«
Expand/Collapse
86 items tagged "traffic"
Related tags:
analysis [+],
air [+],
response line [+],
request response [+],
packet sniffer [+],
httpry [+],
http [+],
air traffic control [+],
kunkel [+],
insecurity [+],
denial of service [+],
wireshark [+],
usa [+],
traffic server [+],
sflow [+],
netmechanica [+],
netdecision [+],
mac os x [+],
mac os [+],
high speed networks [+],
elisa jasinska [+],
control [+],
apache [+],
amsterdam internet exchange [+],
amsterdam [+],
ams ix [+],
video [+],
traffic light [+],
tool [+],
tcp ip [+],
source code release [+],
service vulnerability [+],
server version [+],
server [+],
proof of concept [+],
lars weiler [+],
information disclosure vulnerability [+],
information [+],
george danezis [+],
europe [+],
dpi [+],
device [+],
data access system [+],
data [+],
cyberoam [+],
communication [+],
codebase [+],
ca certificate [+],
art attacks [+],
array [+],
arduino [+],
application level [+],
academic literature [+],
whitepaper [+],
web proxies [+],
web [+],
traffic lights [+],
traffic grapher [+],
tor [+],
timing channels [+],
tcp traffic [+],
storage channels [+],
ssl [+],
sim cards [+],
resource record types [+],
remote computer [+],
read [+],
proxy [+],
privacy event [+],
privacy [+],
portuguese [+],
packet [+],
network [+],
nalin dahyabhai [+],
message types [+],
man in the middle attack [+],
leverage [+],
kerberos [+],
johannesburg [+],
jan [+],
icmp [+],
emmanuel bouillon [+],
dominik herrmann [+],
dns [+],
covert channel [+],
controller [+],
attacker [+],
zip [+],
xbox live [+],
xbox [+],
work [+],
wilkins [+],
wifi [+],
wearable [+],
travis brown [+],
traffic signal controller [+],
traffic signal [+],
traffic redirection [+],
traffic light controller [+],
traffic analysis [+],
terror [+],
taranis [+],
stop [+],
sslsnoop [+],
squipy [+],
spycams [+],
spotting [+],
south africa [+],
software defined radio [+],
sleight [+],
sim card [+],
sim [+],
session keys [+],
session [+],
servers [+],
server releases [+],
security incident [+],
screen [+],
satellite navigation [+],
sandy [+],
robbed [+],
reverse [+],
red light camera [+],
rds tmc [+],
radio [+],
quake 3 [+],
quake [+],
proxy server [+],
proxies [+],
program space [+],
powerful [+],
pink plastic [+],
piece [+],
phone [+],
paul rea [+],
patterns of behaviour [+],
paessler [+],
oscilloscope [+],
offline storage [+],
office [+],
nyc [+],
network sniffer [+],
mysteriously [+],
monitoring software [+],
monitoring [+],
mobile phone [+],
live [+],
lights [+],
leonidas [+],
led [+],
laser pointer [+],
kinect [+],
jonathan wilkins [+],
johannesburg south africa [+],
isp [+],
invisible [+],
internet address [+],
interactive traffic [+],
injecting [+],
information disclosure [+],
im me [+],
house [+],
hatkit [+],
hash tables [+],
hash [+],
hardware hacking [+],
hacking [+],
gsm [+],
grapher [+],
freak out [+],
framework [+],
foot traffic [+],
feds [+],
facebook [+],
exploits [+],
ethernet switches [+],
drop packets [+],
don [+],
diy aviation [+],
digital [+],
defcon 13 [+],
david hulton [+],
dave [+],
darknet [+],
cufflinks [+],
cryptography [+],
countermeasure [+],
control electronics [+],
compiler source code [+],
closer look [+],
classic [+],
chaos communication camp [+],
cellphones [+],
careful driver [+],
card [+],
campaigns [+],
cameras [+],
camera [+],
brendan sleight [+],
black hat [+],
bittorrent [+],
ben kurtz [+],
bad traffic [+],
avr [+],
automation project [+],
audio traffic [+],
audio [+],
announce [+],
andrew [+],
andrea barisani [+],
amplification [+],
amazon ec2 [+],
amazon [+],
air traffic controller [+],
address server [+],
Tools [+],
Software [+],
3d camera [+],
chaos communication congress [+],
traffic generator [+],
packet traffic [+],
ostinato [+],
generator [+],
hacks [+]
-
-
4:53
»
Hack a Day
When hurricane Sandy blew through [Leonidas]‘ town, it left a surprise that would be perfect for sprucing up any dorm room. It was a traffic light, torn from its place above an intersection. Not one to say, call the city and tell them where their light is, [Leonidas] decided to build a controller for this [...]
