Hi Shrey, On Sun, Apr 3, 2011 at 8:09 PM, Luis A. Bastiao Silva <[email protected]> wrote: > It means change behavior of protocols. The firewall can block the traffic, > and audit, based on questions, answer with different answer, not the > expected ones. > For instance, do a request to an HTTP server. Then, the MITM audit can > change the answer of HTTP Server, to fuzzing the client, and test it. It is > change the behavior of protocol. Make sense? > > On Sun, Apr 3, 2011 at 7:55 PM, Shrey Sharma <[email protected]> > wrote: >> >> And I have one more question.... >> In the project named Packet Manipulator-new audit >> what does "change the protocols behavior based on MITM audits" means ...I >> mean do we have to work to prevent such attacks ?? >> -Shrey >> >> On Mon, Apr 4, 2011 at 12:21 AM, Shrey Sharma <[email protected]> >> wrote: >>> >>> Hey i was jst experimenting with my Nmap and i found that it doesn’t >>> identify the windows platform precisely ...i.e. it says that it could be >>> windows 7,windows vista, windows 2000.. >>> >>> but it doesn’t identify that exactly which version is being used.So , I >>> have come up with an idea, Please read it and tell me if it can work.. >>> >>> “Less tactful attempts at OS identification can be made by >>> >>> launching known exploits for a given OS type against a target host, in >>> >>> chronological order. The theory is that exploits are patched as they are >>> >>> discovered so by starting with the oldest known exploit against a given >>> host >>> >>> and working forward should yield a point at which an attack succeeds, >>> which >>> >>> should thereby identify the revision of OS in use. As an example, >>> Microsoft >>> >>> Windows 95, 98 and NT4 are difficult to distinguish supposedly because >>> the >>> >>> IP stack code was only marginally revised between OS versions. Starting >>> >>> with a basic WinNuke attack and moving forward to more complex attacks >>> such as Teardrop can eventually yield a vulnerability that points to the >>> type and/or hotfix revision that is missing from the OS, thus indicating the >>> current patch level”
This exploit chronology method is indeed useful. But, sometimes (I think almost always) you don't want to damage the target machine or be identified by a NIDS. So, I agree it can be used, but this approach is something associated to "the end justifies the means". That is a new tool being developed in Umit that can recognize this OSes (see the proposal at http://www.dca.ufrn.br/~joaomedeiros/gsoc/2009/proposal/node1.html, specially Figure 2). Zion use just valid packets and is very difficult to be identify by a NIDS (in my tests it never happened). So, I think you can contribute developing Zion to achieve this very objective. >>> Waiting Eagerly, >>> -Shrey >>> On Sat, Apr 2, 2011 at 5:40 PM, Luis A. Bastiao Silva >>> <[email protected]> wrote: >>>> >>>> Ah, now I notice, did you need any help to start running Audit >>>> Framework? >>>> >>>> On Fri, Apr 1, 2011 at 5:24 PM, Luis A. Bastiao Silva >>>> <[email protected]> wrote: >>>>> >>>>> Shrey, >>>>> You should start by doing a proposal. >>>>> Start filling the template: >>>>> http://www.google-melange.com/gsoc/org/home/google/gsoc2011/umit >>>>> Then, submit, and you can edit on the fly. I can paste a few comments. >>>>> Start by filling it. >>>>> >>>>> >>>>> On Fri, Apr 1, 2011 at 4:52 PM, Shrey Sharma <[email protected]> >>>>> wrote: >>>>>> >>>>>> Can you please suggest me how can I submit a patch on 11 - Packet >>>>>> Manipulator - new audits ? >>>>>> and how can I improve my chances to get selected for this project. >>>>>> >>>>>> On Fri, Apr 1, 2011 at 9:03 PM, Luis A. Bastiao Silva >>>>>> <[email protected]> wrote: >>>>>>> >>>>>>> Hi Shrey, >>>>>>> >>>>>>> On Fri, Apr 1, 2011 at 3:55 PM, Shrey Sharma >>>>>>> <[email protected]> wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> My name is Shrey Sharma.I am really very excited >>>>>>>> about Packet Manipulator . >>>>>>>> I am a B.tech Student of Indian Institute of >>>>>>>> Technology(IIT),Kharagpur majoring in Computer Science. >>>>>>>> I have a huge interest in the field of networks. I >>>>>>>> have also volunteered as the system administrator in my Computer >>>>>>>> Science >>>>>>>> Department . >>>>>>> >>>>>>> Thanks for introduction. It has a great value for us, because we are >>>>>>> an open souce organization focused on network security, audit, >>>>>>> monitoring .. >>>>>>> :) >>>>>>> >>>>>>>> >>>>>>>> Skills: >>>>>>>> I know Python,but didn't do any major project in it. >>>>>>>> I am currently learning about the network protocols. >>>>>>>> Recently, attended a workshop on Hacking and Digital >>>>>>>> Securities organized by Kyrion Digital Securities >>>>>>>> It would be really great if you could suggest me any work >>>>>>>> that I can do to increase my chances to work in this project. >>>>>>>> I have gone through all the links but it would be great >>>>>>>> if you can send further details of this project. >>>>>>> >>>>>>> Related ideas: >>>>>>> http://www.umitproject.org/?active=gsoc&mode=ideas#6 >>>>>>> http://www.umitproject.org/?active=gsoc&mode=ideas#7 >>>>>>> http://www.umitproject.org/?active=gsoc&mode=ideas#11 >>>>>>> You can also propose your own idea to improve PacketManipulator. >>>>>>> Information about Packet Manipulator: >>>>>>> http://trac.umitproject.org/wiki/PacketManipulator >>>>>>> Information about Audit Framework (PacketManipulator framework) >>>>>>> http://trac.umitproject.org/wiki/AuditFramework >>>>>>> Submit your proposal: >>>>>>> http://www.google-melange.com/gsoc/org/google/gsoc2011/umit >>>>>>> >>>>>>> >>>>>>> Just let us know if you need further information. >>>>>>> >>>>>>>> >>>>>>>> Eagerly Waiting for your reply, >>>>>>>> Shrey Sharma >>>>>>>> Department of Computer Science >>>>>>>> IIT Kharagpur >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> Create and publish websites with WebMatrix >>>>>>>> Use the most popular FREE web apps or write code yourself; >>>>>>>> WebMatrix provides all the features you need to develop and >>>>>>>> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Umit-devel mailing list >>>>>>>> [email protected] >>>>>>>> https://lists.sourceforge.net/lists/listinfo/umit-devel >>>>>>>> >>>>>>> >>>>>>> >>>>>>> Best Regards, >>>>>>> -- >>>>>>> Luís A. Bastião Silva >>>>>>> Skype: koplabs >>>>>>> http://www.bastiao.org >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Luís A. Bastião Silva >>>>> Skype: koplabs >>>>> http://www.bastiao.org >>>> >>>> >>>> >>>> -- >>>> Luís A. Bastião Silva >>>> Skype: koplabs >>>> http://www.bastiao.org >>> >> > > > Best Regards, > -- > Luís A. Bastião Silva > Skype: koplabs > http://www.bastiao.org > > ------------------------------------------------------------------------------ > Create and publish websites with WebMatrix > Use the most popular FREE web apps or write code yourself; > WebMatrix provides all the features you need to develop and > publish your website. http://p.sf.net/sfu/ms-webmatrix-sf > > _______________________________________________ > Umit-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/umit-devel > > -- Att, João Medeiros ------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Umit-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/umit-devel
