HSC - Presentations - Ethereal, a multi-purpose network analyzer - how to detect viruses and worms with network analysis

Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet

You are here: Home > Resources > Lectures > Ethereal, a multi-purpose network analyzer - how to detect viruses and worms with network analysis

Go to: HSC Trainings

Services

			Skills & Expertise
			Consulting
			ISO 27001 services
			Vulnerabilities monitoring
			Audit & Assessment
			Penetration tests
			Vunerability assessment (TSAR)
			Forensics
			ARJEL
			Training courses
			E-learning

Conferences

			Agenda
			Past events
			Tutorials

Resources

			Thematic index
			Tips
			Lectures
			Courses
			Articles
			Tools (download)
			Vulnerability watch

Company

			Hervé Schauer
			Team
			Job opportunities
			Credentials
			History
			Partnerships
			Associations

Press and
communication

			HSC Newsletter
			Press review
			Press releases
			Publications

Contacts

			How to reach us
			Specific inquiries
			Directions to our office
			Hotels near our office


		Ethereal, a multi-purpose network analyzer - how to detect viruses and worms with network analysis

Access to the content

Beginning of the presentation

PDF version [528 KB]

Description

Presentation of network analysis techniques that can be used to detect and capture viruses and worms. Brief presentation of the Ethereal network analyzer.

Context & Dates

Talk made during JSSI 2004, on 4 May 2004.

Author

Jean-Baptiste Marchand

Type

[

]

Abstract &
Table of content

Flyleaf
Plan
Ethereal : fonctionnalités (1/3)
Ethereal : fonctionnalités (2/3)
Ethereal : fonctionnalités (3/3)
Capture de trafic sur l'Internet
Capture de trafic : trace résultat
Analyse du trafic : typologie
Typologie : 20 ports TCP les plus visés
Services TCP visés (1/2)
Services TCP visés (2/2)
Typologie : ports UDP visés
Services UDP visés
Premier bilan
Techniques d'analyse (1/2)
Techniques d'analyse (2/2)
Trafic MSRPC (port 135/tcp)
Vulnérabilités MSRPC : 1776 octets
Vulnérabilités MSRPC : vers Blaster
Vers Blaster dans ethereal
Vulnérabilités MSRPC : 72 octets
Variantes de 72 octets, dans tethereal
Vulnérabilités MSRPC : 204 octets
Vulnérabilités MSRPC : conclusion
Backdoor Blaster
Variantes Blaster
Variantes de Blaster observées
Virus MyDoom
Exécutables via MyDoom (1/2)
Exécutables via MyDoom (2/2)
Trafic vers backdoor MyDoom : 3127/tcp
Trafic vers backdoor MyDoom : 3128/tcp
Trafic vers backdoor MyDoom : 1080/tcp
Trafic vers backdoor MyDoom : 10080/tcp
MyDoom : virus observés
Vers Agobot / Gaobot
Agobot dans ethereal
Trafic sur le port 80/tcp (1/2)
Trafic sur le port 80/tcp (2/2)
Backdoor Bagle
Vers Witty (1/3)
Vers Witty (2/3)
Vers Witty (3/3)
Witty : trafic réseau
Autre trafic observé
Slammer (1434/udp)
Vers Sasser (1/3)
Vers Sasser (2/3)
Vers Sasser (3/3)
Conclusion
Références : outils
Remerciements

Related documents

	Virus
	Workstation Security [29 March 2007 - ] Threats and vulnerability over networks and PCs [23 March 2005 - ] Vulnerabilities: from discovery to exploitation [4 November 2004 - ] Barrer la route aux virus de téléphones portables [18 November 2002 - ] NIMDA´s review [5 October 2001 - ]

Sniffing

Managing insecurity of spontaneous infrastructures [3 April 2006 -

]

Spontaneous infrastructures : witch security ? [19 October 2005 -

]

Ethereal: an open-source network analyzer and a must-have security tool [2 February 2005 -

]

Follow-up on discovering the libnids [6 September 2001 -

]

Introduction to the libnids [13 April 2001 -

]

smbsniff tool [SMB protocol sniffer -

]

Advanced BPF expressions [13 December 2000 -

]

Introduction to the libpcap [4 December 2000 -

]

Sniffers selection [10 October 2000 -

]

	Honeypots
	Intrusion detection and network forensic [6 May 2004 - ] Network Flows based forensics of a honeypot [9 March 2004 - ] CanSecWest 2002 Conference [4 May 2002 - ] Honeypots [12 March 2002 - ]

Copyright