Building Open Source Network Security Tools: Components and Techniques
by Mike D. Schiffman (2003)
ISBN 0-471-20544-3
Wiley Publishing Inc.
| Notes | |
|---|---|
| xi | @stake |
| ISS | |
| Cambridge Technology Partners | |
| firewalk | |
| tracerx | |
| libnet | |
| Fortune 500 | |
| “Hack Proofing Your Network: Internet Tradecraft | |
| “Hacker’s Challenge” | |
| xiii | Dominique Brezinski |
| In-Q-Tel | |
| Windows NT Magazine | |
| Information Security Magazine | |
| xiv | Adam J. O’Donnell |
| NSF | |
| Drexel University | |
| electrical engineering | |
| Lucent Technologies | |
| Guardent Inc. | |
| distributed system | |
| computer security | |
| xv | strobe (port scanner) |
| Julian Assange | |
| Renaud Deraison | |
| Nessus | |
| Marty Roesch | |
| Snort | |
| NIDS | |
| traceroute | |
| Gerald Combs | |
| Ethereal | |
| Fyodor | |
| Nmap | |
| Dug Song | |
| Dsniff | |
| fragroute | |
| IP fragmentation | |
| port scan | |
| xvi | David Goldsmith |
| UDP traceroute | |
| active reconnaissance | |
| IP expiry | |
| DNS - port 53 | |
| hops | |
| firewall | |
| xviii | TTL |
| ICMP time exceeded | |
| xix | libpcap |
| libnet | |
| libnids | |
| libsf | |
| OpenSSL | |
| passive reconnaissance | |
| penetration testing | |
| API | |
| OpenBSD | |
| gcc | |
| Cygwin | |
| xxi | printf |
| C | |
| packet injection | |
| macro | |
| packet capture | |
| software library | |
| code reuse | |
| Task Focus | |
| portability | |
| code readability | |
| callback function | |
| int | |
| char | |
| short | |
| pointer | |
| array | |
| function pointer | |
| xxii | function reentrance |
| thread safety | |
| assertion | |
| assert() | |
| abort() | |
| NULL | |
| xxiii | Courier font |
| 1 | network security tool |
| 2 | libnids |
| 6 | Software Development Lifecycle |
| 9 | libpcap |
| Lawrence Berkeley National Laboratory | |
| 10 | pcap_t |
| pcat_addr_t | |
| typedef | |
| function | |
| struct | |
| struct pcap_addr | |
| struct sockaddr | |
| 11 | netmask |
| broadcast address | |
| P2P | |
| pcap_if_t | |
| pcap_findalldevs() | |
| pcap_open_live() | |
| struct pcap_stat | |
| u_int | |
| 13 | struct pcap_pkhdr |
| caplen | |
| snaplen | |
| network interface | |
| 14 | pcap_lookupdev() |
| promisc | |
| 802.2 SNAP | |
| PCAP_ERRBUF_SIZE | |
| “any” device on Linux w/ libpcap | |
| IRIX | |
| HP-UX | |
| Ultrix | |
| Digital Unix | |
| pcap_open_dead() | |
| Solaris | |
| 802.11 wireless networking | |
| 15 | pcap_open_offline() |
| pcap_close() | |
| 16 | pcap_freealldevs() |
| pcap_dispatch() | |
| pcap_read() | |
| u_char | |
| 17 | pcap_loop() |
| pcap_next() | |
| pcap_setnonblock() | |
| pcap_getnonblock() | |
| 18 | BPF - Berkeley Packet Filter |
| pcap_lookupnet() | |
| pcap_compile() | |
| pcap_compile_nopcap() | |
| boolean | |
| 19 | pcap_setfilter() |
| pcap_freecode() | |
| pcap_dumper_t | |
| pcap_dump_open() | |
| pcap_dump() | |
| void | |
| stdin, stdout, stderr | |
| 20 | pcap_is_swapped() |
| byte order | |
| pcap_major_version() | |
| pcap_minor_version() | |
| pcap_file() | |
| pcap_dump_close() | |
| pcap_datalink() | |
| 21 | pcap_snapshot() |
| pcap_stats() | |
| struct pcap_stat | |
| pcap_fileno() | |
| DLPI | |
| pcap_perror() | |
| pcap_geterr() | |
| pcap_strerror() | |
| strerror() | |
| libc | |
| errno | |
| 22 | MAC address |
| OUI - Organizationally Unique Identifier | |
| arpatch | |
| hash table | |
