Wednesday, 13 February 2013

Security Bytes 0x001

... a byte today, a little more prepared tomorrow.

Address Resolution Protocol (ARP)
ARP is a network layer protocol used to convert an IP address into a physical address (called a DLC address), such as an Ethernet address. A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network. The host on the network that has the IP address in the request then replies with its physical hardware address.
http://en.wikipedia.org/wiki/Address_Resolution_Protocol

ARP Cache Poisoning / ARP Spoofing
It is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host(such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead. After a successful ARP cache/spoof attack, the compromise can be escalated by DoS, MiTM and Mac Flooding (forcing a switch to degrade to a hub to make network sniffing possible) attacks.
http://www.thegeekstuff.com/2012/01/arp-cache-poisoning/
http://www.grc.com/nat/arp.htm
http://en.wikipedia.org/wiki/ARP_spoofing

Border Gateway Protocol (BGP)
BGP is the protocol which is used to make core routing decisions on the Internet; it involves a table of IP networks or "prefixes" which designate network reachability among autonomous systems (AS).
http://en.wikipedia.org/wiki/Border_Gateway_Protocol

Cisco Internetworking Technology Handbook
http://docwiki.cisco.com/wiki/Internetworking_Technology_Handbook

TCP and UDP Port Numbers
20 - [TCP] File Transfer Protocol (FTP) data transfer
22 - [TCP] Secure Shell (SSH)
23 - [TCP] Telnet
25 - [TCP] Simple Mail Transfer Protocol (SMTP)
43 - [TCP] Whois Protocol
53 - [TCP/UDP] Domain Name System (DNS)
67 - [UDP] Domain Host Configuration Protocol (DHCP) Server
68 - [UDP] Domain Host Configuration Protocol (DHCP) Client
80 - [TCP] Hyper Text Transfer Protocol (HTTP)
115 - [TCP] Simple File Transfer Protocol (SFTP)
123 - [UDP] Network Time Protocol (NTP)
137 - [TCP/UDP] NetBios Name Service
138 - [TCP/UDP] NetBios Datagram Service
139 - [TCP/UDP] NetBios Session Service
143 - [TCP] Internet Message Access Protocol (IMAP)
194 - [TCP/UDP] Internet Relay Chat (IRC)
220 - [TCP/UDP] Internet Message Access Protocol (IMAP) Version 3
264 - [TCP] Border Gateway Multicast Protocol (BGMP)
389 - [TCP/UDP] Lightweight Directory Access Protocol (LDAP)
443 - [TCP] HTTP over Secure Sockets Layer (SSL) / Transport Layer Security (TLS)
445 - [TCP] Server Message Block (SMB)
513 - [TCP] RLogin
514 - [TCP] Shell
514 - [UDP] Syslog
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
http://www.techiwarehouse.com/engine/e710cc74/Most-Common-TCP-Ports

Cross Site Scripting (XSS)
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
http://en.wikipedia.org/wiki/Cross-site_scripting

Cross Site Request Forgery (CSRF / XSRF)
Cross-site request forgery is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.Unlike XSS, which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

Hub VS Switch VS Router
In a hub, a frame is passed along or "broadcast" to every one of its ports.
A switch, keeps a record of the MAC addresses of all the devices connected to it. With this information, a switch can identify which system is sitting on which port. So when a frame is received, it knows exactly which port to send it to, without significantly increasing network response times.
Routers route packets to other networks until that packet ultimately reaches its destination. A router is typically connected to at least two networks, commonly two Local Area Networks (LANs) or Wide Area Networks (WAN) or a LAN and its ISP's network .http://www.webopedia.com/DidYouKnow/Hardware_Software/2006/router_switch_hub.asp

Open Systems Interconnection (OSI) Model
It is a prescription of characterizing and standardizing the functions of a communications system in terms of abstraction layers.http://www.tcpipguide.com/free/t_PhysicalLayerLayer1.htm
http://en.wikipedia.org/wiki/OSI_model

Network Protocols
http://en.wikipedia.org/wiki/List_of_network_protocols_(OSI_model)

Processes VS Threads
A process is an executing instance of an application. Communication between processes – also known as IPC, or inter-process communication – is quite difficult and resource-intensive.
A thread is a path of execution withina process. Threads within the same process share the same address space, whereas different processes do not. This allows threads to read from and write to the same data structures and variables, and also facilitates communication between threads.http://www.cafeaulait.org/course/week11/02.html
http://www.programmerinterview.com/index.php/operating-systems/thread-vs-process
http://en.wikipedia.org/wiki/Thread_(computing)

Memory Model Comparisons (Flat, Paged, Segmented)
http://en.wikipedia.org/wiki/Flat_memory_model

Transmission Control Protocol (TCP) VS User Datagram Protocol (UDP)
TCP is connection oriented – once a connection is established, data can be sent bidirectionally. UDP is a simpler, connectionless Internet protocol. Multiple messages are sent as packets in chunks using UDP.
TCP 3-way handshake: SYN, SYN ACK, ACK.
http://www.diffen.com/difference/TCP_vs_UDP

No comments:

Post a Comment