Скачать презентацию The only profound way to improve overall Internet Скачать презентацию The only profound way to improve overall Internet

cd9bece3ca054ef0b2f2ad5fec1a652c.ppt

  • Количество слайдов: 81

The only profound way to improve overall Internet security is to: The only profound way to improve overall Internet security is to:

Recently, my. Net. Watchman detected an incident in which a host was infected with Recently, my. Net. Watchman detected an incident in which a host was infected with the Microsoft SQL Spida Worm. A backtrace of the offending IP yielded some interesting results…

Solution to the Korean Spam problem? Solution to the Korean Spam problem?

RESERVED-9 RESERVED-2 PDN RESERVED-23 RESERVED-31 RESERVED-37 RESERVED-39 A RESERVED-41 A RESERVED-58 RESERVED-59 RESERVED-60 RESERVED-7 RESERVED-9 RESERVED-2 PDN RESERVED-23 RESERVED-31 RESERVED-37 RESERVED-39 A RESERVED-41 A RESERVED-58 RESERVED-59 RESERVED-60 RESERVED-7 RESERVED-11 RESERVED-8 1. 0. 0. 0 - 1. 255 2. 0. 0. 0 - 2. 255 14. 0. 0. 0 - 14. 255 23. 0. 0. 0 - 23. 255 31. 0. 0. 0 - 31. 255 37. 0. 0. 0 - 37. 255 39. 0. 0. 0 - 39. 255 41. 0. 0. 0 - 41. 255 58. 0. 0. 0 - 58. 255 59. 0. 0. 0 - 59. 255 60. 0 - 60. 255 69. 0. 0. 0 - 79. 255 82. 0. 0. 0 - 95. 255 96. 0. 0. 0 - 126. 255

Perform Spoof Detection Perform Spoof Detection

Step 2: Traceroute to the IP and get an *actual* hop count. If substantially Step 2: Traceroute to the IP and get an *actual* hop count. If substantially different from the implied count, then the IP may be spoofed

Traceroute Hop Count Difficulties Traceroute Hop Count Difficulties

Performing a reverse DNS lookup with nslookup can sometimes yield the domain name of Performing a reverse DNS lookup with nslookup can sometimes yield the domain name of the IP address in question. Armed with that domain name, we can query for the domain’s Start of Authority (SOA) contact information.

ARIN Whois Query Syntax ARIN Whois Query Syntax

Records that are not administered by ARIN are likely to be found at one Records that are not administered by ARIN are likely to be found at one of the other regional registries, RIPE and APNIC. Sometimes a query to ARIN will refer you to APNIC who, in turn, will direct you to JPNIC, KRNIC, or or one of the national registries.

Cross-check the domain info returned from a IP based whois query with the domain Cross-check the domain info returned from a IP based whois query with the domain whois records. Geektools runs a nice proxy that can be used for both IP and domain name queries.

The State of. us The State of. us

You can use nslookup to get the mail server for a domain, and then You can use nslookup to get the mail server for a domain, and then manually you can VRFY addresses at the domain. If verification is turned off, you may want to check http: //whois. abuse. net

If a whois query doesn’t give you the appropriate domain, try a Google search If a whois query doesn’t give you the appropriate domain, try a Google search on organization name adding *parts* of the address info

Double Netblocks? Double Netblocks?

Telnet to port 25 and see if the IP address runs a mailserver and Telnet to port 25 and see if the IP address runs a mailserver and has possibly published a useful banner. Other well known ports may be tried as well (POP, FTP, etc. )

Gone too far? Gone too far?

References - Page 1 References - Page 1

References - Page 2 References - Page 2

References - Page 3 References - Page 3