Index - Building.Open.Source.Network.Security.Tools.Components.And.Techniques [Electronic resources] نسخه متنی

Index

F

file descriptor (FD), 21, 75, 94-95

file pointers, libpcap library and, 20

file transfer protocol (FTP), 222

filters

Firewalk security tool and, 343-344

libnids library and, 90

libpcap library and, 11, 18-19

port scanning and, 218

FIN port scan, 224-225, 239

fingerprinting (see also libsf library), 113-127

Firewalk active reconnaissance security tool, 327-412

address resolution protocol (ARP) and, 347-348

analysis and design in, 329

Berkeley Packet Filter (BPF) and, 343

classification of, 331

code listing for, 373-412

code walkthrough for, 336-372

component layer in, 331

context of, 340, 350

control layer in, 331

design and genesis of, 328-331

device initialization in, 341-342

error handling in, 352

Ethernet and, 348

filtering in, 343-344

firewalk function in, 356

flow charts for, 338

header templates for, 364-366

init.c for, 383-387

initialization, 337-349, 351, 357, 360, 365, 371

Internet control message protocol (ICMP) and, 335, 366, 344

invoking, walk-through of, 331-336

IP addresses and, 347

IP expiry and, 331, 367

IPv4 and, 346, 366-367

libdnet library functions and, 331, 346-347

libdnet library functions in, 331, 364-366

libpcap library functions in, 331, 343, 361-362

link layer headers and, 343-344

looping through ports in, 353-355

MAC addresses and, 346-347

main.c for, 387-391

modular model for, 329-331

packet capture and verification in, 359-372

packet sniffing and, 331, 343

packet template build in, 345

packet verification in, 370

parameter collection used in, 352-353

port scanning process in, 328-329, 331-336, 342-343, 352-353, 356-372

328-329

probes in, ramping phase, 353

protocol ACL scanning in, 328-329

ramping phase in, 348-356, 364, 368

reliability of, 328-329

requirements of, 328

return of control to main module in, 359

routing tables and, 347-348

RST packets in, 369

sanity check for, 366

scanning phase in, 356-372

select in, 361, 364

simplicity of, 328-329

source addresses for, 342

success/failure codes used in, 336

SYN packet scan in, 369

target gateway access in, 333-336, 342, 355

TCP invocation of, 335-336

technique layer in, 329-331

termination of, 355, 359

termination/shutdown in, 372

time to live (TTL) and, 354, 368

timeouts and, 361

transmission control protocol (TCP) and 368-370

tuple information in, 369

UDP invocation of, 332-336

unreachable ICMP code for, 363-364, 367

update of scan probes in, 358

util.c for, 411-412

verbose reporting from, 328, 329

wire injection methods in, 331

firewalk function, 356

firewalking, 232-239, 327-412

firewalls, 5, 130, 132-133, 140-141, 293, 299-302

format strings, 257, 267-272

4 tuple information, 91-92

fragmented IP port scans, 225

framework functions, 41-42, 119-120

FreeBSD, 39, 140

FTP bounce port scan, 222

full-open (TCP connect) port scan, 219-221

Fyodor, 114