The MH Deskreference - Delta Force

More documents

Recommendations

Info

the packet away if the answer disagrees with the original. The checksum is put on the end of the packet, not in the header. When these packets are received by the other end, of course all the headers are removed. The Ethernet interface removes the Ethernet header and the checksum. It looks at the type code. Since the type code is the one assigned to IP, the Ethernet device driver passes the datagram up to IP. IP removes the IP header. It looks at the IP protocol field. Since the protocol type is TCP, it passes the datagram up to TCP. TCP now looks at the sequence number. It uses the sequence numbers and other information to combine all the datagrams into the original file. The ends our initial summary of TCP/IP. There are still some crucial concepts we haven't gotten to, so we'll now go back and add details in several areas. (For detailed descriptions of the items discussed here see, RFC 793 for TCP, RFC 791 for IP, and RFC's 894 and 826 for sending IP over Ethernet.) [2.1.4] Well-Known Sockets And The Applications Layer So far, we have described how a stream of data is broken up into datagrams, sent to another computer, and put back together. However something more is needed in order to accomplish anything useful. There has to be a way for you to open a connection to a specified computer, log into it, tell it what file you want, and control the transmission of the file. (If you have a different application in mind, e.g. computer mail, some analogous protocol is needed.) This is done by "application protocols". The application protocols run "on top" of TCP/IP. That is, when they want to send a message, they give the message to TCP. TCP makes sure it gets delivered to the other end. Because TCP and IP take care of all the networking details, the applications protocols can treat a network connection as if it were a simple byte stream, like a terminal
or phone line. Before going into more details about applications programs, we have to describe how you find an application. Suppose you want to send a file to a computer whose Internet address is 128.6.4.7. To start the process, you need more than just the Internet address. You have to connect to the FTP server at the other end. In general, network programs are specialized for a specific set of tasks. Most systems have separate programs to handle file transfers, remote terminal logins, mail, etc. When you connect to 128.6.4.7, you have to specify that you want to talk to the FTP server. This is done by having "well-known sockets" for each server. Recall that TCP uses port numbers to keep track of individual conversations. User programs normally use more or less random port numbers. However specific port numbers are assigned to the programs that sit waiting for requests. For example, if you want to send a file, you will start a program called "ftp". It will open a connection using some random number, say 1234, for the port number on its end. However it will specify port number 21 for the other end. This is the official port number for the FTP server. Note that there are two different programs involved. You run ftp on your side. This is a program designed to accept commands from your terminal and pass them on to the other end. The program that you talk to on the other machine is the FTP server. It is designed to accept commands from the network connection, rather than an interactive terminal. There is no need for your program to use a well-known socket number for itself. Nobody is trying to find it. However the servers have to have wellknown numbers, so that people can open connections to them and start sending them commands. The official port numbers for each program are given in "Assigned Numbers". Note that a connection is actually described by a set of 4 numbers: the Internet address at each end, and the TCP port number at each end. Every datagram has all four of those numbers in it. (The Internet
