advanced host detection：高級主機檢測

《advanced host detection：高級主機檢測》由會員上傳分享，免費在線閱讀，更多相關(guān)內(nèi)容在教育資源-天天文庫。

1、AdvancedHostDetectionTechniquesToValidateHost-Connectivitywhitepaperbydethydethy@synnergy.netAbstractSecurityEngineersspendatirelessamountofefforttoblockandfilterpacketanomaliesinaninternetworkconnectedenvironment.Advancedhostmappingbypassesmanyformsofintrusiondetections

2、ystems,filters,androuters,essentiallyenablinganattackertomapanddiscoverpreviouslyunknownfirewalledhosts.IntroductionThispaperwillattempttodescribetechniquesusedtodiscoverheavilyfilteredandfirewalledhosts,thatwillnotanswertostandardPINGresponses.Itisassumedthatthereaderha

3、safirmknowledgeofthemajorinternetprotocols(TCP,IP,UDP,ICMP).Mostotherprotocolswillnotbediscussedbuttechniquesdescribedherecanbeappliedtomanyprotocols.HostDetectionMethodsItisbecomingincreasinglyapparenttheamountoffirewalledandfilteredhostsconnectedtotheinternetnowadays.M

4、isconfiguredandintrinsicallyfirewalledhostsoftenblockpacketresponsesandrepliesthatdeterminetheir(inter)networkconnectivity.AprimeexampleofthisscenarioisthestandardPING(packetinternetgroper)utility.PINGissuesanICMPtype3(echorequest)responsetoanarbitraryhosttotestforit'son

5、lineconnectivity.However,sinceagrowingnumberoftheseserversblockmanyformsofICMPcodetypes,areplywilloftenbeblocked,droppedandthusundelivered.Unfortunately,aclientmaythenassumethenetworkorhostisdownorinconvenientlyfirewalled.Exactlyhowcanoneknowinglydetecttheonlinepresenceo

6、fahost?Understandingavenueswhichcancircumventcertainlevelsoffirewallrulesets,willultimatelyallowaclienttodeterminewhetherahostisnetworkconnectedand/orbehindafilteredenvironment.Thistechniqueisknownas'HostDetection.Hostdetectionissimilartoscanninginseveralwaysalthoughhost

7、detectiondoesnottestfortheabsenceofpacketstoportsormodificationspertainingtoprotocolheaders,iesettingflaggedpacketreplies,butrathertestsanyresponsivenesssignsofissuedfromtheremotehost.Inthisrespect,host-detectionisaformofPINGscanning,thatisdetectinganyformofresponsetosig

8、nifytheapparentconnectivestateofaserver.Thispaperanalysestwobroad'PINGsweep'hostdetectiontechniquesthat