Sunday, December 6, 2009

Glossary

802.3 The standard IEEE 802.3 format; also known as Novell 802.2.



10BaseT IEEE 802.3 Physical Layer specification for twisted-pair Ethernet using unshielded twisted pair wire at 10 Mbps. 10BaseT is nomenclature for 10 Mbps, Baseband, Twisted Pair Cable.



Activation The point at which the computer initially ''catches" a virus, commonly from a trusted source.



API (Application Programming Interface) A technology that enables an application on one station to communicate with an application on another station.



ARP (Address Resolution Protocol) A packet broadcast to all hosts attached to a physical network.This packet contains the IP address of the node or station with which the sender wishes to communicate.



ARPANET An experimental wide area network that spanned the United States in the 1960s, formed by the U.S. Department of Defense's Advanced Research Projects Agency, ARPA (later called

DARPA).



ASCII (American Standard Code for Information Interchange) The universal standard for the numerical codes computers use to represent all upper- and lowercase letters, numbers, and punctuation.



Asynchronous Stations transmit in restricted or nonrestricted conditions; a restricted station can transmit with up to full ring bandwidth for a period of time allocated by station management; nonrestricted stations distribute all available bandwidth, minus restrictions, among the remaining stations.



Backdoor A means and method by which hackers gain and retain access to a system and cover their tracks.



Bandwidth A measure of the amount of traffic the media can handle at one time. In digital communication, describes the amount of data that can be transmitted over the line measured in bits per second (bps).



Bit A single-digit number in Base-2 (a 0 or a 1); the smallest unit of computer data.



Buffer Flow Control As data is passed in streams, protocol software may divide the stream to fill specific buffer sizes. TCP manages this process to prevent a buffer overflow. During this process, fast-sending stations may be periodically stopped so that slow-receiving stations can keep up.



Buffering Internetworking equipment such as routers use this technique as memory storage for incoming requests. Requests are allowed to come in as long as there is enough buffer space (memory address space) available. When this space runs out (buffers are full), the router will begin to drop packets.



Byte The number of bits (8) that represent a single character in the computer's memory.



Cracker A person who overcomes the security measures of a network or particular computer system to gain unauthorized access. Technically, the goal of a cracker is to obtain information illegally from a computer system or to use computer resources illegally; however, the majority of crackers merely want to break into the system.



CRC (Cyclic Redundancy Check) A verification process for detecting transmission errors. The sending station computes a frame value before transmission. Upon frame retrieval, the receiving station must compute the same value based on a complete, successful transmission.



CSMA/CD (Carrier Sense with Multiple Access aid Collision Detection) Technology bound with Ethernet to detect collisions. Stations involved in a collision immediately abort their transmissions. The first station to detect the collision sends out an alert to all stations. At this point, all stations execute a random collision timer to force a delay before attempting to transmit their frames. This timing delay mechanism is termed the back-off algorithm. If multiple collisions are detected, the random delay timer is doubled.



Datagram The fundamental transfer unit of the Internet. An IP datagram is the unit of data commuted between IP modules.



Demultiplexing The separation of the streams that have been multiplexed into a common stream back into multiple output streams.



DSL (Digital Subscriber Line) A high-speed connection to the Internet that can provide from 6 to 30 times the speed of current ISDN and analog technology, at a fraction of the cost of comparable services. In addition, DSL uses telephone lines already in the home



Error Checking A function that is typically performed on connection-oriented sessions whereby each packet is examined for missing bytes. The primary values involved in this process are termed checksums. With this procedure, a sending station calculates a checksum value and transmits the packet. When the packet is received, the destination station recalculates the value to determine whether there is a checksum match. If a match takes place, the receiving station processes the packet. If there was an error in transmission, and the checksum recalculation does not match, the sender is prompted for packet retransmission.



Error Rate In data transmission, the ratio of the number of incorrect elements transmitted to the total number of elements transmitted.



FDDI (Fiber Distributed Data Interface) Essentially a high-speed Token Ring network with redundancy failover using fiber optic cable.



File Server A network device that can be accessed by several computers through a local area network (LAN). It directs the movement of files and data on a multiuser communications network, and "serves" files to nodes on a local area network.



Fragmentation Scanning A modification of other scanning techniques, whereby a probe packet is broken into a couple of small IP fragments. Essentially, the TCP header is split over several packets to make it harder for packet filters to detect what is happening.



