TCP Wrapper: Network Monitoring, Access Control, and Booby Traps
نویسنده
چکیده
This paper presents a simple tool to monitor and control incoming network traffic. The tool has been successfully used for shielding off systems and for detection of cracker activity. It has no impact on legal computer users, and does not require any change to existing systems software or configuration files. The tool has been installed worldwide on numerous UNIX systems without any source code change. The story begins about two years ago. Our university was under heavy attack by a Dutch computer cracker who again and again managed to acquire root privilege. That alone would have been nothing more than an annoyance, but this individual was very skilled at typing the following command sequence: rm-rf / For those with no UNIX experience: this command, when executed at a sufficiently high privilege level (like root), is about as destructive as the MS-DOS format command. Usually, the damage could be repaired from backup tapes, but every now and then people still lost a large amount of work. Though we did have very strong indications about the cracker´s identity I cannot disclose his name. We did give him a nickname, though: "our pet" 1. The destructive behavior of the cracker made it very hard to find out what was going on: the rm-rf removed all traces very effectively. One late night I noticed that the cracker was watching us over the network. He did this by frequently making contact with our finger network service, which gives information about users. Services such as finger do not require a password, and almost never keep a record of their use. That explains why all his fingering activity had remained unnoticed. The natural reaction would be to shut down the finger network service. I decided, however, that it would be more productive to maintain the service and to find out where the finger requests were coming from. In order to explain the problem and its solution I will briefly summarize a typical UNIX implementation of the TCP/IP network services. Experts will forgive me when I make a few simplifications. 1. Like hond (dog), kat (cat), and muis (mouse).
منابع مشابه
Ethernet Wrapper: Extension of the TCP Wrapper
One of the popular network security programs supporting host access control is the ’TCP Wrapper’ [13]. TCP Wrapper is a software–only system and many computers connected to the Internet are using it. But, TCP Wrapper does ’IP address–based’ access control. IP address is not such a reliable source when authenticating a host. In this paper, we point out two possible attacks against the TCP Wrappe...
متن کاملInferring User-perceived Performance of Network by monitoring TCP Interruptions
The fluctuating performance of wireless and mobile networks has triggered the need for smart algorithms to assess the user perception, resulting from the quality of network services. While efforts have been done to model the user experience resulting from the network performance, there is still the need for practical methods to assess the user-perceived performance, in the real environment. In ...
متن کاملModeling and Performance Evaluation of LTE Networks with Different TCP Variants
Long Term Evolution (LTE) is a 4G wireless broadband technology developed by the Third Generation Partnership Project (3GPP) release 8, and it's represent the competitiveness of Universal Mobile Telecommunications System (UMTS) for the next 10 years and beyond. The concepts for LTE systems have been introduced in 3GPP release 8, with objective of high-data-rate, low-latency and packet-optimized...
متن کاملTCP Adaptation for Vertical Handoff Using Network Monitoring
Next Generation Network envisions convergence of different wireless networks to provide ubiquitous communication environment to the mobile user. The ubiquity is achieved by enabling a mobile user to switch to a network with better QoS (Quality of Service), by a mechanism called vertical handoff. We propose a vertical handoff management architecture which handles TCP adaptation and ensure effici...
متن کاملOPNET Model of TCP with adaptive delay and loss response for broadband GEO satellite networks
Transmission control protocol (TCP) provides reliable transport services for Internet applications. Broadband geostationary earth orbit (GEO) satellite networks play an important role in providing Internet access and network connectivity. They are characterized by long propagation delays and high bit error rates, which negatively affect TCP performance. We proposed a modification of TCP named T...
متن کامل