| Big-O notation | |
| O(1) | |
| O(log N) | |
| balanced binary tree | |
| 35 | libnet |
| struct bpf_program | |
| BSD license | |
| 36 | ./configure;make;make install |
| packet checksum | |
| 38 | libnet_init() |
| libnet_build_tcp() | |
| libnet_build_ipv4() | |
| libnet_build_ethernet() | |
| libnet_write() | |
| libnet_destroy() | |
| raw socket interface | |
| 39 | MTU |
| IP fragmentation - DF (Don’t Fragment) | |
| link layer | |
| computing packet checksums | |
| 40 | libnet_toggle_checksum() |
| libnet_t | |
| libnet_ptag_t | |
| libnet_stats structure | |
| libnet_write() | |
| 42 | libnet_clear_packet() |
| 43 | libnet_addr2name4() |
| Yellow Pages (YP) | |
| libnet_addr2name4_r() | |
| libnet_name2addr4() | |
| libnet_get_ipaddr4() | |
| 44 | libnet_addr2name6_r() |
| libnet_name2addr6() | |
| libnet_get_hwaddr() | |
| libnet_hex_aton() | |
| 45 | libnet_build() |
| NTP | |
| libnet_build_ntp() | |
| libnet_build_udp() | |
| OSI model | |
| libnet_build_data() | |
| 46 | CDP |
| 802.1Q | |
| RARP | |
| SNAP - Subnetwork Attachment Point | |
| STP | |
| VRRP | |
| RIP | |
| OSPF | |
| BOOTP | |
| 47 | libnet_autobuild_ethernet() |
| libnet_autobuild_ipv4() | |
| libnet_autobuild_ipv4_options() | |
| libnet_build_tcp_options() | |
| 48 | libnet_geterror() |
| libnet_build_801_1q() | |
| IEEE 802.2 | |
| link-layer control (LLC) | |
| 49 | IPSEC |
| DIX | |
| 51 | libnet_build_802_2snap() |
| 52 | libnet_build_arp() |
| RFC 826 - ARP | |
| RFC 903 - RARP | |
| 53 | libnet_build_bootpv4() |
| 54 | libnet_build_cdp() |
| 55 | libnet_build_data() |
| libnet_build_dhcpv4() | |
| libnet_build_bootpv4() | |
| 56 | libnet_build_dnsv4() |
| libnet_build_icmpv4_echo() | |
| libnet_build_icmpv4_mask() | |
| libnet_build_icmpv4_timestamp() | |
| RFC 792 - ICMP | |
| 58 | libnet_build_icmpv4_unreach() |
| 59 | libnet_build_icmpv4_timeexceed() |
| 60 | libnet_build_icmpv4_redirect() |
| /etc/protocols | |
| 62 | libnet_build_ip6() |
| libnet_build_ntp() | |
| RFC 2460 - IPv6 | |
| RFC 1119, 1305 - NTP | |
| 64 | libnet_build_ospfv2() |
| RFC 2328 - OSPF | |
| 66 | libnet_build_ospfv2_hello() |
| libnet_build_ospfv2_dbd() | |
| 67 | libnet_build_ospfv2_lsr() |
| 68 | libnet_build_rip() |
| RFC 1058, RFC 2453 - RIP | |
| 70 | libnet_build_stp() |
| IEEE 802.1d - Spanning Tree Protocol (STP) | |
| 71 | IPMAXPACKET - 65535 |
| 72 | RFC 768 - UDP |
| libnet_build_vrrp() | |
| RFC 2338 - Virtual Router Redundancy Protocol (VRRP) | |
| 73 | libnet_plist_chain_new() |
| libnet_plist_chain() | |
| 74 | libnet_plist_chain_next_pair() |
| libnet_plist_chain_dump() | |
| libnet_plist_chain_dump_string() | |
| libnet_plist_chain_free() | |
| libnet_getfd() | |
| 75 | libnet_getdevice() |
| libnet_getpbuf() | |
| libnet_getpbuf_size() | |
| libnet_adv_cull_packet() | |
| 76 | libnet_adv_write_link() |
| libnet_seed_prand() | |
| libnet_get_prand() | |
| gettimeofday() | |
| 77 | punch - UDP packet blaster example program |
| 87 | E-box event generator |
| NIDS | |
| libnids | |
| 88 | IP defragmentation |
| TCP stream reassembly | |
| port scan detection | |
| nids_prm struct | |
| syslog | |
| 90 | tuple4 struct |
| 91 | half_stream struct |
| 92 | tcp_stream struct |
| 93 | nids_init() |
| 94 | nids_run() |
| nids_next() | |
| nids_errbuf.nids_next() ???? | |
| BSD and Linux behavior differ with nids_next() and pcap_next() | |
| 95 | nids_register_ip_frag() |
