Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIRST 2002 John Kristoff - DePaul University 1 UDP Scanning John Kristoff +1 312 362-5878 DePaul University Chicago, IL 60604.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "FIRST 2002 John Kristoff - DePaul University 1 UDP Scanning John Kristoff +1 312 362-5878 DePaul University Chicago, IL 60604."— Presentation transcript:

1 FIRST 2002 John Kristoff - DePaul University 1 UDP Scanning John Kristoff jtk@depaul.edu +1 312 362-5878 DePaul University Chicago, IL 60604

2 FIRST 2002 John Kristoff - DePaul University 1 What are we talking about? Remotely probing hosts using UDP messages Comparing UDP, ICMP and TCP scanning UDP scanning details UDP scanning failure scenarios How to make UDP scanning more reliable Why is this talk important? A colleague expressed the need for public info But really... to help justify my trip to Hawaii!

3 FIRST 2002 John Kristoff - DePaul University 1 Why is this important again? Domain Name System (DNS) Trivial File Transfer Protocol (TFTP) Remote Authentication Dial In User Services (RADIUS) Routing Information Protocol (RIP) Simple Network Management Protocol (SNMP) Network Time Protocol (NTP) Dynamic Host Configuration Protocol (DHCP)

4 FIRST 2002 John Kristoff - DePaul University 1 UDP message format

5 FIRST 2002 John Kristoff - DePaul University 1 UDP port probing

6 FIRST 2002 John Kristoff - DePaul University 1 TCP and ICMP scanning TCP 3-way handshake and reliability Lots of header Ever compare UDP and TCP RFCs? See nmap's documentation ICMP Request/reply messages Lots of messages Implementations differ widely See Ofir Arkin's ICMP paper

7 FIRST 2002 John Kristoff - DePaul University 1 The trouble with UDP scanning From RFC 1122, Requirements for Internet Hosts, section 3.2.2.1: A host SHOULD generate Destination Unreachable messages with code: 2 (Protocol Unreachable), when the designated transport protocol is not supported; or 3 (Port Unreachable), when the designated transport protocol (e.g., UDP) is unable to demultiplex the datagram but has no protocol mechanism to inform the sender.

8 FIRST 2002 John Kristoff - DePaul University 1 Other failure scenarios Packet filtering Non-default host configurations Packet loss Errored packets ICMP rate limiting (see RFC 1812 section 4.3.2.8)

9 FIRST 2002 John Kristoff - DePaul University 1 Minimizing false positives Verify ICMP replies Congestion avoidance Round trip time estimation See SATAN source code Implement application level scanning

10 FIRST 2002 John Kristoff - DePaul University 1 UDP application scanning Solicit application layer replies Most UDP apps will respond to something Few general purpose UDP application scanners Most are for specific application vulnerabilities UDP application scanning has failure modes too Which UDP port to scan? How to format the message? So... I'm no Wietse, but what the heck I tried...

11 FIRST 2002 John Kristoff - DePaul University 1 Application scanning examples Send a TFTP read request and check for error Send an empty RIP request with metric of infinity Send a version=[3|4] and mode=client NTP request App scanning for syslog would be useful, but alas... Other interesting applications? e.g. games, streaming audio/video, trojans Most apps should be very easy to scan for Just format the right request and await a reply

12 FIRST 2002 John Kristoff - DePaul University 1 Is it Mai Tai time yet? UDP scanning is a relatively simple procedure However, be aware of how unreliable it is UDP application specific scanners would be better Application scanning may highlight vulnerabilities If not, PROTOS style projects certainly will

Download ppt "FIRST 2002 John Kristoff - DePaul University 1 UDP Scanning John Kristoff +1 312 362-5878 DePaul University Chicago, IL 60604."

Similar presentations

Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Chapter 7: Transport Layer

Chapter 7: Transport Layer
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking Assist. Prof.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking Assist. Prof.
Lecture 7 Transport Layer

Lecture 7 Transport Layer
CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.

CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.
BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.

BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Chapter 2 Internet Protocol DoD Model Four layers: – Process/Application layer – Host-to-Host layer – Internet layer – Network Access layer.

Chapter 2 Internet Protocol DoD Model Four layers: – Process/Application layer – Host-to-Host layer – Internet layer – Network Access layer.
TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.

TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.
Prepared By E.Musa Alyaman1 Networking Theory Chapter 1.

Prepared By E.Musa Alyaman1 Networking Theory Chapter 1.
1 Computer Networks Transport Layer Protocols. 2 Application-layer Protocols Application-layer protocols –one “piece” of an app –define messages exchanged.

1 Computer Networks Transport Layer Protocols. 2 Application-layer Protocols Application-layer protocols –one “piece” of an app –define messages exchanged.
Chapter Overview TCP/IP Protocols IP Addressing.

Chapter Overview TCP/IP Protocols IP Addressing.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
Review: –What is AS? –What is the routing algorithm in BGP? –How does it work? –Where is “policy” reflected in BGP (policy based routing)? –Give examples.

Review: –What is AS? –What is the routing algorithm in BGP? –How does it work? –Where is “policy” reflected in BGP (policy based routing)? –Give examples.
1 Version 3.1 modified by Brierley Module 8 TCP/IP Suite Error and Control Messages.

1 Version 3.1 modified by Brierley Module 8 TCP/IP Suite Error and Control Messages.
Page 19/13/2015 Chapter 8 Some conditions that must be met for host to host communication over an internetwork: a default gateway must be properly configured.

Page 19/13/2015 Chapter 8 Some conditions that must be met for host to host communication over an internetwork: a default gateway must be properly configured.

Similar presentations

Ads by Google