-
-
21:48
»
SecDocs
-
-
21:33
»
SecDocs
Tags:
network Event:
Chaos Communication Congress 18th (18C3) 2001 Abstract: As encryption is becomming a common feature of on line communication quite a few copmmentators predicted that individuals will at last be able to effectivelly protect their privacy. In this workshop we will see that not only the content but also the shape of the traffic, and other traffic data, can reveal a great deal of information about a users private patterns of behaviour. We will present practical ways one could use to extract information from these patters and techniques that have to be used in order to fool this type of traffic analysis.
-
-
4:01
»
Hack a Day
Don’t get us wrong, we drive very carefully as it’s the most dangerous thing we do on a regular basis. But even a careful driver can get caught by bad traffic and a red light camera. These are devices that monitor intersections. If you get caught in the middle when the light goes red they [...]
-
-
9:01
»
Hack a Day
[Brendan Sleight] has been hard at work on this wearable piece of tech. He doesn’t wear much jewelry, but a wedding ring and some cufflinks are part of his look. To add some geek he designed a set of cufflinks that function like traffic lights. Since he still had some program space left he also [...]
-
-
10:01
»
Hack a Day
It sounds like [Andrew] is trying to build a Pavlovian response into his behavior when it comes to online gaming. He wants to make sure he doesn’t miss out when all his friends are online, so he built this traffic signal to monitor Xbox Live activity. It will illuminate the lights, and drive the meters [...]
-
-
21:30
»
SecDocs
Authors:
Elisa Jasinska Tags:
Netflow Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The explosion of internet traffic is leading to higher bandwidths and an increased need for high speed networks. To analyze and optimize such networks an efficient monitoring system is required. The sFlow standard describes a mechanism to capture traffic data in switched or routed networks. It uses a sampling technology to collect statistics from the device and is for this reason applicable to high speed connections (at gigabit speeds or higher). sFlow is a sampling mechanism suitable for collecting traffic data of high speed networks. A relative small stream of sFlow datagrams provides enough information for statistical analysis of traffic flows. An Internet Exchange (IX) interconnects various network providers, for example ISP's. The Amsterdam Internet Exchange (AMS-IX) is by its amount of traffic the biggest Internet Exchange in the world. To give the AMS-IX members more insight into their peering traffic and provide information to optimize the network structure, AMS-IX is using sFlow for its traffic analysis. A throughput average of more then 100 Gb/s gets analyzed by an open source software developed in perl. Due to sFlow providing a whole captured packet (layer 2 - 7) AMS-IX also provides information for example on the growth (or lack off) of IPv6. Information about the sort of traffic might be misunderstood and politically misused therefore AMS-IX restrains itself to layer 2 and the developed software doesn't decode the provided packets above L2. This topic will contain an introduction to the sFlow sampling mechanism, the information provided by the sFlow datagrams and how they can get analyzed. Besides that, existing tools and the software developed and used at AMS-IX will be presented, and some results of the analysis will be shown. The software will be hopefully also deployed at the 23C3, and finally we will also see statistics about the network traffic of the conference.
-
21:30
»
SecDocs
Authors:
Elisa Jasinska Tags:
Netflow Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The explosion of internet traffic is leading to higher bandwidths and an increased need for high speed networks. To analyze and optimize such networks an efficient monitoring system is required. The sFlow standard describes a mechanism to capture traffic data in switched or routed networks. It uses a sampling technology to collect statistics from the device and is for this reason applicable to high speed connections (at gigabit speeds or higher). sFlow is a sampling mechanism suitable for collecting traffic data of high speed networks. A relative small stream of sFlow datagrams provides enough information for statistical analysis of traffic flows. An Internet Exchange (IX) interconnects various network providers, for example ISP's. The Amsterdam Internet Exchange (AMS-IX) is by its amount of traffic the biggest Internet Exchange in the world. To give the AMS-IX members more insight into their peering traffic and provide information to optimize the network structure, AMS-IX is using sFlow for its traffic analysis. A throughput average of more then 100 Gb/s gets analyzed by an open source software developed in perl. Due to sFlow providing a whole captured packet (layer 2 - 7) AMS-IX also provides information for example on the growth (or lack off) of IPv6. Information about the sort of traffic might be misunderstood and politically misused therefore AMS-IX restrains itself to layer 2 and the developed software doesn't decode the provided packets above L2. This topic will contain an introduction to the sFlow sampling mechanism, the information provided by the sFlow datagrams and how they can get analyzed. Besides that, existing tools and the software developed and used at AMS-IX will be presented, and some results of the analysis will be shown. The software will be hopefully also deployed at the 23C3, and finally we will also see statistics about the network traffic of the conference.
