资源描述:
《advanced host detection:高级主机检测》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、AdvancedHostDetectionTechniquesToValidateHost-Connectivitywhitepaperbydethydethy@synnergy.netAbstractSecurityEngineersspendatirelessamountofefforttoblockandfilterpacketanomaliesinaninternetworkconnectedenvironment.Advancedhostmappingbypassesmanyformsofintrusiondetections
2、ystems,filters,androuters,essentiallyenablinganattackertomapanddiscoverpreviouslyunknownfirewalledhosts.IntroductionThispaperwillattempttodescribetechniquesusedtodiscoverheavilyfilteredandfirewalledhosts,thatwillnotanswertostandardPINGresponses.Itisassumedthatthereaderha
3、safirmknowledgeofthemajorinternetprotocols(TCP,IP,UDP,ICMP).Mostotherprotocolswillnotbediscussedbuttechniquesdescribedherecanbeappliedtomanyprotocols.HostDetectionMethodsItisbecomingincreasinglyapparenttheamountoffirewalledandfilteredhostsconnectedtotheinternetnowadays.M
4、isconfiguredandintrinsicallyfirewalledhostsoftenblockpacketresponsesandrepliesthatdeterminetheir(inter)networkconnectivity.AprimeexampleofthisscenarioisthestandardPING(packetinternetgroper)utility.PINGissuesanICMPtype3(echorequest)responsetoanarbitraryhosttotestforit'son
5、lineconnectivity.However,sinceagrowingnumberoftheseserversblockmanyformsofICMPcodetypes,areplywilloftenbeblocked,droppedandthusundelivered.Unfortunately,aclientmaythenassumethenetworkorhostisdownorinconvenientlyfirewalled.Exactlyhowcanoneknowinglydetecttheonlinepresenceo
6、fahost?Understandingavenueswhichcancircumventcertainlevelsoffirewallrulesets,willultimatelyallowaclienttodeterminewhetherahostisnetworkconnectedand/orbehindafilteredenvironment.Thistechniqueisknownas'HostDetection.Hostdetectionissimilartoscanninginseveralwaysalthoughhost
7、detectiondoesnottestfortheabsenceofpacketstoportsormodificationspertainingtoprotocolheaders,iesettingflaggedpacketreplies,butrathertestsanyresponsivenesssignsofissuedfromtheremotehost.Inthisrespect,host-detectionisaformofPINGscanning,thatisdetectinganyformofresponsetosig
8、nifytheapparentconnectivestateofaserver.Thispaperanalysestwobroad'PINGsweep'hostdetectiontechniquesthat
