HAKIN9 3/2012: DNS CACHE POISONING

Download
File
Hakin9_03_2012.pdf

Cache Poisoning

by Jesus Rivero
Computers that are able to communicate with each other, do so by means of a network protocol, generally TCP over IP, or just TCP/IP. The IP protocol establishes that every node in the network must have, at least, one IP address for other machines to know where to send data to, when trying to communicate with each other. IP addresses, version 4, are 32 bit numbers, formed by octets in a dot-like notation, e.g. 192.168.0.1. These addresses are not that hard to remember, one might say, but as the number of IP address to remember goes up, it becomes more and more difficult to keep track of that amount of bits. Just imagine if you had to remember, only using IP addresses, all of the sites you visit regularly, say google.com, facebook.com, slashdot.org, hakin9.org, meetup.com and your favorite news site about sports or geek stuff. Those are a lot of IP addresses you would have to remember!. The Domain Name System, or DNS, help the internet in so many levels that could be considered one of the internet’s most important pieces. The DNS primary mission is to provide a descentralized database of names-IP address mappings. Or a way to “resolve” names into IP addresses and viceversa. Initially, the DNS information was stored in a single file, called HOSTS.txt, centrally maintained by NIC and was distributed to every host via the FTP protocol. As the amount of hosts started sky-rocketing, a new solution to the problem posed by having a single file and a single entity to administer it was needed. So, the quest to design the DNS started.

Memory Timelines Using Volatility’s Timeliner

by Nick Baronian
Creating a timeline of events for a forensics case can be one of the most vital pieces of an investigation. There are many different artifacts a forensic investigator can analyze when attempting to create a timeline of events. Some of the most common Window’s artifacts include filesystem MFT entries, Registry writes and reads, logs, browser history, prefetch files, restore points, RecycleBin, Metadata and so on but one of the areas usually not included in a timeline is memory. Parsing through memory to include memory artifacts can be fairly time-consuming process, but thanks to Jamie Levy (Gleeda) we now have another exceptional Volatility plugin, Timeliner. Currently, the Timeliner plugin has the capability to produce a timeline body file that contains timestamp values for the following: Registry Keys last write time, UserAssist last run times, Process timestamps, Thread timestamps, Network timestamps, Event Log timestamps and PE creation timestamps. The ability to include these artifacts in your final timeline of events, can help give you a better picture of what transpired during the time your investigation centers around.

SQL INJECTION BYPASSING THE WAF

by Nikhil Srivastava
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions. Let us discuss some firewall types. Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. The firewall administrator may define the rules; or default rules may apply. The term “packet filter” originated in the context of BSD operating systems.

INFOSECURITY EUROPE 2012
2012 has only just begun and already it looks to be a challenging year for those securing their organisations. With the new EU data privacy laws being introduced with a common set of privacy standards to be applied to organisations across the entire European Union for the first time, and potential fines of 2% of revenue imposed by the EU for a data breach, will have a significant impact on organisations who fail to comply. As money is tight, and the economy still in recession, IT Departments are under increasing pressure to deliver more with less. However, it appears that for Cyber Criminals business is still booming – and the rate at which it is growing is alarming. The last few months have seen a disturbing rise in the number of hacks, and the increasing threat from those we trust. Posing the question – does crime increase in a recession? For those IT professionals charged with securing their organisations there is a battle ahead, and they need to act fast to tackle the threat.

Security in Vanet

By Hamidreza Mohebali

With the rapid development of micro-electronic and wireless communication technologies, vehicles are becoming computers on wheels by equipped with intelligent electronic devices called as wireless On Board Units (OBUs). The OBUs integrate computing processers, Global Positioning System (GPS), sensing and storage devices together, providing Ad-Hoc Network connectivity for vehicles. With the OBUs, vehicles can communicate with each other when moving on roads and with fixed roadside infrastructure as well when passing by them. These fixed roadside infrastructures are described as Roadside Units (RSUs), which are usually connected to backbone Internet though wired or wireless connection. Thus, the vehicle-to-vehicle (V2V) communications and vehicle-to-roadside infrastructure (V2I or V2R) communications basically form the Vehicular Ad Hoc networks (VANET) which are attracting considerable attention from both automotive industry and research community.

Rational Security

by Drake
This time of year is often a reflective one for many people; on the basis of these reflections, in many countries, to pick a few things, divorce rates, suicides, and job changes all hit peak volumes. In recent months I have been quite scathing about regulators, and the degree of effectiveness. So, it was in a reflective mood that I visited the website of the Information Commissioner’s Office (the ICO), which is the primary regulatory body for Data Protection in the UK. I cast my eye over the news section, which contains details of the latest fines handed out for breaches of data protection legislation in the UK; these are usually good for capturing a few cautionary tales. One story caught my eye in particular; a real estate agent had been fined £614(about US$900) for failing to register that he held personal details about clients. This is by no means the biggest fine handed out, nor even the biggest in the previous month or two. What struck me about this was that , firstly, there was no evidence that the agent’s clients had suffered any loss or injury, and secondly that the judge in the court case noted that had he gone through the proper legal registration process , it would have cost him only £35 ( about US$50).

Digital Forensics Platform

by Mervyn Heng

Digital Forensics is a niche domain within Information Security.It can be further divided into System and Network Forensics. System Forensics requires an indepth knowledge of Operating Systems (OS) and file systems whilst Network Forensics requires an extensive undertstanding of network protocols and discernment of application behaviour. System Forensics is mature and that is evident in the tools readily available to support that form of investigation. Network Forensics on the other hand is an area that is slowly catching up. DEFT Linuxcaters to Digital Forensics with an environment pre-installed with tools to support both layers of investigation.
Download DEFT 7 from the official website (https://www.deftlinux.net). You have the option of running DEFT 7 as a LiveCD or install it permanently on your hard drive. I opted to install it permanently on my hard drive as a Virtual Machine.

INTERVIEW
by Aby Rao
Interview with Yury Chemerkin
Now I’m involved more in researching a field of legal defence (EU & RU) in case of Cloud Security and BlackBerry rather than technical field of then. Several years ago, I think that there’s no new in this field (and in management field too) while technical part was a more real definition until BlackBerry and Cloud has appeared. Final example in this question section, it’s “fun” but I can’t buy in Russia any Cloud Solution for non-commercial purposes and use it. I haven’t an idea how explain it to Russian resellers. That’s why I prefer to buy it directly.


Download
File
Hakin9_03_2012.pdf

April 19, 2022
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.