-
21:30
»
SecDocs
Authors:
Elisa Jasinska Tags:
Netflow Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The explosion of internet traffic is leading to higher bandwidths and an increased need for high speed networks. To analyze and optimize such networks an efficient monitoring system is required. The sFlow standard describes a mechanism to capture traffic data in switched or routed networks. It uses a sampling technology to collect statistics from the device and is for this reason applicable to high speed connections (at gigabit speeds or higher). sFlow is a sampling mechanism suitable for collecting traffic data of high speed networks. A relative small stream of sFlow datagrams provides enough information for statistical analysis of traffic flows. An Internet Exchange (IX) interconnects various network providers, for example ISP's. The Amsterdam Internet Exchange (AMS-IX) is by its amount of traffic the biggest Internet Exchange in the world. To give the AMS-IX members more insight into their peering traffic and provide information to optimize the network structure, AMS-IX is using sFlow for its traffic analysis. A throughput average of more then 100 Gb/s gets analyzed by an open source software developed in perl. Due to sFlow providing a whole captured packet (layer 2 - 7) AMS-IX also provides information for example on the growth (or lack off) of IPv6. Information about the sort of traffic might be misunderstood and politically misused therefore AMS-IX restrains itself to layer 2 and the developed software doesn't decode the provided packets above L2. This topic will contain an introduction to the sFlow sampling mechanism, the information provided by the sFlow datagrams and how they can get analyzed. Besides that, existing tools and the software developed and used at AMS-IX will be presented, and some results of the analysis will be shown. The software will be hopefully also deployed at the 23C3, and finally we will also see statistics about the network traffic of the conference.
-
21:30
»
SecDocs
Authors:
Elisa Jasinska Tags:
Netflow Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: The explosion of internet traffic is leading to higher bandwidths and an increased need for high speed networks. To analyze and optimize such networks an efficient monitoring system is required. The sFlow standard describes a mechanism to capture traffic data in switched or routed networks. It uses a sampling technology to collect statistics from the device and is for this reason applicable to high speed connections (at gigabit speeds or higher). sFlow is a sampling mechanism suitable for collecting traffic data of high speed networks. A relative small stream of sFlow datagrams provides enough information for statistical analysis of traffic flows. An Internet Exchange (IX) interconnects various network providers, for example ISP's. The Amsterdam Internet Exchange (AMS-IX) is by its amount of traffic the biggest Internet Exchange in the world. To give the AMS-IX members more insight into their peering traffic and provide information to optimize the network structure, AMS-IX is using sFlow for its traffic analysis. A throughput average of more then 100 Gb/s gets analyzed by an open source software developed in perl. Due to sFlow providing a whole captured packet (layer 2 - 7) AMS-IX also provides information for example on the growth (or lack off) of IPv6. Information about the sort of traffic might be misunderstood and politically misused therefore AMS-IX restrains itself to layer 2 and the developed software doesn't decode the provided packets above L2. This topic will contain an introduction to the sFlow sampling mechanism, the information provided by the sFlow datagrams and how they can get analyzed. Besides that, existing tools and the software developed and used at AMS-IX will be presented, and some results of the analysis will be shown. The software will be hopefully also deployed at the 23C3, and finally we will also see statistics about the network traffic of the conference.
-
11:01
»
Hack a Day
This home automation project lets you flap your arms to turn things on and off. [Toon] and [Jiang] have been working on the concept as part of their Master’s thesis at University. It uses a 3D camera with some custom software to pick up your gestures. What we really like is the laser pointer which [...]
-
-
21:53
»
SecDocs
Authors:
George Danezis Tags:
network Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This talk will present an overview of traffic analysis techniques, and how they can be used to extract data from 'secure' systems. We will consider both state of the art attacks in the academic literature, but also practical attacks against fielded systems. A lot of traditional computer security has focused on protecting the content of communications by insuring confidentiality, integrity or availability. Yet the meta data associated with it - the sender, the receiver, the time and length of messages - also contains important information in itself. It can also be used to quickly select targets for further surveillance, and extract information about communications content. Such traffic analysis techniques have been used in the closed military communities for a while but their systematic study is an emerging field in the open security community.
-
-
21:32
»
SecDocs
Authors:
George Danezis Tags:
network Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This talk will present an overview of traffic analysis techniques, and how they can be used to extract data from 'secure' systems. We will consider both state of the art attacks in the academic literature, but also practical attacks against fielded systems. A lot of traditional computer security has focused on protecting the content of communications by insuring confidentiality, integrity or availability. Yet the meta data associated with it - the sender, the receiver, the time and length of messages - also contains important information in itself. It can also be used to quickly select targets for further surveillance, and extract information about communications content. Such traffic analysis techniques have been used in the closed military communities for a while but their systematic study is an emerging field in the open security community.