Frame A group of bits sent serially (one after another) that includes the source address, destination address, data, frame-check sequence, and control information. Generally, a frame is a logical transmission unit. It is the basic data transmission unit employed in bit-oriented protocols.



Full-Duplex Connectivity Stream transfer in both directions, simultaneously, to reduce overall network traffic.

Hacker Typically, a person who is totally immersed in computer technology and computer programming, and who likes to examine the code of operating systems and other programs to see how they work. This individual subsequently uses his or her computer expertise for illicit purposes such as gaining access to computer systems without permission and tampering with programs and data.



Hacker's Technology Handbook A collection of the key concepts vital to developing a hacker's knowledge base.



Handshaking A process that, during a session setup, provides control information exchanges, such as link speed, from end to end.



HTML (Hypertext Markup Language) A language of tags and codes by which programmers can generate viewable pages of information as Web pages.



Hub The center of a star topology network, also called a multiport repeater. The hub regenerates signals from a port, and retransmits to one or more other ports connected to it.

InterNIC The organization that assigns and controls all network addresses used over the Internet. Three classes, composed of 32-bit numbers, A, B, and C, have been defined.



IP (Internet Protocol) An ISO standard that defines a portion of the Layer 3 (network) OSI model responsible for routing and delivery. IP enables the transmission of blocks of data (datagrams) between hosts identified by fixed- length addresses.



IPX (Internetwork Packet Exchange) The original NetWare protocol used to route packets through an internetwork. IPX is a connectionless datagram protocol, and, as such, is similar to other unreliable datagram delivery protocols such as the Internet Protocol.



ISDN (Integrated Services Digital Network) A digital version of the switched analog communication.



LAN (Local Area Network) Group of computers and other devices dispersed over a relatively limited area and connected by a communications link that enables any station to interact with any other. These networks allow stations to share resources such as laser printers and large hard disks.



Latency The time interval between when a network station seeks access to a transmission channel and when access is granted or received. Same as waiting time.



Mail bombs Email messages used to crash a recipient's electronic mailbox; or to spam by sending unauthorized mail using a target's SMTP gateway. Mail bombs may take the form of one email message with huge files attached, or thousands of e-messages with the intent to flood a mailbox and/or server.



Manipulation The point at which the "payload" of a virus begins to take effect, as on a certain date (e. g. , Friday 13 or January 1), triggered by an event (e. g. , the third reboot or during a scheduled disk maintenance procedure).



MAU (Multistation Access Unit) The device that connects stations in a Token Ring network. Each MAU forms a circular ring.

MTU (Maximum Transfer Unit) The largest IP datagram that may be transferred using a data-link connection during the communication sequences between systems. The MTU value is a mutually agreed value, that is, both ends of a link agree to use the same specific value.



Multiplexing The method for transmitting multiple signals concurrently to an input stream, across a single physical channel.



NetBEUI (NetBIOS Extended User Interface) An unreliable protocol, limited in scalability, used in local Windows NT, LAN Manager, and IBM LAN server networks, for file and print services.



NetBIOS (Network Basic Input/Output System) An API originally designed as the interface to communicate protocols for IBM PC networks. It has been extended to allow programs written using the NetBIOS interface to operate on many popular networks.



Noise Any transmissions outside of the user's communication stream, causing interference with the signal. Noise interference can cause bandwidth degradation and, potentially, render complete signal loss.



Novell Proprietary Novell's initial encapsulation type; also known as Novel Ethernet 802. 3 and

802. 3 Raw.



OSI (Open Systems Interconnection) Model A seven-layer set of hardware and software guidelines generally accepted as the standard for overall computer communications



Packet A bundle of data, usually in binary form.



Phreak A person who breaks into telephone networks or other secured telecommunication systems.



PPP (Point-to-Point Protocol) An encapsulation protocol that provides the transportation of IP over serial or leased line point-to-point links.



Protocol A set of rules for communication over a computer network.



PVC (Permanent Virtual Circuit) Permanent communication sessions for frequent data transfers between DTE devices over Frame Relay.



RARP (Reverse Address Resolution Protocol) A protocol that allows a station to broadcast its hardware address, expecting a server daemon to respond with an available IP address for the station to use.



