor rings 4 Binding an XDP socket to an interface 7 Forwarding packets from a queue to an XDP socket 8 Creating a BPF map . 9 Assembling a BPF program . 9 Attaching a BPF program to an interface . 12 Packet I/O 14 Deallocating the XDP socket 18 Intro Networking in userspace is becoming mainstream. Recent Linux kernels ship with a feature called eXpress Data Path (XDP) that intends to con- solidate kernel-bypass packet processing applications with the kernel’s networking stack. XDP provides a new kind of network socket that al- lows userspace applications to do almost direct I/O with network device drivers while maintaining integration with the kernel’s native network stack. To Snabb XDP looks like just another network I/O device. In fact the XDP ABI/API is so similar to a typical hardware interfaces that it feels a bit like driving a NIC, and not by accident. I think it is fair to describe XDP as a generic interface to Linux network drivers that also 1 has a virtual backend it integrates with: the Linux network stack. In that sense, XDP can be seen as a more hardware centric sibling of AF_PACKET. I can think of two reasons why XDP might be interesting for Snabb users: • While the Snabb community prefers NICs with open hardware interface specifications there are a lot of networking devices out there that lack open specifications.
    [Show full text]
  • An Introduction to Linux IPC
    An introduction to Linux IPC Michael Kerrisk © 2013 linux.conf.au 2013 http://man7.org/ Canberra, Australia [email protected] 2013-01-30 http://lwn.net/ [email protected] man7 .org 1 Goal ● Limited time! ● Get a flavor of main IPC methods man7 .org 2 Me ● Programming on UNIX & Linux since 1987 ● Linux man-pages maintainer ● http://www.kernel.org/doc/man-pages/ ● Kernel + glibc API ● Author of: Further info: http://man7.org/tlpi/ man7 .org 3 You ● Can read a bit of C ● Have a passing familiarity with common syscalls ● fork(), open(), read(), write() man7 .org 4 There’s a lot of IPC ● Pipes ● Shared memory mappings ● FIFOs ● File vs Anonymous ● Cross-memory attach ● Pseudoterminals ● proc_vm_readv() / proc_vm_writev() ● Sockets ● Signals ● Stream vs Datagram (vs Seq. packet) ● Standard, Realtime ● UNIX vs Internet domain ● Eventfd ● POSIX message queues ● Futexes ● POSIX shared memory ● Record locks ● ● POSIX semaphores File locks ● ● Named, Unnamed Mutexes ● System V message queues ● Condition variables ● System V shared memory ● Barriers ● ● System V semaphores Read-write locks man7 .org 5 It helps to classify ● Pipes ● Shared memory mappings ● FIFOs ● File vs Anonymous ● Cross-memory attach ● Pseudoterminals ● proc_vm_readv() / proc_vm_writev() ● Sockets ● Signals ● Stream vs Datagram (vs Seq. packet) ● Standard, Realtime ● UNIX vs Internet domain ● Eventfd ● POSIX message queues ● Futexes ● POSIX shared memory ● Record locks ● ● POSIX semaphores File locks ● ● Named, Unnamed Mutexes ● System V message queues ● Condition variables ● System V shared memory ● Barriers ● ● System V semaphores Read-write locks man7 .org 6 It helps to classify ● Pipes ● Shared memory mappings ● FIFOs ● File vs Anonymous ● Cross-memoryn attach ● Pseudoterminals tio a ● proc_vm_readv() / proc_vm_writev() ● Sockets ic n ● Signals ● Stream vs Datagram (vs uSeq.
    [Show full text]
  • Improving Networking
    IMPERIAL COLLEGE LONDON FINALYEARPROJECT JUNE 14, 2010 Improving Networking by moving the network stack to userspace Author: Matthew WHITWORTH Supervisor: Dr. Naranker DULAY 2 Abstract In our modern, networked world the software, protocols and algorithms involved in communication are among some of the most critical parts of an operating system. The core communication software in most modern systems is the network stack, but its basic monolithic design and functioning has remained unchanged for decades. Here we present an adaptable user-space network stack, as an addition to my operating system Whitix. The ideas and concepts presented in this report, however, are applicable to any mainstream operating system. We show how re-imagining the whole architecture of networking in a modern operating system offers numerous benefits for stack-application interactivity, protocol extensibility, and improvements in network throughput and latency. 3 4 Acknowledgements I would like to thank Naranker Dulay for supervising me during the course of this project. His time spent offering constructive feedback about the progress of the project is very much appreciated. I would also like to thank my family and friends for their support, and also anybody who has contributed to Whitix in the past or offered encouragement with the project. 5 6 Contents 1 Introduction 11 1.1 Motivation.................................... 11 1.1.1 Adaptability and interactivity.................... 11 1.1.2 Multiprocessor systems and locking................ 12 1.1.3 Cache performance.......................... 14 1.2 Whitix....................................... 14 1.3 Outline...................................... 15 2 Hardware and the LDL 17 2.1 Architectural overview............................. 17 2.2 Network drivers................................. 18 2.2.1 Driver and device setup.......................