Page 1 and 2: The MH DeskReference Version 1.2 Wr
Page 3 and 4: [2.1.7] Routing [2.1.8] Subnets and
Page 5 and 6: [6.1.6] Restricting Anonymous netwo
Page 7 and 8: [7.2.1] Encryption Issues [7.2.2] O
Page 9 and 10: [10.0.0] WinGate [10.0.1] What Is W
Page 11 and 12: [12.0.9] history [12.1.0] ip http a
Page 13 and 14: [12.5.5] ppp pap sent-username [12.
Page 15 and 16: [13.1.1] Crashing NT using NTFS [13
Page 17 and 18: [16.0.3] COMPARISION TO THE MICROSO
Page 19 and 20: [0.0.3] Thanks and Greets Extra spe
Page 21 and 22: as only an interface between the ap
Page 23 and 24: 1F U NetDDE Service 20 U File Serv
Page 25 and 26: nbtstat -A [ipaddress] nbtstat -a [
Page 27 and 28: ID. The NetBIOS scope ID is a chara
Page 29 and 30: The Redirector is the component tha
Page 31 and 32: name and password for the other com
Page 33 and 34: mail from a mail server.) These ser
Page 35 and 36: Some operate on a command by comman
Page 37 and 38: servers use the telnet protocol, al
Page 39 and 40: services that every application nee
Page 41 and 42: Two separate protocols are involved
Page 43 and 44: the octets in the datagram (more or
Page 45: [2.1.3] The Ethernet level Most of
Page 49 and 50: of the message, and the recipients
Page 51 and 52: So far, we have described only conn
Page 53 and 54: A typical example is the name BORAX
Page 55 and 56: system is attached to some local ne
Page 57 and 58: Details about Internet Addresses: S
Page 59 and 60: each host that is interested in the
Page 61 and 62: didn't say how to figure out what E
Page 63 and 64: .:Regedit.exe enables you to search
Page 65 and 66: * Hardware: Database that describes
Page 67 and 68: Although I am not gauranteeing that
Page 69 and 70: \SYSTEM System-Full Control Admin-S
Page 71 and 72: The Point-To-Point Tunneling Protoc
Page 73 and 74: A computer that is able to use the
Page 75 and 76: Most PPTP sessions are started by a
Page 77 and 78: IP Header -------------------------
Page 79 and 80: This following is a list of Windows
Page 81 and 82: [4.0.7] Special Security Update SPE
Page 83 and 84: Usage: tracert IP or Hostname Switc
Page 85 and 86: Usage: ping IP address or Hostname
Page 87 and 88: The column headings generated by NB
Page 89 and 90: 01 U Messenger Service 01 G Master
Page 91 and 92: [5.0.7] The IpConfig Command The ip
Page 93 and 94: take for granted and dont understan
Page 95 and 96: than a machine the Internet. A mach
Page 97 and 98:
In general, you should install only
Page 99 and 100:
Value: Whatever you want for the te
Page 101 and 102:
Users should either log off or lock
Page 103 and 104:
[6.1.6] Restricting Anonymous netwo
Page 105 and 106:
Passfilt.dll implements the followi
Page 107 and 108:
If a Windows NT client selects leve
Page 109 and 110:
Default configuration allows guests
Page 111 and 112:
The changes will take effect the ne
Page 113 and 114:
Samba or Hewlett-Packard (HP) LM/X
Page 115 and 116:
Log on/Log off: Logs both local and
Page 117 and 118:
1 is granted to everyone so is mean
Page 119 and 120:
\WINNT\SYSTEM32\SPOOL Administrator
Page 121 and 122:
ServiceInstalled Not Installed Aler
Page 123 and 124:
[6.3.4] Unbind Unnecessary Services
Page 125 and 126:
derivative information provides an
Page 127 and 128:
This will grant Administrators chan
Page 129 and 130:
Event Logger of any failed or succe
Page 131 and 132:
smtp 25/tcp mail time 37/tcp timser
Page 133 and 134:
conference 531/tcp chat netnews 532
Page 135 and 136:
dc 2001/tcp mailbox 2004/tcp berkne
Page 137 and 138:
daytime 13/udp netstat 15/udp qotd
Page 139 and 140:
timed 525/udp timeserver netwall 53
Page 141 and 142:
imsl 2044/udp cdfunc 2045/udp sdfun
Page 143 and 144:
In conjunction with other products,
Page 145 and 146:
