[ Pobierz całość w formacie PDF ]
.For example, by startingSYN scan because it uses TCP SYN packets.a Telnet client session and trying to open port 80 on aÏ% Strobe scan: The attacker tries to connect to a speýÿ target machine, an attacker can manually issue HTTPcific set of ports commonly open on Microsoft GET commands in the proper format and determineWindows or UNIX/Linux hosts (another form of whether the target responds like a Web server would.SYN scan but faster than a vanilla scan).More sophisticated tools such as Nmap and Nessus canbe used to automate port scans against a range of IPÏ% UDP scan: The attacker sends empty User Data-addresses and can enumerate additional informationgram Protocol (UDP) packets to different ports for athat may help hackers perform exploits to compromiserange of addresses and looks at the response.Sometarget systems.Other popular port-scanning toolsoperating system platforms respond with Internetinclude Netcat, Strobe, Pscan, and SATAN.Control Message Protocol (ICMP) error packetswhen empty UDP packets are received by listening See Also: enumeration, hacking, Netcat, Nmap, portports, while closed UDP ports typically respond numbers, SATANwith  port unreachable packets.ICMP packets canalso be used for similar purposes.PPTPÏ% FTP bounce: The attacker performs the scanStands for Point-to-Point Tunneling Protocol, a tunnelýÿthrough an intermediary File Transfer Protocoling protocol used for virtual private networking.(FTP) server to disguise the location of theSee: Point-to-Point Tunneling Protocol (PPTP)P attacker s machine.Ï% Sweep: The attacker scans a large range of InternetPre-IKE Credential (PIC)Protocol (IP) addresses looking for systems thatA proposed replacement for the Internet Key Exchangehave one specific port open (such as port 23 for Tel-(IKE) protocol.net servers).OverviewÏ% FIN scan: The attacker sends a TCP FIN packet toPre-IKE Credential (PIC) is one of several proposedall (or some) ports for a range of addresses.Thereplacements for IKE, the key management protocolFIN packet indicates the sender wants to close aused by Internet Protocol Security (IPSec).PIC isTCP session.If the port is closed already, the targetintended to overcome some of the deficiencies of IKE,usually replies with a TCP RST packet, but if theincluding its complexity of operation and its lack ofport is open (connected to some other host), the FINsupport for legacy authentication methods widely usedpacket is dropped.This is a stealthy form of scanýÿin the marketplace.PIC works by  bootstrapping IKEning since it does not actually involve establishingauthentication in which a user is first authenticatedconnections with target hosts and such attemptsusing a legacy method and then the authenticationoften are not logged by the target system.252Pretty Good Privacy (PGP) principalserver generates IKE-acceptable credentials.PIC is tal certificates nor CAs for managing them.Instead,based on ISAKMP combined with Extensible Authentiýÿ each user simply decides which other users to trust andcation Protocol (EAP) and requires no modifications to then obtains the public keys for those users by anyIKE itself.means possible; for example, by mailing the key inforýÿmation or swapping keys on floppy disks at a conferýÿSee Also: Internet Key Exchange (IKE), Internet Proto ence.Such an anarchic scheme is called a web of trust,col Security (IPSec), Just Fast Keying (JFK)and although it gives users complete control over whothey want to engage in cryptographic communicationsPretty Good Privacy (PGP)with, the model scales poorly compared with traditionalA popular e-mail encryption technology.PKI systems (commercial PGP does address this issue,however).Key revocation is also performed in a similarOverviewinformal fashion.Pretty Good Privacy (PGP) is a scheme developed byPhil Zimmermann for ensuring the confidentiality andTo use PGP you first download and install the softwareintegrity of e-mail messaging and secure file storage.on your computer and then use it to generate a private key,PGP was developed at a time when export of encryptionwhich is protected using a password and then hashed fortechnologies was strongly controlled by the U.S.govýÿsecure storage.Keys for other users you communicateernment, and PGP was released as  guerrilla freewarewith are stored in key rings, which can be either localto place encryption technology in the hands of ordinarystructures or shared databases on the Internet.users.Several legal challenges to PGP resulted but wereFor More Information1
later dismissed.Since then PGP has evolved into sevýÿVisit web.mit.edu/network/pgp.html and www.pgp.comýÿeral forms (some of which are incompatible) that havefor more information.ýÿspread around the world, including these:See Also: encryption, OpenPGP, Secure/Multipurpose ýÿÏ% PGP Classic (PGP versions 2.6.2 and 6.5.8): UsesInternet Mail Extensions (S/MIME)ýÿRivest-Shamir-Adleman (RSA) and InternationalData Encryption Algorithm (IDEA) encryption andis freely available from a Web site of the Massachuýÿ principalsetts Institute of Technology (MIT) for noncomýÿ The identity of an individual in the Kerberos protocol.mercial use by U.S.and Canadian citizens onlyOverview PÏ% PGP 8 [ Pobierz caÅ‚ość w formacie PDF ]