-
21:32
»
SecDocs
Authors:
George Danezis Tags:
network Event:
Chaos Communication Congress 23th (23C3) 2006 Abstract: This talk will present an overview of traffic analysis techniques, and how they can be used to extract data from 'secure' systems. We will consider both state of the art attacks in the academic literature, but also practical attacks against fielded systems. A lot of traditional computer security has focused on protecting the content of communications by insuring confidentiality, integrity or availability. Yet the meta data associated with it - the sender, the receiver, the time and length of messages - also contains important information in itself. It can also be used to quickly select targets for further surveillance, and extract information about communications content. Such traffic analysis techniques have been used in the closed military communities for a while but their systematic study is an emerging field in the open security community.
-
-
21:48
»
SecDocs
Authors:
Ben Kurtz Tags:
fuzzing Event:
Chaos Communication Camp 2007 Abstract: This talk will introduce a simple and incredibly powerful framework for the scripted generation of network traffic: Funk, a new tool for fuzzing arbitrary network protocols written using the Chicken Scheme-to-C compiler. Source code will be provided and explained, so you can start using this framework today for all your network traffic generation needs! Some familiarity with functional languages like Lisp or Scheme will be helpful, but not required. At my talk at DefCon 13, I described a framework and development environment for the generation of network traffic of arbitrary protocols. This framework was limited by it's reliance on a domain-specific language and the use of regular grammars. By re-visiting the same problem with a new perspective, the use of a functional language like Scheme, I've found a much simpler and more powerful approach. By using Chicken Scheme instead of a home-grown scripting language, even complicated protocols like ASN.1 can be fuzz-tested with ease. The use of a functional language makes it possible to provide a unified interface to all network protocols. This allows the abstraction of behavior for traffic generating programs, like fuzzers.
-
-
14:01
»
Hack a Day
[Travis Brown] just published a post about the traffic light controller he built. His number one goal was to make the device wireless (except for AC power) and he achieved this by using a WiFi shield for his Arduino. But there is also a separate board that provides a way for the chip to switch [...]
-
-
15:11
»
SecDocs
Authors:
Lars Weiler Tags:
sniffer Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Network traffic grows faster than monitoring and analysis tools can handle. During the last two years a couple of appliances hit the market which help in finding the “bits of interest”. Recently installed strategies and solutions for carriers, banks or lawful interception organizations will be discussed as examples. Quite every laptop nowadays is capable of handling Gigabit traffic. But doing a network analysis will hit the boundaries of CPU load quite quickly. Now, with 10GbE lines as the usual speed of carrier's and company's backbone, traffic monitoring and analysis became more and more painful. Even the biggest and most expensive analysis appliances on the market are barely capable of a real time traffic monitoring for more than 8Gbit/s. That's were a couple of vendors showed up and created devices which can handle multiple 10GbE lines at the same time. They call them “Active Distributed Traffic Capture Systems” or “Intelligent Data Access Networking Switches” – in short “Data Access Systems”. The primary use is for the aggregation and distribution of traffic. But all of the Data Access Systems are also capable of filtering traffic with the help of FPGA or CPLD techniques. So a carrier, bank or lawful interception organization can aggregate the data from many physical lines into one Data Access System, enter some filters with the help of a browser GUI, and distribute the resulting traffic to the analysis machines. It's easy to monitor 100 lines of 10GbE traffic. For competitive reasons, those vendors started to invent new features for a better or easier analysis of the data on the analysis devices. These include ingress port tagging, time stamping with nanosecond accuracy, slicing of packets and recalculation of checksums in realtime, blanking bits in packets, or even layer 7 filtering for e-mail and instant messenger addresses with full flow capturing. The interesting part for the usage is to create an infrastructure where even without data retention and a long term analysis specific users or just their communication with possible ”interesting“ data for intelligence agencies can be triggered and captured in real time. So, the process of the analysis can be quickened to quite no time. It's safe to say, that the flagship appliance by a vendor has been designed by request of US intelligence agencies. Of course, those devices have to be managed by administrators. For the ease of usage every vendor moved from a CLI based configuration interface to a shiny web GUI – with a couple of flaws. It is easy to break into the system or read out the configuration without access. This lecture will discuss the possibilities of today's data analysis with the help of these Data Access Systems. An overview of the features will help to understand that data analysis devices are not anymore the limiting factor in deep packet inspection of a huge amount of traffic. Examples will show what already has been set up and what is possible by companies and organizations – and which traffic they might monitor yet. During the last three years the speaker installed those appliances from different vendors at customers across Europe, gained deep knowledge of their usage, established a strong contact to the technicians and chief officers both at the vendors and customers side, and found out a lot about the hardware and software by reverse engineering.