[7.0.5] What is the LAT? This is pr
Page 147 and 148:
[7.0.8] Proxy Server Architecture T
Page 149 and 150:
[7.1.2] ISAPI Application The ISAPI
Page 151 and 152:
Proxy allows an administrator to co
Page 153 and 154:
When the system logs information co
Page 155 and 156:
etween an internal, or "trusted" ne
Page 157 and 158:
A more sophisticated network level
Page 159 and 160:
firewalls, as they provide the best
Page 161 and 162:
Now, true, remote registry editing
Page 163 and 164:
[8.0.0] NetBIOS Attack Methods This
Page 165 and 166:
What follows is pretty much a step
Page 167 and 168:
[8.0.3] Intro to the NET commands T
Page 169 and 170:
[8.2.0] Net Stop: Stops NT services
Page 171 and 172:
C:\net use /? The syntax of this co
Page 173 and 174:
[*]--- CONNECTED with name: *SMBSER
Page 175 and 176:
[*]--- WARNING: Directory is writea
Page 177 and 178:
***::: IUSR_STUDENT7:1014:582E69433
Page 179 and 180:
service.grp contains the list of gr
Page 181 and 182:
Vacuum:SGXJVl6OJ9zkE The above pass
Page 183 and 184:
There have been a few papers about
Page 185 and 186:
[10.0.5] Port 6667 IRC Proxy The ir
Page 187 and 188:
2.2.2.2. The pentagon know that IP
Page 189 and 190:
Note: This is script will kick/ban
Page 191 and 192:
do that you should? If I was one of
Page 193 and 194:
[11.0.4] Default NT user groups The
Page 195 and 196:
guest account, some applications re
Page 197 and 198:
PWDUMP does require that you are an
Page 199 and 200:
USHORT len; USHORT maxlen; WCHAR *b
Page 201 and 202:
------------- cut -------------- If
Page 203 and 204:
Administrative shares are default a
Page 205 and 206:
entries (ACEs) in the list. After t
Page 207 and 208:
nu.exe - 'net use' replacement, sho
Page 209 and 210:
Another possible indication is chec
Page 211 and 212:
e blocked by the Security configura
Page 213 and 214:
In the following example, entering
Page 215 and 216:
command line. Ctrl-V and Esc Q Inse
Page 217 and 218:
Because many of the privileged comm
Page 219 and 220:
Available in all command modes. Usa
Page 221 and 222:
Related Command help [12.0.8] help
Page 223 and 224:
argument of a partially complete ac
Page 225 and 226:
terminal history size † [12.1.0]
Page 227 and 228:
Use this command if ClickStart or t
Page 229 and 230:
[12.1.4] menu (global) Use the menu
Page 231 and 232:
menu name command number Syntax Des
Page 233 and 234:
name The configuration name of the
Page 235 and 236:
displaying menus and submenus, inst
Page 237 and 238:
terminal history size† [12.1.9] t
Page 239 and 240:
immediately following should be tre
Page 241 and 242:
access-lists List access lists appl
Page 243 and 244:
[12.2.3] aaa authentication arap To
Page 245 and 246:
Related Commands aaa authentication
Page 247 and 248:
enable password † [12.2.5] aaa au
Page 249 and 250:
Command Mode Global configuration U
Page 251 and 252:
[12.2.7] aaa authentication nasi To
Page 253 and 254:
aaa authentication nasi default tac
Page 255 and 256:
list-name Character string used to
Page 257 and 258:
Syntax Description text-string Stri
Page 259 and 260:
Note There are five commands associ
Page 261 and 262:
preconfigured on the router. Per-us
Page 263 and 264:
valid for ISDN. no yes yes tunnel-i
Page 265 and 266:
Command Mode Global configuration U
Page 267 and 268:
aaa authentication login aaa authen
Page 269 and 270:
The following example illustrates t
Page 271 and 272:
no enable use-tacacs Caution If you
Page 273 and 274:
The specified interface must have a
Page 275 and 276:
no kerberos clients mandatory Synta
Page 277 and 278:
sh † telnet † [12.4.2] kerberos
Page 279 and 280:
kerberos realm kerberos server kerb
Page 281 and 282:
Usage Guidelines This command first
Page 283 and 284:
SRVTAB entry configuration. (The Ke
Page 285 and 286:
Configuration Usage Guidelines This
Page 287 and 288:
Disabled Command Mode Line configur
Page 289 and 290:
