Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
APPENDIX A—HISTORIC ATTACK MECHANISMS AND TOOLS<br />
The follow<strong>in</strong>g sections conta<strong>in</strong> technical details about historic attack mechanisms and tools that<br />
identify and exploit latent bugs with<strong>in</strong> commercial off-the-shelf (COTS) comput<strong>in</strong>g and network<br />
systems [A-1 through A-8]. These mechanisms are not fully expla<strong>in</strong>ed for non-<strong>in</strong>formation<br />
assurance (IA) security personnel, s<strong>in</strong>ce an explanation of these details was outside of the scope<br />
of this research. Rather, these details provide partial evidence of the fact that the vast majority<br />
of modern comput<strong>in</strong>g equipment deployed with<strong>in</strong> Internet protocol (IP) networks today cannot<br />
be adequately secured <strong>in</strong> general. Specifically, their security provisions, <strong>in</strong>clud<strong>in</strong>g their trusted<br />
paths and security controls, have repeatedly been demonstrated to not be viable when attacked.<br />
This po<strong>in</strong>t was <strong>in</strong>itially mentioned <strong>in</strong> section 4.3 and then more fully discussed <strong>in</strong> section 4.4 of<br />
this report.<br />
A.1 FINGERPRINTING (MAPPING AND TARGET ACQUISITION).<br />
F<strong>in</strong>gerpr<strong>in</strong>t<strong>in</strong>g is traditionally the first stage of an attack aga<strong>in</strong>st IP-based systems. The goal of<br />
f<strong>in</strong>gerpr<strong>in</strong>t<strong>in</strong>g is to enable attackers to create a profile of the system and devices that they seek to<br />
eventually attack, <strong>in</strong>clud<strong>in</strong>g determ<strong>in</strong><strong>in</strong>g their relative security posture and defenses.<br />
The earliest stage of f<strong>in</strong>gerpr<strong>in</strong>t<strong>in</strong>g consists of gather<strong>in</strong>g whatever <strong>in</strong>formation one can about the<br />
target deployment and the technologies it uses. Increas<strong>in</strong>gly web sites are provid<strong>in</strong>g an<br />
<strong>in</strong>credible wealth of <strong>in</strong>formation that can be used by attackers. For example, attackers frequently<br />
do web searches for network l<strong>in</strong>ks to the target organization. E-mail messages orig<strong>in</strong>at<strong>in</strong>g from<br />
with<strong>in</strong> the target environment, notably <strong>in</strong>clud<strong>in</strong>g the simple mail transfer protocol’s (SMTP)<br />
e-mail headers, also conta<strong>in</strong> much useful <strong>in</strong>formation about the target environment. F<strong>in</strong>ally,<br />
news groups often reveal a surpris<strong>in</strong>g amount of <strong>in</strong>formation that is directly relevant to an<br />
attacker.<br />
A.1.1 NETWORK ENUMERATION.<br />
Attackers will seek to obta<strong>in</strong> <strong>in</strong>formation about doma<strong>in</strong> names and the associated networks of the<br />
target deployment to learn about the networks with<strong>in</strong> those environments. Due to<br />
<strong>in</strong>teroperability and connectivity requirements, the target environment may be required to expose<br />
highly relevant doma<strong>in</strong> name system (DNS) zone <strong>in</strong>formation to DNS servers elsewhere with<strong>in</strong><br />
the larger National Airspace System environment. Relevant <strong>in</strong>formation may also be available<br />
from whois servers (see section 14).<br />
The American Registry for Internet Numbers database 1 conta<strong>in</strong>s <strong>in</strong>formation about who owns<br />
particular IP address ranges and given company or doma<strong>in</strong> names. This database can also be<br />
searched to retrieve potentially useful <strong>in</strong>formation for doma<strong>in</strong>s located with<strong>in</strong> the Americas. The<br />
Reseaux IP Europeens Network Coord<strong>in</strong>ation Centre 2 conta<strong>in</strong>s similar European <strong>in</strong>formation and<br />
the Asia Pacific Network Information Center 3 conta<strong>in</strong>s similar Asian <strong>in</strong>formation. The<br />
1 ARIN; see www.ar<strong>in</strong>.net/<strong>in</strong>dex.shtml<br />
2 RIPE NCC; see www.ripe.net<br />
3 APNIC; see www.apnic.net<br />
A-1