Network Forensics

5,100 views

Published on

Presentazione per il corso di Reti di Calcolatori all'Università Ca' Foscari di Venezia, anno accademico 2012-2013.

Il link nell'ultima slide è stato disattivato, quello corretto per la relazione in PDF è:
https://www.dropbox.com/s/w78uwpsm7xm1yr1/RelazioneNetworkForensics.pdf

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
5,100
On SlideShare
0
From Embeds
0
Number of Embeds
3,560
Actions
Shares
0
Downloads
53
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Network Forensics

  1. 1. Network Forensics Andrea Lazzarotto — 833897 http://lazza.me/NetworkForensics
  2. 2. Contenuti In cosa consiste?Hardware & software Case study
  3. 3. In cosa consiste?
  4. 4. Inizia tutto notitia criminis Network Forensics ≠ Network Security
  5. 5. Procedura standard
  6. 6. Possibili problemiTecnici Legali
  7. 7. Hardware & software
  8. 8. HardwareQuesto non è un router
  9. 9. Configurazione di una sondaifconfig eth0 -arp upifconfig eth1 -arp up Attivazione interfaccebrctrl addbr br0brctrl addif br0 eth0 Creazione bridgebrctrl addif br0 eth1brctrl stp br0 offifconfig br0 -arp up Attivazione bridge
  10. 10. SoftwareTCPDumpWireshark Xplico
  11. 11. Case study
  12. 12. Banca americanaIP permit ANY ANY
  13. 13. Stessa root directory12:13:53 xxx.xxx.xxx.xxx [996]sent /DirWalkR.asp 55012:13:55 xxx.xxx.xxx.xxx [996]created DirWalkR.asp 22612:14:40 xxx.xxx.xxx.xxx [996]sent /ncx99.exe 55012:14:45 xxx.xxx.xxx.xxx [996]created ncx99.exe 22612:14:45 xxx.xxx.xxx.xxx [996]sent /vala.asp 55012:14:47 xxx.xxx.xxx.xxx [996]created vala.asp 226
  14. 14. Esecuzione della shell12:13:37 xxx.xxx.xxx.xxx GET /space.asp 20012:13:59 xxx.xxx.xxx.xxx GET /dirwalkR.asp 20012:14:08 xxx.xxx.xxx.xxx GET /dirwalkR.asp 20012:14:20 xxx.xxx.xxx.xxx GET /dirwalkR.asp 20012:14:23 xxx.xxx.xxx.xxx GET /dirwalkR.asp 20012:14:27 xxx.xxx.xxx.xxx GET /dirwalkR.asp 20012:15:02 xxx.xxx.xxx.xxx GET /vala.asp 200
  15. 15. ?http://lazza.me/NetworkForensics

×