| nids_register_ip() | |
| nids_register_udp() | |
| nids_register_tcp() | |
| 96 | nids_killtcp() |
| nids_discard() | |
| lilt example program | |
| Telnet | |
| IRC | |
| connection watching | |
| RST | |
| synchronous i/o | |
| 98 | FreeBSD |
| 99 | OpenBSD |
| 113 | libsf |
| Shawn Bracken | |
| BSD license | |
| libdb | |
| remote OS detection | |
| fingerprinting | |
| 114 | Michal Zalewski / lcamtuf |
| Fyodor (Nmap) | |
| p0f | |
| 115 | active fingerprinting |
| passive fingerprinting | |
| MySQL | |
| 117 | TTL |
| 119 | libsf_t typedef |
| libsf_init() | |
| LIBSF_ACTIVE | |
| LIBSF_PASSIVE | |
| LIBSF_ERRBUF_SIZE | |
| 120 | libsf_set_timeout() |
| libsf_destroy() | |
| libsf_geterror() | |
| 121 | libsf_active_id() |
| libsf_passive_id() | |
| libsf_os_get_tm() | |
| libsf_os_get_hs() | |
| libsf_os_get_next() | |
| libsf_os_get_match() | |
| 122 | libsf_os_reset_counter() |
| legerdemain ??? | |
| 129 | libdnet |
| Dug Song / dugsong | |
| ARP cache | |
| route table | |
| addr struct (dnet) | |
| arp_entry struct | |
| route_entry struct | |
| intf_entry struct | |
| fw_rule struct | |
| arp_t typedef | |
| route_t | |
| intf_t | |
| fw_t | |
| ip_t | |
| ip_t | |
| eth_t | |
| blob_t | |
| 134 | rand_t |
| addr_comp() | |
| addr_bcast() | |
| addr_ntop() | |
| 135 | addr_pton() |
| addr_ntoa() | |
| addr_ntos() | |
| addr_ston() | |
| addr_btom() | |
| addr_mtob() | |
| 136 | addr_btos() |
| addr_stob() | |
| arp_open() | |
| arp_add() | |
| arp_delete() | |
| arp_get() | |
| arp_loop() | |
| 137 | arp_close() |
| route_open() | |
| route_add() | |
| route_delete() | |
| route_get() | |
| route_loop() | |
| 138 | route_close() |
| intf_open() | |
| intf_get() | |
| intf_get_src() | |
| intf_get_dst() | |
| intf_set() | |
| intf_loop() | |
| intf_close() | |
| 140 | fw_open() |
| fw_add() | |
| fw_delete() | |
| fw_loop() | |
| fw_close() | |
| fw_pack_rule() | |
| Solaris | |
| NetBSD | |
| 142 | eth_open() |
| eth_get() | |
| eth_send() | |
| eth_close() | |
| ip_open() | |
| ip_add_option() | |
| 143 | ip_checksum() |
| ip_send() | |
| ip_close() | |
| blob_new() | |
| blob_read() | |
| BUFSIZ | |
| 144 | blob_write() |
| blob_seek() | |
| blob_index() | |
| blob_rindex() | |
| blob_pack() | |
| blob_unpack() | |
| blob_print() | |
| hexadecimal | |
| blob_free() | |
| random number generator | |
| rand_open() | |
| 146 | rand_get() |
| rand_set() | |
| rand_add() | |
| rand_uint8() | |
| rand_uint16() | |
| rand_uint32() | |
| rand_shuffle() | |
| 147 | rand_close() |
| clutch - ARP monitoring example program | |
| 163 | OpenSSL |
| SSLeay | |
| Eric Young | |
| Tim Hudson | |
| SSL | |
| TLS | |
| libssl.a | |
| libcrypto.a | |
| 164 | symmetric encryption: Blowfish CAST DES IDEA RC2 RC4 RC5 |
| asymmetric encryption: DSA DH RSA | |
| public-key infrastructure (PKI) | |
| OCSP | |
| x509 | |
| CRL | |
| EVP | |
| ASN.1 | |
| PRNG | |
| ssh, sshd | |
| isakmpd | |
| EVP_Cipher() | |
| EVP_Seal() | |
| EVP_Open() | |
| EVP_Digest() | |
| EVP_Sign() | |
| EVP_Verify() | |
| Digests: HMAC MD2 MD5 MDC2 RIPEMD SHA SHA1 | |
| 165 | ITAR restrictions |
| 166 | ENGINE typedef |
| EVP_CIPHER_CTX | |
| 167 | EVP_CIPHER |
| EVP_PKEY | |
| EVP_MD_CTX | |
| EVP_MD | |
| OpenSSL_add_all_ciphers() | |
| OpenSSL_add_all_digests() | |
| OpenSSL_add_all_algorithms() | |
| 168 | EVP_cleanup() |
| EVP_CIPHER_CTX_init() | |
| EVP_get_cipherbyname() | |
