Jedna z najlepszych stron nauki programowania html, java,xml i inne pierdoły :)

[misiomisio]

^^^^^^
Yeah! It's me

[Eragon Argetlam]

Dziękujemy Ci bardzo
To może by wrzucić w ten jeden tmat oczywiście pod zmienioną nazwą- bo ta zawiele nie daje do myślenia... wszystkie kurs itd.... chyba ze cos jest- i przenieśc do FAQ- to proszę modów...

A coś odemnie
http://www.kurshtml.boo.pl
http://www.kursphp.boo.pl

[Sayane]

Ameryki nie odkryłeś ;-)

[misiomisio]

It is always a good habit to know your network. The ISP is the controller of your network to the internet, as well as remote access to work.
No matter what you do to avoid privacy threats, you are still at the mercy of your ISP.

Depending on which ISP you choose, you will ultimately be connecting to a larger ISP. I am using a dial-up connection to Verizon. I do it through my V3 cellphone, using a USB connection. The system works as a cellphone transmission, like a landline modem it keeps a line alive and sends and recieves on the network as needed. In the image on the top, instead of a wall jack and telephone line - its a cellphone tower.

Verizon is a medium ISP, it still plugs into a major ISP, like Qwest or UUNET by a NAP. Verizon would be considered my POP, Point of Presence.

An Internet point of presence is an access point to the Internet. It is a physical location that houses servers, routers, ATM switches and digital/analog call aggregators. It may be either part of the facilities of a telecommunications provider that the Internet service provider (ISP) rents or a location separate from the telecommunications provider. ISPs typically have multiple POPs, sometimes numbering in the thousands. POPs are also located at Internet exchange points and colocation centres

A colocation centre (collocation center) ("colo") is also called a NAT, Network Access Point. The Colo center is a sort of data center where multiple customers locate network, server and storage gear and interconnect to a variety of telecommunications and other network service provider(s) with a minimum of cost and complexity.

Increasingly, organizations are recognizing the benefits of colocating their mission-critical equipment within a data centre. Colocation is becoming popular because of the time and cost savings a company can realize as result of using shared data centre infrastructure. Significant benefits of scale (large power and mechanical systems) result in large colocation facilities, typically 4500 to 9500 square metres (roughly 50000 to 100000 square feet).

check this link out for various maps of datacenters and NAPs
http://www.dyntex.com/our_network/index.html#map
or this one for your country
http://www.datacentermap.com



Connections to these datacenters can be by Metropolitian Area Networks, as well as by the actual Internet Backbone, this is sort of like your freeways and highways the cars drive on.

Network Operations Centers are responsible for:
primary and backup locations
network monitoring
statistics and log gathering
direct but secure access

The size of datacenters is controlled by making the network layout Modular - with datacenters only serving information clients would want - location based. Example - searching for Restaurants in Texas, would likely only return results for restaurants in the texas area - because the DB used is influenced by the POP. This is the reason I like to use other search engines besides Google, the search engines are biased to location.
The search engine would first use its own database, before searching else where for your topic of search.

http://c0vertl.tripod.com/search.htm
The above link is a collection of various search engines, located all over the world, and not reliant on say, google's own bias for its customers.
------------------------------------------------------------------
http://en.wikipedia.org/wiki/Colocation_centre
http://www.dmoz.org/Business/Telecom...s/Colocation//
http://www.datacentermap.com/
http://ws.edu.isoc.org/data/2005/413...33b/d1-6up.pdf
----------------------------------------------------------------------
Enable terminal window for dial-up
Your Internet connection dials the ISP and logs you on. The logon sequence varies based on the requirements of the ISP that you are calling. Point-to-Point Protocol (PPP) connections are often entirely automatic. Serial Line Internet Protocol (SLIP) connections may require that you log on using the terminal window, which may or may not permit you to automate the logon process with Switch.inf file scripts. You can set the terminal window to appear during the logon process by selecting Show terminal window on the Security tab of the Dial-up Connection Properties dialog box.

*w toku

About SSDP

The Simple Service Discovery Protocol (SSDP) enables detection of Universal Plug and Play (UPnP) devices on your home network. This service listens for UPnP connections at TCP port 5000 and UDP port 1900.
UPnP device is the Internet Gateway Devices (IGD) like routers, firewalls or computers running Internet Connection Sharing (from my ISP).

SSDP: Method = M-SEARCH
SSDP: Uniform Resource Identifier = *
SSDP: HTTP Protocol Version = HTTP/1.1
SSDP: Host = 239.255.255.250:1900
SSDP: Search Target = urn:schemas-upnp-org:device:InternetGatewayDevice:1
SSDP: Mandatory Extension = "ssdp:discover"

Windows Messenger does not use the built-in Universal Plug and Play services. Windows Messenger formats and sends the SSDP discovery messages.

