Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>in</strong>formation found with<strong>in</strong> these databases is public and serve as the “white pages phone book”<br />
for the worldwide Internet community.<br />
The DNS is also an important component of the Internet’s <strong>in</strong>frastructure. DNS is a hierarchical<br />
database distributed around the world that stores a variety of <strong>in</strong>formation, <strong>in</strong>clud<strong>in</strong>g IP addresses,<br />
doma<strong>in</strong> names, and mail server <strong>in</strong>formation. DNS entries normally conta<strong>in</strong> a great deal of<br />
<strong>in</strong>formation relevant to the attacker, <strong>in</strong>clud<strong>in</strong>g the registrant’s name, the doma<strong>in</strong> name, the<br />
adm<strong>in</strong>istrative contact, when a record was created and updated, and the DNS servers with<strong>in</strong> that<br />
doma<strong>in</strong>. Us<strong>in</strong>g a process called “resolv<strong>in</strong>g,” users and programs search the DNS hierarchy for<br />
<strong>in</strong>formation about given doma<strong>in</strong> names. A list of dynamic host configuration protocol (DHCP)<br />
servers, e-mail servers, major file servers, major database servers, and other key system services<br />
is potentially available from DNS zone <strong>in</strong>formation, should the attacker eventually be able to<br />
access it 4 . These lists will normally <strong>in</strong>clude relevant <strong>in</strong>formation such as their IP addresses and<br />
DNS names of devices support<strong>in</strong>g essential <strong>in</strong>frastructure services of the target deployment.<br />
This <strong>in</strong>formation can be followed up <strong>in</strong> subsequent network queries, po<strong>in</strong>t-of-contact queries,<br />
and other mechanisms to subsequently learn <strong>in</strong>creas<strong>in</strong>g detail about these key devices with<strong>in</strong> the<br />
target environment.<br />
Dur<strong>in</strong>g this <strong>in</strong>vestigation, the attacker will also be look<strong>in</strong>g for serious but far-too-common<br />
configuration mistakes, such as allow<strong>in</strong>g untrusted users to perform DNS zone transfers. Should<br />
such a vulnerability exist, it can easily be exploited through nslookup and other means.<br />
The explicit goal of the attacker at this stage is to learn as much as possible about the target<br />
organization, the doma<strong>in</strong>, and network <strong>in</strong>frastructures to be attacked. This explicitly <strong>in</strong>cludes<br />
po<strong>in</strong>t of contact <strong>in</strong>formation that is very useful for many classes of social attacks. Most<br />
importantly, the attacker seeks to construct an accurate network map of the target environment,<br />
<strong>in</strong>clud<strong>in</strong>g an accurate classification of the operat<strong>in</strong>g systems (OS) and applications resid<strong>in</strong>g<br />
with<strong>in</strong> both the routers and computers with<strong>in</strong> the target environment, as well as their IP<br />
addresses and DNS names (if appropriate). Such <strong>in</strong>formation will be useful to maximize the<br />
efficiency and potency of the subsequent attacks.<br />
A.1.2 NETWORK RECONNAISSANCE.<br />
Once network enumeration has become somewhat complete, the attacker will usually attempt to<br />
determ<strong>in</strong>e the actual network topology as well as potential access paths <strong>in</strong>to the network from<br />
the attacker’s current location(s). On thoroughly mobile environments such as aircraft <strong>in</strong> flight,<br />
this <strong>in</strong>formation may prove to be largely transient <strong>in</strong> nature. Dur<strong>in</strong>g this stage, the attacker is<br />
likely to use tools, such as traceroute, s<strong>in</strong>ce it directly aids <strong>in</strong> the construction of network<br />
diagrams. Other less useful tools, like p<strong>in</strong>g, may also be employed.<br />
One of the more useful historic general-purpose hacker tools for do<strong>in</strong>g network enumeration and<br />
network reconnaissance is Sam Spade 5 . Many freely available web-based reconnaissance tools<br />
4 Organizations can use a technique called “Split-Horizon DNS” to reduce this threat. This technique ma<strong>in</strong>ta<strong>in</strong>s<br />
substantially more <strong>in</strong>formation about the local deployment on local private DNS servers than the externally<br />
accessible public DNS servers.<br />
5 see http://preview.samspade.org/ssw<br />
A-2