    [Show full text]
  • IPC: Mmap and Pipes
    Interprocess Communication: Memory mapped files and pipes CS 241 April 4, 2014 University of Illinois 1 Shared Memory Private Private address OS address address space space space Shared Process A segment Process B Processes request the segment OS maintains the segment Processes can attach/detach the segment 2 Shared Memory Private Private Private address address space OS address address space space space Shared Process A segment Process B Can mark segment for deletion on last detach 3 Shared Memory example /* make the key: */ if ((key = ftok(”shmdemo.c", 'R')) == -1) { perror("ftok"); exit(1); } /* connect to (and possibly create) the segment: */ if ((shmid = shmget(key, SHM_SIZE, 0644 | IPC_CREAT)) == -1) { perror("shmget"); exit(1); } /* attach to the segment to get a pointer to it: */ data = shmat(shmid, (void *)0, 0); if (data == (char *)(-1)) { perror("shmat"); exit(1); } 4 Shared Memory example /* read or modify the segment, based on the command line: */ if (argc == 2) { printf("writing to segment: \"%s\"\n", argv[1]); strncpy(data, argv[1], SHM_SIZE); } else printf("segment contains: \"%s\"\n", data); /* detach from the segment: */ if (shmdt(data) == -1) { perror("shmdt"); exit(1); } return 0; } Run demo 5 Memory Mapped Files Memory-mapped file I/O • Map a disk block to a page in memory • Allows file I/O to be treated as routine memory access Use • File is initially read using demand paging ! i.e., loaded from disk to memory only at the moment it’s needed • When needed, a page-sized portion of the file is read from the file system
    [Show full text]
  • Interprocess Communication
    06 0430 CH05 5/22/01 10:22 AM Page 95 5 Interprocess Communication CHAPTER 3,“PROCESSES,” DISCUSSED THE CREATION OF PROCESSES and showed how one process can obtain the exit status of a child process.That’s the simplest form of communication between two processes, but it’s by no means the most powerful.The mechanisms of Chapter 3 don’t provide any way for the parent to communicate with the child except via command-line arguments and environment variables, nor any way for the child to communicate with the parent except via the child’s exit status. None of these mechanisms provides any means for communicating with the child process while it is actually running, nor do these mechanisms allow communication with a process outside the parent-child relationship. This chapter describes means for interprocess communication that circumvent these limitations.We will present various ways for communicating between parents and chil- dren, between “unrelated” processes, and even between processes on different machines. Interprocess communication (IPC) is the transfer of data among processes. For example, a Web browser may request a Web page from a Web server, which then sends HTML data.This transfer of data usually uses sockets in a telephone-like connection. In another example, you may want to print the filenames in a directory using a command such as ls | lpr.The shell creates an ls process and a separate lpr process, connecting 06 0430 CH05 5/22/01 10:22 AM Page 96 96 Chapter 5 Interprocess Communication the two with a pipe, represented by the “|” symbol.A pipe permits one-way commu- nication between two related processes.The ls process writes data into the pipe, and the lpr process reads data from the pipe.
    [Show full text]
  • Post Sockets - a Modern Systems Network API Mihail Yanev (2065983) April 23, 2018
    Post Sockets - A Modern Systems Network API Mihail Yanev (2065983) April 23, 2018 ABSTRACT In addition to providing native solutions for problems, es- The Berkeley Sockets API has been the de-facto standard tablishing optimal connection with a Remote point or struc- systems API for networking. However, designed more than tured data communication, we have identified that a com- three decades ago, it is not a good match for the networking mon issue with many of the previously provided networking applications today. We have identified three different sets of solutions has been leaving the products vulnerable to code problems in the Sockets API. In this paper, we present an injections and/or buffer overflow attacks. The root cause implementation of Post Sockets - a modern API, proposed by for such problems has mostly proved to be poor memory Trammell et al. that solves the identified limitations. This or resource management. For this reason, we have decided paper can be used for basis of evaluation of the maturity of to use the Rust programming language to implement the Post Sockets and if successful to promote its introduction as new API. Rust is a programming language, that provides a replacement API to Berkeley Sockets. data integrity and memory safety guarantees. It uses region based memory, freeing the programmer from the responsibil- ity of manually managing the heap resources. This in turn 1. INTRODUCTION eliminates the possibility of leaving the code vulnerable to Over the years, writing networked applications has be- resource management errors, as this is handled by the lan- come increasingly difficult.
