User Tools

Site Tools


network_security_assesment

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
network_security_assesment [2009/06/08 03:37] k2patelnetwork_security_assesment [2009/06/26 07:45] k2patel
Line 442: Line 442:
 Thomas Lopatic et al. titled “A Stateful Inspection of Firewall-1” available as a Real\\ Thomas Lopatic et al. titled “A Stateful Inspection of Firewall-1” available as a Real\\
 Media video stream and PowerPoint presentation from [[ http://www.blackhat.com/html/bh-usa-00/bh-usa-00-speakers.html | Link]] Media video stream and PowerPoint presentation from [[ http://www.blackhat.com/html/bh-usa-00/bh-usa-00-speakers.html | Link]]
 +
 +=== Low-Level IP Assessment ===
 +Tools such as Nmap, Hping2, and Firewalk perform low-level IP assessment.
 +
 +Insight into the following areas of a network can be gleaned through low-level IP assessment:
 +
 +  * Uptime of target hosts (by analyzing the TCP timestamp option)
 +  * TCP services that are permitted through the firewall (by analyzing responses to TCP and ICMP probes)
 +  * TCP sequence and IP ID incrementation (by running predictability tests)
 +  * The operating system of the target host (using IP fingerprinting)
 +
 +The TCP timestamp option is defined in RFC 1323.
 +== Analyzing Responses to TCP Probes ==
 +A TCP probe always results in one of four responses. These responses potentially\\
 +allow an analyst to identify where a connection was accepted, or why and where it\\
 +was rejected, dropped, or lost:
 +  * TCP SYN/ACK
 +If a SYN/ACK packet is received, the port is considered open.
 +  * TCP RST/ACK
 +If an RST/ACK packet is received, the probe packet was rejected by either the\\
 +target host or an upstream security device (e.g., a firewall with a reject rule in its policy).
 +  * ICMP type 3 code 13
 +If an ICMP type 3 code 13 message is received, the host (or a device such as a\\
 +firewall) has administratively prohibited the connection according to an Access Control List (ACL) rule.
 +  * Nothing
 +If no packet is received, an intermediary security device silently dropped it.
  
 [[96]] [[96]]
network_security_assesment.txt · Last modified: 2020/08/10 02:35 by 127.0.0.1