| EVP_CipherInit_ex() | |
| 169 | EVP_CipherUpdate() |
| EVP_CipherFinal_ex() | |
| EVP_CIPHER_CTX_cleanup() | |
| EVP_CIPHER_set_padding() | |
| 170 | EVP_CIPHER_CTX_set_key_length() |
| EVP_CIPHER_CTX_block_size() | |
| EVP_CIPHER_CTX_key_length() | |
| EVP_CIPHER_CTX_iv_length() | |
| EVP_CIPHER_CTX_get_app_data() | |
| EVP_CIPHER_CTX_set_app_data() | |
| EVP_CIPHER_CTX_flags() | |
| EVP_CIPHER_CTX_mode() | |
| 171 | EVP_SealInit() |
| EVP_SealUpdate() | |
| EVP_SealFinal() | |
| 172 | EVP_OpenInit() |
| EVP_OpenUpdate() | |
| EVP_OpenFinal() | |
| message digest | |
| EVP_MD_CTX_init() | |
| EVP_get_digestbyname() | |
| 173 | EVP_DigestInit_ex() |
| EVP_DigestUpdate() | |
| EVP_DigestFinal_ex() | |
| EVP_MD_CTX_cleanup() | |
| EVP_MD_CTX_md() | |
| EVP_MD_CTX_size() | |
| 174 | EVP_MD_CTX_block_size() |
| EVP_SignInit_ex() | |
| digital signature | |
| EVP_SignUpdate() | |
| EVP_SignFinal() | |
| EVP_PKEY_size() | |
| EVP_VerifyInit_ex() | |
| 175 | EVP_VerifyUpdate() |
| EVP_VerifyFinal() | |
| roil - sample program | |
| 176 | CAST algorithm |
| Carlise Adams | |
| Stafford Tavares | |
| magic number | |
| 193 | packet sniffing |
| passive reconnaissance | |
| wiretap | |
| Ethernet | |
| 194 | Layer 2 |
| @stake Antisniff | |
| ARP | |
| ICMP_ECHO | |
| 802.11 | |
| ALOHA wireless network | |
| University of Hawaii | |
| Bob Metcalfe | |
| Layer 1 | |
| promiscuous mode | |
| Layer 3 | |
| 195 | demultiplexing |
| IEEE | |
| 802.3 | |
| Ethertype | |
| Layer 4 | |
| 197 | Jonathan Swift - Gulliver’s Travels (endianness???) |
| network byte order | |
| AND operator | |
| FIN flag | |
| 198 | scoop - sample program |
| 201 | exercise for reader - SSL traffic??? |
| 217 | port scanning |
| IP expiry | |
| 218 | well-known ports |
| registered ports | |
| dynamic ports / private ports | |
| RFC 1035 | |
| Information Technology (IT) | |
| 219 | bandwidth |
| “interesting” ports | |
| full-open port scanning | |
| AF_INET | |
| OpenBSD | |
| 221 | identd - RFC 1413 |
| 222 | FTP bounce scanning |
| half-open/SYN scanning | |
| 223 | parallel scanning |
| UDP scanning | |
| 224 | RFC 1812 - Requirements for IPv4 Routers |
| stealth scanning | |
| 225 | XMAS scanning |
| NULL scanning | |
| fragmented IP scanning | |
| IP expiry | |
| TTL | |
| 226 | Van Jacobson |
| terminal packet | |
| 228 | UDP traceroute |
| ICMP traceroute | |
| 232 | firewalk |
| ACL - Access Control List | |
| gateway | |
| hopcount ramping | |
| creeping walk | |
| 239 | knock - sample program |
| 257 | cross-site scripting (XSS) |
| denial of service (DoS) | |
| 258 | vulnerability scanning |
| 260 | HTML, XML, ASCII |
| LIFO | |
| 261 | buffer overflow |
| suid root | |
| 264 | shellcode |
| egg | |
| 265 | get_esp() |
| NOP, NOP sled | |
| 267 | format string vulnerability |
| 268 | printf() |
| format specifiers | |
| 270 | snprintf() |
| 272 | sift - sample program |
| 274 | BIND |
| ISC - Internet Software Consortium | |
| DNS Chaos class query | |
| 294 | IETF - Internet Engineering Task Force |
| 296 | PKCS - Public Key Cryptography Standard |
| PKCS#12 | |
| 302 | NIDS - Network Intrusion Detection System |
| 303 | Descry - sample program |
| 306 | PATRICIA trie |
| 327 | SANS - Systems Administration / Network Security |
| Hacking Exposed books | |
| Osborne McGraw-Hill publisher | |
| 336 | SMTP |
| 361 | select() |
| 373 | firewalk example program |