    [Show full text]
  • Interprocess Communications (Pipes)
    Multiple methods for Interprocess Communications Three examples: files, pipes, shared memory. In this figure, Local domain sockets would be conceptually similar to a named pipe. The second method refers to pipes Sources for these slides include: • W. Stevens, Unix Network Programming, Volumes 1 and 2 • M. Mitchell, J. Oldham, A. Samuel, Advanced Linux Programming 1 Interprocess Communication (IPC) ⚫ Linux supports the following IPC mechanisms: – Half duplex pipes – Full duplex pipes –only by using 2 pipes (other unix systems do support FD over a single pipe) – FIFOS (also called named pipes) – SYSV style message queues – SYSV style shared memory – Local Domain (UNIX Domain) sockets – Similar to a socket but modifications to the address/name aspect. (PF_LOCAL rather than PF_INET). – Sockets: Two processes can communicate using localhost. But it’s more efficient to use 2 pipes or local domain sockets. Pipe – used in a shell pipeline ⚫ Example of a pipeline - issue the following in a shell: – who | sort | wc 2 10 110 – The shell program creates three processes, two pipes are used as shown below. – The shell would use the dup2 call to duplicate the read end of each pipe to standard input and the write end to standard output. ⚫ int fd[2]; ⚫ pid_t pid; ⚫ pipe(fd); ⚫ pid = fork(); ⚫ If(pid == 0) { – dup2(fd[0], STDIN_FILENO); – exec(whatever); ⚫ } ⚫ The use of dup2 by a shell allows a program or filter to simply operate on data arriving through standard in….and sends output to standard out. It does not need to know the pipe descriptors involved…. 3 – Note – modified the pipeline- the figure assumes lp instead of wc .
    [Show full text]
  • Interacting Modelica Using a Named Pipe for Hardware-In-The-Loop Simulation
    Interacting Modelica using a Named Pipe for Hardware-in-the-loop Simulation Interacting Modelica using a Named Pipe for Hardware-in-the-loop Simulation Arno Ebner Anton Haumer Dragan Simic Franz Pirker Arsenal Research Giefinggasse 2, 1210 Vienna, Austria phone: +43 50550 6663, fax: +43 50550 6595, e-mail: [email protected] Abstract tion for the system model considering the initial val- ues. The paper presents a concept and an implementation In some cases the user or other applications have to of Modelica simulation interaction using the operat- interact with the simulation, for example to: ing system inter-process communication method of • Start or interrupt the simulation the Named Pipe. The main aim of this presented • Change parameters or variables during the simu- work is to implement a hardware-in-the-loop simula- lation tion (HILS) environment based on Dymola which • Communicate with other applications, for exam- runs on a normal Microsoft Windows Personal Com- ple with another simulation environment puter. • Exchange data with an input/output-card or a pe- An energy storage test bench is connected by an ana- ripheral communication interface logue and digital data input/output card with the Dy- • Build up a hardware-in-the-loop simulation envi- mola simulation computer. With this proposed sys- ronment tem, particularly long-time simulations with sample rates up to 30 Hz can be executed very cost effective. Hardware-in-the-loop (HIL) is the integration of real Typical applications are simulations of drive cycles components and system models in a common simu- to test energy storage systems in electrified vehicles lation environment [1].
    [Show full text]
  • SMB Analysis
    NAP-3 Microsoft SMB Troubleshooting Rolf Leutert, Leutert NetServices, Switzerland © Leutert NetServices 2013 www.wireshark.ch Server Message Block (SMB) Protokoll SMB History Server Message Block (SMB) is Microsoft's client-server protocol and is most commonly used in networked environments where Windows® operating systems are in place. Invented by IBM in 1983, SMB has become Microsoft’s core protocol for shared services like files, printers etc. Initially SMB was running on top of non routable NetBIOS/NetBEUI API and was designed to work in small to medium size workgroups. 1996 Microsoft renamed SMB to Common Internet File System (CIFS) and added more features like larger file sizes, Windows RPC, the NT domain service and many more. Samba is the open source SMB/CIFS implementation for Unix and Linux systems 2 © Leutert NetServices 2013 www.wireshark.ch Server Message Block (SMB) Protokoll SMB over TCP/UDP/IP SMB over NetBIOS over UDP/TCP SMB / NetBIOS was made routable by running Application over TCP/IP (NBT) using encapsulation over 137/138 139 TCP/UDP-Ports 137–139 .. Port 137 = NetBIOS Name Service (NS) Port 138 = NetBIOS Datagram Service (DGM) Port 139 = NetBIOS Session Service (SS) Data Link Ethernet, WLAN etc. Since Windows 2000, SMB runs, by default, with a thin layer, the NBT's Session Service, on SMB “naked” over TCP top of TCP-Port 445. Application 445 DNS and LLMNR (Link Local Multicast Name . Resolution) is used for name resolution. Port 445 = Microsoft Directory Services (DS) SMB File Sharing, Windows Shares, Data Link Ethernet, WLAN etc. Printer Sharing, Active Directory 3 © Leutert NetServices 2013 www.wireshark.ch Server Message Block (SMB) Protokoll NetBIOS / SMB History NetBIOS Name Service (UDP Port 137) Application • Using NetBIOS names for clients and services.
    [Show full text]