Related Commands A dagger (†) ind
Page 291 and 292:
authentication command to turn on P
Page 293 and 294:
ppp pap [12.5.4] ppp chap password
Page 295 and 296:
You must configure this command for
Page 297 and 298:
Caution Normal CHAP authentications
Page 299 and 300:
adius-server host {hostname | ip-ad
Page 301 and 302:
no radius-server key Syntax Descrip
Page 303 and 304:
The following example specifies a r
Page 305 and 306:
In the following example, output is
Page 307 and 308:
tacacs-server host [12.6.4] tacacs-
Page 309 and 310:
tacacs-server authenticate connect
Page 311 and 312:
new-model command. Example The foll
Page 313 and 314:
Use the tacacs-server key global co
Page 315 and 316:
Related Commands A dagger (†) ind
Page 317 and 318:
This command first appeared in Cisc
Page 319 and 320:
Related Command tacacs-server host
Page 321 and 322:
name Name of an IP access list. The
Page 323 and 324:
clear access-template vendor 172.20
Page 325 and 326:
172.30.3.11 172.30.67.53 4 246 172.
Page 327 and 328:
Syntax Description level (Optional)
Page 329 and 330:
not be able to reenter enable mode.
Page 331 and 332:
Default No password is defined. The
Page 333 and 334:
enable password [12.8.1] ip identd
Page 335 and 336:
line 7 login authentication list1 R
Page 337 and 338:
the line. privilege level level no
Page 339 and 340:
This command first appeared in Cisc
Page 341 and 342:
username name [callback-line [tty]
Page 343 and 344:
level (Optional) Number between 0 a
Page 345 and 346:
The following example configuration
Page 347 and 348:
or stream data to port84 of an NT s
Page 349 and 350:
entire network. In fact, they could
Page 351 and 352:
fclose(f); If fopen() failed (easy
Page 353 and 354:
SCRIPT_FILENAME=/usr/local/frontpag
Page 355 and 356:
ecause I am not fully familiar with
Page 357 and 358:
#include #include #include #incl
Page 359 and 360:
strcpy(bcastaddr[x], buf); x++; } b
Page 361 and 362:
struct iphdr *ip; struct icmphdr *i
Page 363 and 364:
eturn(answer); } [13.0.5] SLMail Se
Page 365 and 366:
October 21, 1997 Scheduler/Winlogin
Page 367 and 368:
seemed to be originating from, I de
Page 369 and 370:
passwords. This problem will persis
Page 371 and 372:
We'll explain this out a bit cleare
Page 373 and 374:
edirected to a second telnet sessio
Page 375 and 376:
ypasses the security set by IIS on
Page 377 and 378:
The person bringing this new progra
Page 379 and 380:
The Web site is hosted on a server
Page 381 and 382:
--From ntsecurity.net An icon can b
Page 383 and 384:
On NT 4.x there is a Key HKEY_LOCAL
Page 385 and 386:
#include #include #include struc
Page 387 and 388:
len = passwd->len/sizeof(WCHAR); wb
Page 389 and 390:
program, effectively undoing everyt
Page 391 and 392:
a log entry of the command string e
Page 393 and 394:
in the packet is "spoofed," or repl
Page 395 and 396:
if you dont know get a guide and st
Page 397 and 398:
[15.0.4] Step 4: Install ttysnoop.
Page 399 and 400:
By following the above steps, you h
Page 401 and 402:
A showmount on ninja.com would look
Page 403 and 404:
InterCore:/mnt/home/pamcourt/$ whoa
Page 405 and 406:
..__MSBROWSE__. GROUP Registered MA
Page 407 and 408:
** smbmount toupper()'s the content
Page 409 and 410:
} printf("Can't allocate memory.\n"
Page 411 and 412:
$ we could also use this to find a
Page 413 and 414:
c - is a character file The next 3
Page 415 and 416:
oot:x:0:1:System Administrators:/:/
Page 417 and 418:
login: b0bby *Then it will ask you
Page 419 and 420:
Also a good finger -l @victim.com c
Page 421 and 422:
students and what there major is. S
Page 423 and 424:
There is a basic example of how to
Page 425 and 426:
from the bottom pin on the right of
Page 427 and 428:
| | | Vin ________| | |_________Vou
show all

The MH Deskreference - Delta Force

Create successful ePaper yourself

Delete template?

Save as template?