• Keine Ergebnisse gefunden

Network Security and Measurement

N/A
N/A
Info
Herunterladen
Protected

Academic year: 2022

Aktie "Network Security and Measurement"

Copied!
1
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 1 Seite )

Volltext

(1)

Network Security and Measurement Assignment 04

HAW Hamburg WS 2020

Prof. Dr. Thomas Schmidt, Raphael Hiesgen, M.Sc. Deadline: December 9, 2020

1. Active Scanning

Let’s consider a thought experiment: You want to scan the complete IPv4 address space looking for open telnet (TCP/23) ports.

(a) Which addresses can you ignore? Justify your answer.

(b) ZMap implements an approach that does not require states for each request. Explain the approach and discuss advantages.

(c) Your measurement host is not constrained in hardware in terms of memory. Do you still need to implement the ZMap approach discussed in (2) to achieve the same coverage?

(d) How much memory would you need to maintain states for each potential reply?

Explain your answer.

2. iNET Prefix Scan

Scan programs are used by security researchers and attackers to discover services running on remote hosts. Arbitrarily scanning networks is sometimes not received well. Since we have our own prefix available (141.22.28.0/24), we can target that freely.

Tools: nmap, zmap, massscan, etc.

(a) Take a look at the scan programs. How do they differ? Which one would you choose to scan our local /24 network, and why?

(b) Perform the scan. Measure the time and collect the results.

(c) Write a small report. Did you notice anything?

3. Identify Scanners

We already looked at flow data in an earlier exercise. This time we analyze it with a purpose: find packets that look like scanning behavior.

Tools: tshark, dpkt, scapy, pandas, matplotlib, ...

Data: MAWI data is located inshared-data/mawi. Use the first 15-minute file for May 11. It is cut into minute-long slices inshared-data/mawi/05/in-minutes.

(a) What activity pattern would you expect from a scanner? Explain how you would identify them in flow data. Take vertical and horizontal scans into account.

(b) Write a script to perform your identification. Collect the port and host destinations for each source. How big is the share of scanners among sources and packets?

(c) Make a graph that places each source in a graph according to the number of targeted hosts (x-axis) and the number of targeted ports (y-axis). Highlight those sources you identified as scanners.

1

Referenzen

Jetzt herunterladen ( PDF - 1 Seite - 43.90 KB )

ÄHNLICHE DOKUMENTE

Network Security and Measurement

hypothesis) is orthogonal to the classification of passive versus active measurements (how data are collected), and passive versus. active measurements are orthogonal to control

Network Security and Measurement - Scanning the Internet -

We are able to scan every second host by scanning just 2% of the announced IPv4 address space. This results in a scan traffic reduction of 98 % compared to a IPv4

Network Security and Measurement

While DANE has the potential to improve security of all TLS interactions it sees more use with mail servers than for general web browsing.. In this exercise we will compare

The signed Roman domatic number of a graph

In this paper we initiate the study of signed Roman domatic number in graphs and we present some sharp bounds for d sR (G).. In addition, we determine the signed Roman domatic number

The (j,k)-domatic number of a graph

The signed star (1,1)-domatic number d (1,1) SS (G) is the usual signed star domatic number d SS (G) which was introduced by Atapour, Sheikholeslami, Ghameslou and Volkmann [1]

The Roman (k,k)-domatic number of a graph

In this paper we initiate the study of the Roman (k, k)-domatic number in graphs and we present sharp bounds for d k R (G).. In addition, we determine the Roman (k, k)-domatic number

On the number of minimal codewords in codes generated by the adjacency matrix of a graph

We study the number of minimal codewords in binary linear codes that arise by appending a unit matrix to the adjacency matrix of a graph..

Reggie/flotillin and the targeted delivery of cargo

This indicated a connection between reggies and cell- cell and cell- substrate adhesion which was, in turn, in agreement with observations showing that reggies