-
14:48
»
SecDocs
Authors:
Lars Weiler Tags:
sniffer Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Network traffic grows faster than monitoring and analysis tools can handle. During the last two years a couple of appliances hit the market which help in finding the “bits of interest”. Recently installed strategies and solutions for carriers, banks or lawful interception organizations will be discussed as examples. Quite every laptop nowadays is capable of handling Gigabit traffic. But doing a network analysis will hit the boundaries of CPU load quite quickly. Now, with 10GbE lines as the usual speed of carrier's and company's backbone, traffic monitoring and analysis became more and more painful. Even the biggest and most expensive analysis appliances on the market are barely capable of a real time traffic monitoring for more than 8Gbit/s. That's were a couple of vendors showed up and created devices which can handle multiple 10GbE lines at the same time. They call them “Active Distributed Traffic Capture Systems” or “Intelligent Data Access Networking Switches” – in short “Data Access Systems”. The primary use is for the aggregation and distribution of traffic. But all of the Data Access Systems are also capable of filtering traffic with the help of FPGA or CPLD techniques. So a carrier, bank or lawful interception organization can aggregate the data from many physical lines into one Data Access System, enter some filters with the help of a browser GUI, and distribute the resulting traffic to the analysis machines. It's easy to monitor 100 lines of 10GbE traffic. For competitive reasons, those vendors started to invent new features for a better or easier analysis of the data on the analysis devices. These include ingress port tagging, time stamping with nanosecond accuracy, slicing of packets and recalculation of checksums in realtime, blanking bits in packets, or even layer 7 filtering for e-mail and instant messenger addresses with full flow capturing. The interesting part for the usage is to create an infrastructure where even without data retention and a long term analysis specific users or just their communication with possible ”interesting“ data for intelligence agencies can be triggered and captured in real time. So, the process of the analysis can be quickened to quite no time. It's safe to say, that the flagship appliance by a vendor has been designed by request of US intelligence agencies. Of course, those devices have to be managed by administrators. For the ease of usage every vendor moved from a CLI based configuration interface to a shiny web GUI – with a couple of flaws. It is easy to break into the system or read out the configuration without access. This lecture will discuss the possibilities of today's data analysis with the help of these Data Access Systems. An overview of the features will help to understand that data analysis devices are not anymore the limiting factor in deep packet inspection of a huge amount of traffic. Examples will show what already has been set up and what is possible by companies and organizations – and which traffic they might monitor yet. During the last three years the speaker installed those appliances from different vendors at customers across Europe, gained deep knowledge of their usage, established a strong contact to the technicians and chief officers both at the vendors and customers side, and found out a lot about the hardware and software by reverse engineering.
-
14:46
»
SecDocs
Authors:
Lars Weiler Tags:
sniffer Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Network traffic grows faster than monitoring and analysis tools can handle. During the last two years a couple of appliances hit the market which help in finding the “bits of interest”. Recently installed strategies and solutions for carriers, banks or lawful interception organizations will be discussed as examples. Quite every laptop nowadays is capable of handling Gigabit traffic. But doing a network analysis will hit the boundaries of CPU load quite quickly. Now, with 10GbE lines as the usual speed of carrier's and company's backbone, traffic monitoring and analysis became more and more painful. Even the biggest and most expensive analysis appliances on the market are barely capable of a real time traffic monitoring for more than 8Gbit/s. That's were a couple of vendors showed up and created devices which can handle multiple 10GbE lines at the same time. They call them “Active Distributed Traffic Capture Systems” or “Intelligent Data Access Networking Switches” – in short “Data Access Systems”. The primary use is for the aggregation and distribution of traffic. But all of the Data Access Systems are also capable of filtering traffic with the help of FPGA or CPLD techniques. So a carrier, bank or lawful interception organization can aggregate the data from many physical lines into one Data Access System, enter some filters with the help of a browser GUI, and distribute the resulting traffic to the analysis machines. It's easy to monitor 100 lines of 10GbE traffic. For competitive reasons, those vendors started to invent new features for a better or easier analysis of the data on the analysis devices. These include ingress port tagging, time stamping with nanosecond accuracy, slicing of packets and recalculation of checksums in realtime, blanking bits in packets, or even layer 7 filtering for e-mail and instant messenger addresses with full flow capturing. The interesting part for the usage is to create an infrastructure where even without data retention and a long term analysis specific users or just their communication with possible ”interesting“ data for intelligence agencies can be triggered and captured in real time. So, the process of the analysis can be quickened to quite no time. It's safe to say, that the flagship appliance by a vendor has been designed by request of US intelligence agencies. Of course, those devices have to be managed by administrators. For the ease of usage every vendor moved from a CLI based configuration interface to a shiny web GUI – with a couple of flaws. It is easy to break into the system or read out the configuration without access. This lecture will discuss the possibilities of today's data analysis with the help of these Data Access Systems. An overview of the features will help to understand that data analysis devices are not anymore the limiting factor in deep packet inspection of a huge amount of traffic. Examples will show what already has been set up and what is possible by companies and organizations – and which traffic they might monitor yet. During the last three years the speaker installed those appliances from different vendors at customers across Europe, gained deep knowledge of their usage, established a strong contact to the technicians and chief officers both at the vendors and customers side, and found out a lot about the hardware and software by reverse engineering.
