Wednesday 13 February 2013

Security Bytes 0x001

... a byte today, a little more prepared tomorrow.

Address Resolution Protocol (ARP)
ARP is a network layer protocol used to convert an IP address into a physical address (called a DLC address), such as an Ethernet address. A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network. The host on the network that has the IP address in the request then replies with its physical hardware address.

ARP Cache Poisoning / ARP Spoofing
It is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host(such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead. After a successful ARP cache/spoof attack, the compromise can be escalated by DoS, MiTM and Mac Flooding (forcing a switch to degrade to a hub to make network sniffing possible) attacks.

Border Gateway Protocol (BGP)
BGP is the protocol which is used to make core routing decisions on the Internet; it involves a table of IP networks or "prefixes" which designate network reachability among autonomous systems (AS).

Cisco Internetworking Technology Handbook

TCP and UDP Port Numbers
20 - [TCP] File Transfer Protocol (FTP) data transfer
22 - [TCP] Secure Shell (SSH)
23 - [TCP] Telnet
25 - [TCP] Simple Mail Transfer Protocol (SMTP)
43 - [TCP] Whois Protocol
53 - [TCP/UDP] Domain Name System (DNS)
67 - [UDP] Domain Host Configuration Protocol (DHCP) Server
68 - [UDP] Domain Host Configuration Protocol (DHCP) Client
80 - [TCP] Hyper Text Transfer Protocol (HTTP)
115 - [TCP] Simple File Transfer Protocol (SFTP)
123 - [UDP] Network Time Protocol (NTP)
137 - [TCP/UDP] NetBios Name Service
138 - [TCP/UDP] NetBios Datagram Service
139 - [TCP/UDP] NetBios Session Service
143 - [TCP] Internet Message Access Protocol (IMAP)
194 - [TCP/UDP] Internet Relay Chat (IRC)
220 - [TCP/UDP] Internet Message Access Protocol (IMAP) Version 3
264 - [TCP] Border Gateway Multicast Protocol (BGMP)
389 - [TCP/UDP] Lightweight Directory Access Protocol (LDAP)
443 - [TCP] HTTP over Secure Sockets Layer (SSL) / Transport Layer Security (TLS)
445 - [TCP] Server Message Block (SMB)
513 - [TCP] RLogin
514 - [TCP] Shell
514 - [UDP] Syslog

Cross Site Scripting (XSS)
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

Cross Site Request Forgery (CSRF / XSRF)
Cross-site request forgery is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.Unlike XSS, which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

Hub VS Switch VS Router
In a hub, a frame is passed along or "broadcast" to every one of its ports.
A switch, keeps a record of the MAC addresses of all the devices connected to it. With this information, a switch can identify which system is sitting on which port. So when a frame is received, it knows exactly which port to send it to, without significantly increasing network response times.
Routers route packets to other networks until that packet ultimately reaches its destination. A router is typically connected to at least two networks, commonly two Local Area Networks (LANs) or Wide Area Networks (WAN) or a LAN and its ISP's network .

Open Systems Interconnection (OSI) Model
It is a prescription of characterizing and standardizing the functions of a communications system in terms of abstraction layers.

Network Protocols

Processes VS Threads
A process is an executing instance of an application. Communication between processes – also known as IPC, or inter-process communication – is quite difficult and resource-intensive.
A thread is a path of execution withina process. Threads within the same process share the same address space, whereas different processes do not. This allows threads to read from and write to the same data structures and variables, and also facilitates communication between threads.

Memory Model Comparisons (Flat, Paged, Segmented)

Transmission Control Protocol (TCP) VS User Datagram Protocol (UDP)
TCP is connection oriented – once a connection is established, data can be sent bidirectionally. UDP is a simpler, connectionless Internet protocol. Multiple messages are sent as packets in chunks using UDP.
TCP 3-way handshake: SYN, SYN ACK, ACK.