Replication The stage at which a virus infects as many sources as possible within its reach.



Service Advertisement Protocol A method by which network resources, such as file servers, advertise their addresses and the services they provide. By default, these advertisements are sent every 60 seconds.



Scanning (Port Scanning) A process in which as many ports as possible are scanned, to identify those that are receptive or useful to a particular hack attack. A scanner program reports these receptive listeners, analyzes weaknesses, and cross-references those frailties with a database of known hack methods for further explication.



Sniffers Software programs that passively intercept and copy all network traffic on a system, server, router, or firewall.

Source Quenching In partnership with buffering, source quenching sends messages to a source node as the receiver's buffers begin to reach capacity. The receiving router sends time-out messages to the sender instructing it to slow down until buffers are free again.



Streams Data is systematized and transferred as a stream of bits, organized into 8-bit octets or bytes. As these bits are received, they are passed on in the same manner.



Subnetting The process of dividing an assigned or derived address class into smaller individual, but related, physical networks.



SVC (Switched Virtual Circuit) A periodic, temporary communication session for infrequent data transfers.



Synchronous A system whereby stations are guaranteed a percentage of the total available bandwidth.



TCP (Transmission Control Protocol) A protocol used to send data in the form of message units between computers. TCP tracks the individual units of data called packets.



TCP FIN Scanning A more clandestine from of scanning. Certain firewalls and packet filters watch for SYNs to restricted ports, and programs such as Synlogger and Courtney are available to detect these scans. FIN packets, on the other hand, may be able to pass through unmolested, because closed ports tend to reply to FIN packet with the proper RST, while open ports tend to ignore the packet in question.



TCP Port Scanning The most basic form of scanning. With this method, an attempt is made to open a full TCP port connection to determine whether that port is active, or "listening."



TCP Reverse Ident Scanning A protocol that allows for the disclosure of the username of the owner of any process connected via TCP, even if that process didn't initiate the connection. It is possible, for example, to connect to the HTTP port and then use identd to find out whether the server is running as root.



TCP SYN Scanning Often referred to as half-open or stealth scanning, because a full TCP connection is not opened. A SYN packet is sent, as if opening a real connection, waiting for a response. A SYN/ACK indicates the port is listening. Therefore, a RST response is indicative of a nonlistener. If a SYN/ACK is received, an RST is immediately sent to tear down the connection. The primary advantage to this scanning technique is that fewer sites will log it.



Threat An activity, deliberate or unintentional, with the potential for causing harm to an automated information system or activity.



Trojan A malicious, security-breaking program that is typically disguised as something useful, such as a utility program, joke, or game download.



UDP (User Datagram Protocol) A communications protocol that offers a limited amount of service when messages are exchanged between computers in a network that uses IP.



UDP ICMP Port-Unreachable Scanning A scanning method that uses the UDP protocol instead of TCP. This protocol is less complex, but scanning it is significantly more difficult. Open ports don't have to send an acknowledgment in response to a probe, and closed ports aren't required to send an error packet. Fortunately, most hosts send an ICMPPORTUNREACH error when a packet is sent to a closed UDP port. Thus it is possible to determine whether a port is closed, and by exclusion, which ports are open.



UDP recvfrom( ) and write( ) Scanning Nonroot users can't read port-unreachable errors directly; therefore, Linux informs the user indirectly when they have been received. For example, a second write( ) call to a closed port will usually fail. A number of scanners such as netcat and pscan. c, do this. This technique is used for determining open ports when nonroot users use -u (UDP).



Virtual Circuits When one station requests communication with another, both stations inform their application programs and agree to communicate. If the link or communication between these stations fails, both stations are aware of the breakdown and inform their respective software applications. In this case, a coordinated retry will be attempted.



Virus A computer program that makes copies of itself by using, therefore requiring, a host program.



VLSM (Variable-Length Subnet Masking) The broadcasting of subnet information through routing protocols.



Vulnerability A flaw or weakness that may allow harm to occur to an automated information system or activity.



WAN (Wide Area Network) A communications network that links geographically dispersed systems.



Well-known Ports The first 1,024 of the 65,000 ports on a computer system, which are reserved for system services; as such, outgoing connections will have port numbers higher than 1023. This means that all incoming packets that communicate via ports higher than 1023 are actually replies to connections initiated by internal requests.