I typed services.msc, scrolled for SSDP, and looked at propertires to see if the ISP is hooked into this..
The Dependacies tab indicated it was manually initiated and HTTP needs the service. In the Logon Tab, I found a long password for the 'network', I fired up a **astrisk unhider to reveal the password..
It didn't work..The password and user length are the same, and are more digits than the cellphone number..
The Dependacies for SSDP indicated that Windows Media Player Service is hooked into it, I looked under services.msc for this, and it showed that is using it for HTTP and SSL connections. This has nothing to do with windows media player, but it is a service. Service applications typically provide features such as client/server applications.

What is 239.255.255.250?

The reason you can't ping or trace route to 239.255.255.250 is that it's not a host, per se. Internet routers will ignore that IP because it is not a valid IP for an Internet host.

However, if a router has UPnP enabled, and received UPnP packet on port 1900, it would respond. The IP address 239.255.255.250 is just a standard place to send UPnP traffic. All UPnP compliant devices are configured to listen on that IP and port and will respond.

EDIT:
http://www.nirsoft.net/utils/smsniff.html

http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf
http://docs.python.org/tutorial/index.html

http://esto.gsfc.nasa.gov/conference...vancicA4P2.pdf
http://trs-new.jpl.nasa.gov/dspace/b.../1/06-2684.pdf
http://www.jpl.nasa.gov/news/news.cfm?release=2008-216

DTN_Tutorials- z marca 2003 http://www.jpl.nasa.gov/news/news.cfm?release=2008-216

other:
http://www.hq.nasa.gov/office/hqlibr.../nasadoc.htm#D

[misiomisio]

Step 1:

Introduction

I have been working with 802.11 wireless technologies for a couple years now and although things are starting to improve, I still do not see many step by step or “How to” guides that give detailed instruction on performing 802.11 wireless attacks (Aircrack-ng.org aside).The focus of this paper is to provide a step by step walkthrough of popular wireless attacks ... There are some areas where I just point you in the right direction, usually towards the right tool, but ideally, these areas will be further described and covered in the next release of the paper. By understanding the mindset and methodologies an attacker uses, we can better defend against those attacks. Although I’ll provide a brief background into 802.11, this paper should not serve as a comprehensive guide to the 802.11 standard, but instead should provide you with adequate information to understand 802.11 attacks. I’ll continue to update this paper as I further experiment with new attacks, so please stay tuned for updates.

Background

IEEE 802.11 refers to the set of standards set forth by the Institute of Electrical and Electronics Engineers (IEEE). More specifically, working group 11 of the 802 category for LAN/MAN technologies has been reserved for defining the standards of wireless local area networks (WLAN) operating in the 2.4GHz and 5GHz ISM bands. To ease the overwhelming increase of technical jargon, the term “Wi-Fi” has been adopted to refer to the IEEE 802.11 standard by the general public. It should be noted that the Wi-Fi alliance had first coined the term to define a slightly different set of standards, however it is still commonplace to use the terms [IEEE] 802.11 and Wi-Fi interchangeably.
Since its initial release in 1997, 802.11 has undergone a variety of changes to not only improve speed and quality, but also to increase security. Each amendment to the original IEEE 802.11 standard further exemplifies this. Amendments A, B, G, N, and I are most recognizable as they’ve made notable changes to the original standard. IEEE 802.11 a/b/g/n generally define the implementation’s frequency spectrum and modulation. For instance, 802.11a operates in the 5GHz spectrum, using OFDM to obtain 54Mbit/s data rate, whereas 802.11b operates in the 2.4GHz spectrum using DSSS to obtain 11Mbit/s data rate. 802.11g expands on 802.11b to leverage OFDM within the 2.4GHz spectrum to match the 54Mbit/s data rate of 802.11a. In addition to other enhancements, 802.11n further increases bandwidth to 74 Mbits/s by using multiple-input multiple-output (MIMO) technology.
IEEE 802.11i (WPA/WPA2) is notable as it defines increased security and encryption standards meant to address the inadequacies of WEP which was the initial security mechanism used in the 802.11 standard.

Security and 802.11

Due to the borderless nature of 802.11, security is an obvious concern. Wired Equivalent Privacy (WEP) became the first attempt at security. However, a number of serious weaknesses within the RC4 cryptographic implementation employed by WEP were quickly identified, and in 2001, these issues resulted in the immediate requirement for increased wireless security. IEEE 802.11i was finally ratified in 2004 and is the primary means of wireless security. Unfortunately, due to the early adoption of wireless technologies, WEP is still in use by many companies and consumers alike. During the time before and in the early stages of 802.11i, wireless technology vendors attempted to address the issues with WEP by releasing additional mechanisms to mitigate the risk of WEP implementations. However, in the past year, the time it takes to crack WEP has been drastically reduced; meaning that no implementation of WEP should be considered secure.

