Network Traffic Analysis Using tcpdump Reference Material

Reference MaterialW. Richard Stevens, TCP/IP Illustrated, Volume 1 TheProtocols, Addison-WesleyEric A. Hall, Internet Core Protocols, O’ReillyCraig H. Rowland, “Covert Channels in the TCP/IP Protocol Suite”,www.psionic.com/papers/covert/covert.tcp.txtOfir Arkin, “ICMP Usage in Scanning”, www.sys-security.comFyodor, “Remote OS detection via TCP/IP Stack FingerPrinting”www.insecure.org/nmap/nmap-fingerprinting-articleThomas Ptacek, Timothy Newsham, “Insertion, Evasion, and Denial of Service:Eluding Network Intrusion Detection”, www.robertgraham.com/mirror/Ptacek-Newsham-Evasion-98.htmlRain Forest Puppy, “A look at whisker’s anti-IDS tactics”, www.wiretrip.net/rfp...
Nội dung trích xuất từ tài liệu:
Network Traffic Analysis Using tcpdump Reference Material Network Traffic Analysis Using tcpdump Reference Material Judy Novak Johns Hopkins University Applied Physics Laboratory jhnovak@ix.netcom.com 1All material Copyright  Novak, 2000, 2001. All rights reserved. 1 References 2This page intentionally left blank. 2 Reference Material W. Richard Stevens, TCP/IP Illustrated, Volume 1 The Protocols, Addison-Wesley Eric A. Hall, Internet Core Protocols, O’Reilly Craig H. Rowland, “Covert Channels in the TCP/IP Protocol Suite”, www.psionic.com/papers/covert/covert.tcp.txt Ofir Arkin, “ICMP Usage in Scanning”, www.sys-security.com Fyodor, “Remote OS detection via TCP/IP Stack FingerPrinting” www.insecure.org/nmap/nmap-fingerprinting-article Thomas Ptacek, Timothy Newsham, “Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection”, www.robertgraham.com/ mirror/Ptacek-Newsham-Evasion-98.html Rain Forest Puppy, “A look at whisker’s anti-IDS tactics”, www.wiretrip.net/rfp 3This page intentionally left blank. 3 Referenced Links • www.nswc.navy.mil/ISSEC/CID Site to obtain Shadow software • www.map2.ethz.ch/ftp-probleme.htm Site for list of initial TTL’s by operating system and protocol • www.phrack.com Site to find out more about the loki exploit • ftp.su.se/pub/security/security/tools/net/tcpshow Site to download source code for tcpshow • www.cisco.com/warp/public/770/nifrag.shtml Site to read about a particular denial of service using fragmentation against Cisco routers 4This page intentionally left blank. 4 Referenced Links • www.cert.org/advisories Site to read about CERT advisory concerning an inverse query exploit, ToolTalk exploit • ftp.isi.edu/in-notes/iana/ assignments/ Information about protocols, reserved address spaces • ftp.ee.lbl.gov/tcpdump.tar.Z ftp.ee.lbl.gov/libpcap.tar.Z netgroup-serv.polito.it/windump netgroup-serv.polito.it/winpcap www.tcpdump.org Sites for tcpdump and support software • www.whitefang.com/rin Site for article on “Raw IP Networking FAQ” 5This page intentionally left blank. 5 Referenced Links • www.packetfactory.net Site to obtain libnet software • www.insecure.org Site to obtain nmap software • packetstorm.securify.com Site to obtain hping2-beta54.tar.gz Site to obtain isic-0.05.tar.gz • www.sans.org/y2k/gnutella.htm Site for write-up on Gnutella • www.napster.com www.f11.org/david.weekly.org/ opennap.sourceforge.net/napster.txt Sites for write-up about napster 6This page intentionally left blank. 6 Referenced Links • www.computerworld.com/cwi/story/0,1199,NAV47_STO4680 2,00.html sites for write-up on wrapster • www.sans.org/topten.htm Site for write-up from SANS of top ten security threats • www.wiretrip.net/rfp/pages.whitepapers/whiskerids.html Site to read about whisker NID evasion tool 7This page intentionally left blank. 7 Common Services and Ports ftp-data 20/tcp ftp 21/tcp telnet 23/tcp smtp 25/tcp sendmail domain 53/udp DNS domain 53/tcp ...