-
-
21:40
»
SecDocs
Tags:
BitTorrent Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Distributed Hash Tables implement Routing and Addressability in large P2P networks. In the Kademlia adaption for Bittorrent a peer's address (NodeID) is to be generated randomly, or more appropriate: arbitrarily. Because randomness isn't verifiable, an implementation can advertise itself with popular NodeIDs or even change them on a per-packet basis. Two issues arise due this design problem: Amplification of UDP traffic Amplification of TCP traffic Anyone with a moderate bandwidth connection can induce DDoS attacks with the BitTorrent cloud. Starting with the prerequisites of BitTorrent, I will outline the importance of tracker-less operation and how Magnet links work. Distributed Hash Tables are explained pertaining to the Kademlia algorithm. It is most interesting how implementations maintain and refresh routing information, allowing a malicious node to become a popular neighbour quickly, and how traffic can be amplified in two ways. I will present packet rate analysis measured during tests on Amazon EC2. In conclusion it is explained how the problem of arbitrary NodeIDs can be avoided if the protocol was to be redesigned. A few words are to be given what client authors can do to alleviate the damage potential of the BitTorrent DHT.
-
-
13:01
»
Hack a Day
Being an air traffic controller is a very cool career path – you get to see planes flying around on computer screens and orchestrate their flight paths like a modern-day magician. [Balint] sent in a DIY aviation mapper so anyone can see the flight paths of all the planes in the air, with the added bonus [...]
-
-
21:33
»
SecDocs
Authors:
Dominik Herrmann Tags:
web application profiling privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: This talk will provide a summary of recently discovered methods which allow to break the Internet's privacy and anonymity. We will show, amongst others: ways of distinguishing bots from humans. We use this technique to provide crawlers with false data or lure them into tar pits. Other than CAPTCHAs we introduce methods that profile the holistic behaviour within a single web session to distinguish users or bots within a longer timeframe based on subtle charactistics in most bots' implementations. breaking filtering of JavaScript in web-based proxies. While next to all web proxies advertise the capability of filtering JavaScript, the ubiqity of XSS and CSRF attacks have proven that correct filtering of arbitrary HTML is extremly difficult. track and re-identifying users based upon their web-profile. We show how a third-party observer (e. g. proxy server or DNS server) can create a long-term profile of roaming web users using only statistical patterns mined from their web traffic. These patterns are used to track users by linking multiple surfing sessions. Our attack does not rely on cookies or other unique identifiers, but exploits chatacteristic patterns of frequently accessed hosts. We demonstrate that such statistical attacks are practicable and we will also look into basic defense strategies. traffic analysis and fingerprinting attacks on users of anonymizing networks. Even if anonymizeres like Tor are used, a local adversary can measure the volume of transfered data and timing characteristics to e. g. determine the retrieved websites. We will shortly sketch the current state of the art in traffic analysis, which has been improved significantly within the last year
-
21:33
»
SecDocs
Authors:
Dominik Herrmann Tags:
web application profiling privacy Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: This talk will provide a summary of recently discovered methods which allow to break the Internet's privacy and anonymity. We will show, amongst others: ways of distinguishing bots from humans. We use this technique to provide crawlers with false data or lure them into tar pits. Other than CAPTCHAs we introduce methods that profile the holistic behaviour within a single web session to distinguish users or bots within a longer timeframe based on subtle charactistics in most bots' implementations. breaking filtering of JavaScript in web-based proxies. While next to all web proxies advertise the capability of filtering JavaScript, the ubiqity of XSS and CSRF attacks have proven that correct filtering of arbitrary HTML is extremly difficult. track and re-identifying users based upon their web-profile. We show how a third-party observer (e. g. proxy server or DNS server) can create a long-term profile of roaming web users using only statistical patterns mined from their web traffic. These patterns are used to track users by linking multiple surfing sessions. Our attack does not rely on cookies or other unique identifiers, but exploits chatacteristic patterns of frequently accessed hosts. We demonstrate that such statistical attacks are practicable and we will also look into basic defense strategies. traffic analysis and fingerprinting attacks on users of anonymizing networks. Even if anonymizeres like Tor are used, a local adversary can measure the volume of transfered data and timing characteristics to e. g. determine the retrieved websites. We will shortly sketch the current state of the art in traffic analysis, which has been improved significantly within the last year
-
-
16:49
»
Packet Storm Security Advisories
Apache Traffic Server versions prior to 3.0.4 as well as all development releases prior to 3.1.3 suffers from a remote denial of service vulnerability.
