Project briefing Arron Martin Zeus Brown

Outline of briefing Current stage Current stage Developments to date Developments to date Future work Future work PHD un-officially accepted PHD un-officially accepted

Current stage Reading Reading FTP signatures and timing FTP signatures and timing PERL PERL Nmap (network utility tool for PERL) Nmap (network utility tool for PERL) Test tools Test tools Basic port scanner with FTP checking. Basic port scanner with FTP checking. Papers Papers Internet ready ? Internet ready ? Also reading for Helsinki paper “FTP signatures” Also reading for Helsinki paper “FTP signatures”

Developments to date FTP port scanner for C class networks FTP port scanner for C class networks Class Address Range Supports Class Address Range Supports Class A to Supports 16 million hosts on each of 127 networks. Class A to Supports 16 million hosts on each of 127 networks. Class B to Supports 65,000 hosts on each of 16,000 networks. Class B to Supports 65,000 hosts on each of 16,000 networks. Class C to Supports 254 hosts on each of 2 million networks. Class C to Supports 254 hosts on each of 2 million networks. Class D to Reserved for multicast groups. Class D to Reserved for multicast groups. Class E to Reserved. Class E to Reserved. Why use C class network to test agianst? Why use C class network to test agianst? Version 1 simple port scanner Version 1 simple port scanner Version 2 ftp validation on port 21 Version 2 ftp validation on port 21 How it works? How it works? Why do this ? Why do this ? Why not carry on scanning all ports in version 2? Why not carry on scanning all ports in version 2?

Version 2 So how does ftp checking work? So how does ftp checking work? print "listen $host!\n" if($DEBUG); alarm 0; $hostname=gethostbyaddr($iaddr,AF_INET); # create new FTP connection w/5 second timeout $ftp = Net::FTP->new($host, Timeout => 5); if(!$ftp){ print " \n" if($DEBUG); exit(0); } print " FTP on $host [$hostname]\n"; exit(0); print " FTP on $host [$hostname]\n"; exit(0);} print "Anon FTP on $host [$hostname]\n"; $ftp->quit; $ftp->quit;exit(0);

Version 2 Version 2 known bugs and flaws Version 2 known bugs and flaws ftp server may not be on port 21 ftp server may not be on port 21 Only good for ftp server’s with default guest user access. Only good for ftp server’s with default guest user access. Programming bugs such as Function x in Perl does not work in windows so this cause the program to fail or report incorrectly in the Microsoft DOS environment Programming bugs such as Function x in Perl does not work in windows so this cause the program to fail or report incorrectly in the Microsoft DOS environment

The future versions FTP checker with port scanning per address not just port 21, quicker than current algorithm FTP checker with port scanning per address not just port 21, quicker than current algorithm Access the file system for data capture and interrogation Access the file system for data capture and interrogation The next stage after this will be monitoring traffic, all traffic will be monitored both uploads and down loads. The next stage after this will be monitoring traffic, all traffic will be monitored both uploads and down loads.

Future work for the next period More implementation of the ftp scanner and checker More implementation of the ftp scanner and checker More reading on PERL More reading on PERL More reading on FTP More reading on FTP Drafting chapter outline for PHD Drafting chapter outline for PHD Work on “internet ready” paper Work on “internet ready” paper Work on drafting Helsinki paper Work on drafting Helsinki paper