Windowing With this function, end-to-end nodes agree upon the number of packets to be sent per transmission. This packet number is termed the window size. For example, with a window size of 3, the source station will transmit three segments and then wait for an acknowledgment from the destination. Upon receiving the acknowledgment, the source station will send three more segments, and so on.

Bellovin, Steven, RFC 1675, "Security Concerns for IPng," August 1994.



Bellovin, Steven M., "Security Problems in the TCP/IP Protocol Suite,'' Computer Communication Review, vol .19, no. 2, Pages 2-6 April 1989.



———. "Problem Areas for the IP Security Protocol," in Proceedings of the Sixth Usenix UNIX Security Symposium, 1996.

Callon, R, RFC 2185, "Routing Aspects of IPv6 Transition", September 1997.

Carpenter, B, RFC 1671, "IPng: White Paper on Transition and Other Considerations," August 1994.

Carpenter, B, RFC 2529, "Transmission of IPv6 over IPv4 Domains without Explicit Tunnels,"

March 1999.



Daemon9, route, infinity, "Project Neptune (Analysis of TCP SYN Flooding)," Phrack Magazine, vol. 7, no.48, www.phrack.com.



Daemon9, route, infinity, "IP Spoofing Demystified," Phrack Magazine, vol.7, no. 48, www.phrack.com.



Deering, S, RFC 2460, "Internet Protocol, Version 6 (IPv6) Specification," December 1998.



Garfinkel, Simson, and Gene Spafford, Practical UNIX and Internet Security, Sebastopol, CA: O'Reilly and Associates, 1996.



--------- . Practical UNIX and Internet Security, 2nd Edition, Sebastopol, CA: O'Reilly & Associates,

1996.

--------- . Web Security & Commerce, Sebastopol, CA: O'Reilly & Associates, 1997.

Gilligan, R. RFC 1933, "Transition Mechanisms for IPv6 Hosts and Routers," April 1996.

Hiden, Robert, "History of the IPng Effort," www.huygens.org/~dillema/ietf/doc/history.html, referred October 15,1999.



Hinden, R, RFC 1517-RFC 1519, "Classless Inter-Domain Routing," September 1993.



Information Sciences Institute, RFC 791, "Internet Protocol," September 1981.



Internet Engineering Task Force (IETF), IPSec Working Group, www.ietf.org/html.charters/ipsec-charter.html IETF



Internet Software Consortium, www.isc.org/ds/WWW-9907/report.html, referred November 22,

1999.



Kaplan & Kovara Associates, "Open VMS Security Policies and Procedures," at March 31, 1993, teleconference, with accompanying workbook (Tucson, AZ).



--------- . "UNIX Security Policies and Procedures,'' at April 1, 1993, teleconference, with

accompanying workbook (Tucson, AZ).

Kaplan, Ray, "The Formulation, Implementation, and enforcement of a Security Policy," Tucson, AZ: Kaplan & Kovara Associates 1993.



Kent, Christopher and Jeffrey Mogul, "Fragmentation Considered Harmful," (revised paper) Western Research Laboratory, December 1987.

Kent, S, RFC 2402, "IP Authentication Header," November 1998.

Kent, S, RFC 2406, "IP Encapsulating Security Payload," November 1998.

Knightmare, Loompanics Unlimited, Secrets of a Superhacker, Port Townsend, WA, 1994.

Narten, T, RFC 2461, "Neighbor Discovery in IPv6," December 1998.

Nessett Dan, "IPSEC: Friend or Foe," in Network and Distributed Security Symposuim (NDSS) Proceedings, 1999.



Postel, J., "User Datagram Protocol, STD 6," RFC 768, USC/Information Sciences Institute, August

1980.



Postel, J, RFC 801, "NCP/TCP transition plan," November 1981.



Postel, J., ed., "Transmission Control Protocol—DARPA—Internet Program Protocol Specification," STD 7, RFC 793, USC/Information Sciences Institute, September 1981.



Reynolds, J, RFC 1700, "Assigned Numbers," referred October 1994



RFPuppy, "Remote OS Detection via TCP/IP Stack Fingerprinting," PhrackMagazine, vol. 8, no. 54, www.phrack.com.



Schweizer, Peter, Friendly Spies, New York: Atlantic Monthly Press, 1993.

No comments:

Post a Comment