-
16:49
»
Packet Storm Security Recent Files
Apache Traffic Server versions prior to 3.0.4 as well as all development releases prior to 3.1.3 suffers from a remote denial of service vulnerability.
-
16:49
»
Packet Storm Security Misc. Files
Apache Traffic Server versions prior to 3.0.4 as well as all development releases prior to 3.1.3 suffers from a remote denial of service vulnerability.
-
-
20:59
»
Packet Storm Security Recent Files
This whitepaper discusses using ICMP as a covert tunnel for traffic. An example of this technique is tunneling complete TCP traffic over ping requests and replies. More technically it works by injecting arbitrary data into an echo packet sent to a remote computer. The remote computer replies in the same manner, injecting an answer into another ICMP packet and sending it back.
-
20:59
»
Packet Storm Security Misc. Files
This whitepaper discusses using ICMP as a covert tunnel for traffic. An example of this technique is tunneling complete TCP traffic over ping requests and replies. More technically it works by injecting arbitrary data into an echo packet sent to a remote computer. The remote computer replies in the same manner, injecting an answer into another ICMP packet and sending it back.
-
-
20:18
»
Packet Storm Security Recent Files
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
-
20:18
»
Packet Storm Security Tools
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
-
20:18
»
Packet Storm Security Misc. Files
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
-
10:22
»
Packet Storm Security Exploits
Netmechanica NetDecision Traffic Grapher Server version 4.5.1 suffers from an information disclosure vulnerability. Proof of concept exploit included.
-
10:22
»
Packet Storm Security Recent Files
Netmechanica NetDecision Traffic Grapher Server version 4.5.1 suffers from an information disclosure vulnerability. Proof of concept exploit included.
-
10:22
»
Packet Storm Security Misc. Files
Netmechanica NetDecision Traffic Grapher Server version 4.5.1 suffers from an information disclosure vulnerability. Proof of concept exploit included.
-
-
9:25
»
Hack a Day
[JD] at isotope11 was looking for a way to get instant feedback whenever a developer broke a piece of software they were working on. After finding a 48 inch tall traffic light, he knew what he had to do. Now, the entire development team knows the status of their code from a traffic light hanging [...]
-
-
5:01
»
Hack a Day
When [Paul Rea] started work with his current employer, he was intrigued by a traffic light that sat unused near the entrance of the “Engineering Loft” where he was stationed. He promised himself that he would get it working one day, but several years passed before he had the chance to take a closer look [...]
-
-
17:21
»
Packet Storm Security Recent Files
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
-
17:21
»
Packet Storm Security Tools
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
-
17:21
»
Packet Storm Security Misc. Files
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
-
-
17:48
»
Packet Storm Security Recent Files
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the source code release.
-
17:48
»
Packet Storm Security Tools
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the source code release.
-
17:48
»
Packet Storm Security Misc. Files
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the source code release.
-
17:47
»
Packet Storm Security Recent Files
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Windows binary release.
-
17:47
»
Packet Storm Security Tools
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Windows binary release.
-
17:47
»
Packet Storm Security Misc. Files
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Windows binary release.