WPA/WPA2

IEEE 802.11i introduces two areas of authentication to the 802.11 suite: WPA Enterprise and WPA Pre-shared key.
WPA Enterprise leverages IEEE 802.1x (not part of the IEEE 802.11 suite) which relies on the extensible authentication protocol (EAP) to relay authentication messages from a wireless client (supplicant) through the access point (authenticator) to a RADIUS server (authentication server). EAP in itself is an extremely simple messaging protocol. However, when it is combined with more sophisticated and proven authentication mechanisms, such as TLS, it becomes a reliable means of authentication.
WPA Pre-shared key (WPA-PSK) relies on a similar concept to WEP with the idea that a previously negotiated string is required in order to join the network. This string can be anywhere between 8 and 63 characters.

Encryption

WPA was originally released using an encryption mechanism based on RC4 called temporal key integrity protocol (TKIP) which was meant to be a temporary solution until the official 802.11i standard was released. Although TKIP was built with several improvements to the RC4 implementation that is employed in WEP, and there are currently no known attacks against TKIP specifically, it is considered inherently insecure because of its roots in RC4. To offer greater security, CCMP, an AES based encryption protocol was released in the final IEEE 802.11i standard (referred to as WPA2). CCMP is currently the only cryptographically sound protocol for 802.11 networks which is recognized by the National Institute of Standards and Technologies (NIST) and holds a FIPS140-2 certification.
The lack of a physical boundary as previously relied on with standard Ethernet networks is the major appeal of wireless networks to attackers. In the past, a certain level of implied security existed due to the assumption that an intruder would require some means of physical, hard-wired connectivity in order to access the internal network. With wireless networks, this is obviously not the case. Using easily obtainable but specialized equipment, an intruder can launch an attack on a wireless network from upwards of a mile away, given the right conditions.
Most often, attacks on wireless networks require the misuse of basic session management mechanisms built into the 802.11 standard. According to the 802.11 standard, clients must perform certain actions based on what the access point instructs them to do. Instructions from the access point are communicated to clients via management frames. Unfortunately, management frames are sent unencrypted through the air and there is no mechanism to ensure the identity of the access point other than its Media Access Control (MAC) address. This means that an attacker can simply inject into the air a malformed frame using the MAC address of the access point and instruct the client to disconnect from the wireless network.

Equipment:

Choosing the right equipment is a crucial step. In the case of poor reconnaissance (or scoping ), you may find yourself in an unexpected situation. By planning ahead, you will end up saving yourself a great deal of time and heartache. Misio

Hardware

Maintaining diverse and flexible hardware should be the primary focus when choosing the items within a wireless toolkit. Over time, adapters may fail and yield less than accurate results or you may need to perform a certain unexpected task which may require specialized hardware. Whatever the case may be, I cannot stress enough the importance of staying diverse in the hardware that you choose.

Client Adapters - Over the past years, a number of different wireless client adapter chipsets have been deemed, “the hacker’s choice”. From the coveted Prism2, to the now popular Atheros chipset, the tides have changed a number of different ways. The most popular chipset in today’s 802.11 scene is the Atheros chipset which has shown excellent Linux driver and injection support, mainly due to diligent work by the madwifi development team.

In addition to chipset, another concern is band. Although the majority of 802.11 wireless networks only operate at 2.4GHz, there are still a large number of deployments operating at 5GHz. When choosing your client adapter, be mindful of which bands it supports as this may be a deciding factor in the success of an attack.

Software

Operating system support, drivers, and attack tools were all once a major concern when developing a toolkit. This concern has since faded due to the availability of Live Distributions. Remote Exploit’s BackTrack is a live Linux distribution created specifically with security researchers in mind. It contains just about every tool, driver, and kernel patch that you could think of. BackTrack can be run from a CD or USB stick on virtually any system.

The common method of booting BackTrack is via USB stick. The distribution itself can be obtained from www.remote-exploit.org while the procedures for configuring BackTrack (in Windows) to boot from a USB stick are as follows:




With your BackTrack USB stick inserted, start your computer. BackTrack should automatically load all of the necessary drivers for your system and provide you with a full Linux distribution with all of the tools you need preloaded.

cdn....

[Mad_Dud]

misiomisio

• Nie podajesz źródeł i autora tych informacji,
• Temat tych postów nie jest adekwatny do tematu wątku,
• Nie edytujesz poprzedniego postu, tylko zakładasz nowy.
• Nic nie trzyma się kupy.

Temat zamykam