-
17:47
»
Packet Storm Security Recent Files
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
17:47
»
Packet Storm Security Tools
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
17:47
»
Packet Storm Security Misc. Files
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
-
13:29
»
SecDocs
Authors:
Kenton Born Tags:
covert channel Event:
Black Hat USA 2010 Abstract: This presentation analyzes a novel approach to covert communication over DNS by introducing PSUDP, a program demonstrating passive network-wide covert communication. While several high-bandwidth DNS tunnel implementations are freely available, they all use similar strategies. Storage channels are created in DNS requests by encoding data in subdomain labels, while responses take many forms such as TXT, NULL, and CNAME resource record types to complete the bi-directional link. However, these tunnels may be detected when examining subdomains and irregular resource records in responses. Additionally, these tunnels only provide communication through the active generation of traffic. The method and tool discussed in this paper allows a network of computers to participate in passive covert communication by piggy-backing on legitimate network DNS traffic. While low-bandwidth passive tunnels have been built using techniques such as timing channels and field manipulation, no passive high-bandwidth DNS tunnels exist. A novel approach is used to provide significantly higher bandwidth in network-wide covert communication by manipulating legitimate DNS traffic. It is also shown how, in certain scenarios, this method may be used for both covert data exfiltration and as a replacement for existing DNS tunnels. Additionally, it will be shown how a similar method can be applied to many other protocols, not being limited to DNS traffic. In addition to PSUDP, this presentation will briefly cover a few other recent findings I have had in DNS tunnel creation and detection. Firstly, I will show how bi-directional DNS tunnels may be created using a browser and fine-grained JavaScript manipulation. Secondly, I will show my work in detecting DNS tunnels using n-gram frequency analysis.
-
13:29
»
SecDocs
Authors:
Kenton Born Tags:
covert channel Event:
Black Hat USA 2010 Abstract: This presentation analyzes a novel approach to covert communication over DNS by introducing PSUDP, a program demonstrating passive network-wide covert communication. While several high-bandwidth DNS tunnel implementations are freely available, they all use similar strategies. Storage channels are created in DNS requests by encoding data in subdomain labels, while responses take many forms such as TXT, NULL, and CNAME resource record types to complete the bi-directional link. However, these tunnels may be detected when examining subdomains and irregular resource records in responses. Additionally, these tunnels only provide communication through the active generation of traffic. The method and tool discussed in this paper allows a network of computers to participate in passive covert communication by piggy-backing on legitimate network DNS traffic. While low-bandwidth passive tunnels have been built using techniques such as timing channels and field manipulation, no passive high-bandwidth DNS tunnels exist. A novel approach is used to provide significantly higher bandwidth in network-wide covert communication by manipulating legitimate DNS traffic. It is also shown how, in certain scenarios, this method may be used for both covert data exfiltration and as a replacement for existing DNS tunnels. Additionally, it will be shown how a similar method can be applied to many other protocols, not being limited to DNS traffic. In addition to PSUDP, this presentation will briefly cover a few other recent findings I have had in DNS tunnel creation and detection. Firstly, I will show how bi-directional DNS tunnels may be created using a browser and fine-grained JavaScript manipulation. Secondly, I will show my work in detecting DNS tunnels using n-gram frequency analysis.
-
-
19:06
»
Packet Storm Security Recent Files
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
-
19:06
»
Packet Storm Security Tools
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
-
19:06
»
Packet Storm Security Misc. Files
httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
-
-
9:00
»
Hack a Day
Apparently some of the traffic lights in Johannesburg, South Africa have SIM cards in them to help maintain the network without a physical connection. Now that’s some and not all, but apparently thieves have learned that the SIMs can be used in cell phones to make anonymous and unlimited calls. Officials are convinced that the [...]
-
-
11:22
»
Packet Storm Security Tools
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the windows binary release.
-
11:22
»
Packet Storm Security Tools
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark.
-
11:22
»
Packet Storm Security Tools
Ostinato is an open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. This is the Mac OS X release.
-
-
18:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 916-1 - Emmanuel Bouillon discovered that Kerberos did not correctly handle certain message types. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC to crash, leading to a denial of service. Nalin Dahyabhai, Jan iankko Lieskovsky, and Zbysek Mraz discovered that Kerberos did not correctly handle certain GSS packets. An unauthenticated remote attacker could send specially crafted traffic that would cause services using GSS-API to crash, leading to a denial of service.
-
18:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 916-1 - Emmanuel Bouillon discovered that Kerberos did not correctly handle certain message types. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC to crash, leading to a denial of service. Nalin Dahyabhai, Jan iankko Lieskovsky, and Zbysek Mraz discovered that Kerberos did not correctly handle certain GSS packets. An unauthenticated remote attacker could send specially crafted traffic that would cause services using GSS-API to crash, leading to a denial of service.
-
2:00
»
Hack a Day
[Dave] figured out the command set for the IM-ME terminal. It took a bit of sleuthing to get this pink plastic peripheral to give up these secrets. He used an oscilloscope to sniff out the SPI connections, then used a hacked IM-ME to capture the traffic from a factory-fresh unit. He managed to extrapolate how [...]
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution