Transcript Unbuntu Installation

Unbuntu
Network Team
Mentor: Mr Christopher Edwards
Members:
Unquiea Wade
Gregory Brown
Bryce Carmichael
Anthony Anderson
Abstract
Using Passive Network Discovery to Fingerprint Vulnerabilities within Ethernet Broadcast
Frames.
This paper examines how open source embedded network tools were used to perform
persistent internal audits of Ethernet Local Area Network broadcast traffic. The initial
requirements to define the project phases were developed based on the analysis of each open
source learning stage. Open Source UNIX version, Unbuntu, was selected as the platform to
prototype because of its ease of use and usable business productivity, internet, drawing and
graphics applications. To understand why hosts within the ONR LAB were experiencing a
decrease in system performance and transmission speed. A Passive Network Discovery of
Ethernet Broadcast Frames was captured and analyzed to determine if Local Area Network
traffic between the local and foreign hosts is malicious or valid. The identification of remote
active nodes and their system information was collected to build a resource map of all remote
hosts requesting services from hosts within the ONR Lab and listing of local hosts listening
ports and services running on those ports. The passive analysis approach was selected by the
ONR UNIX Network Administration Team, because the collection of active LAN traffic would be
not impact ECSU’s LAN/WAN assets. Moreover, this paper goal is to show that persistent
packet monitoring of Ethernet traffic can identify weaknesses that reduce LAN performance
and possibly harm valuable assets used to support major and/or general support systems.
Self-Boot
•
•
Insert the Unbuntu disc
in a CD/DVD Drive.
Restart the PC and the
installation screen will
appear momentarily
Loading Data Modules
•
Upon completion of
selecting the language,
location, and keyboard
format the installation
will begin.
Register Hostname
•
Select a hostname for
users to identify the
computer on the network
Display Resolution
•
Select the correct
resolution for displaying
the Unbuntu desktop.
Unbuntu Desktop
•
•
•
Unbuntu checks the ide
controller for hard drives
installed.
The drives are displayed
for partitioning
(partitioning allows the
user to allocate space
according to drive size)
The Drive will be
formatted immediately
after.
Unbuntu Desktop
•
•
The setup will prompt
the user to enter the full
name, shortly after the
username will have to
be entered.
The username will be
used to login in to the
system.
Unbuntu Desktop
•
To complete the
instalation the user will
have to enter and then
re-enter a password for
confirmation.
Windows
VS.
Linux
•
•
Linux come from different
companies (i.e. Linspire,
Red Hat, SuSE, Ubuntu,
Mandriva, Knoppix,
Slackware, Lycoris).
Windows has two main
lines: "Win9x", which
consists of Windows 95, 98,
98SE and Me, and "NT
class" which consists of
Windows NT, 2000 and XP.
Windows actually started, in
the old days, with version
3.x which pre-dated
Windows 95 by a few years
•
•
•
Text mode interface is also
known as a command
interpreter. Windows users
sometimes call it a DOS
prompt.
Linux users refer to it as a
shell. Each version of
Windows has a single
command interpreter, but
the different “flavors” of
Windows have different
interpreters.
•
•
•
•
For desktop or home use,
Linux is very cheap or free.
Windows is expensive. For
server use, Linux is very
cheap compared to
Windows. Microsoft allows
a single copy of
Windows to be used on
only one computer. Starting
with Windows XP, they use
software to enforce this rule
(Windows Product
Activation at first, later
Genuine Windows).
In contrast, once you have
purchased Linux, you can
run it on any number of
computers for no additional
charge.
•
One of the main
advantages of Linux is that
it can of a disc.
•
Windows, must be installed,
and can take up to forty-five
minutes to a hour.
•
•
•
•
Linux has a reputation for fewer
bugs than Windows, but it
certainly has its fair share.
This is a difficult thing to judge
and finding an impartial source
on this subject is also difficult.
Fred Langa wrote an interesting
article on whether Linux or
Windows has fewer bugs in
Information Week magazine
January 27, 2003.
The article also addressed
whether known bugs are fixed
faster with Linux or Windows. In
brief, he felt that bugs used to
be fixed faster in Linux, but
things have slowed down.
•
•
•
•
•
Linux is a multi-user system,
Windows is not. That is,
Windows is designed to be
used by one person at a time.
Databases running under
Windows allow concurrent
access by multiple users, but
the Operating System itself is
designed to deal with a single
human being at a time.
Linux, like all Unix variants, is
designed to handle multiple
concurrent users.
Windows, of course, can run
many programs concurrently, as
can Linux.
There is a multi-user version of
Windows called Terminal Server
but this is not the Windows preinstalled on personal
computers.
Network Tools
•A computer, peripheral or other related
communications equipment attached to a
network.
•Ethernet_very common method of
networking computers in a LAN. There is
more than one type of Ethernet. By 2001 the
standard type was "100-BaseT" which can
handle up to about 100,000,000 bits-persecond and can be used with almost any kind
of computer.
•Wifi_f(short for "wireless fidelity") is the
popular term for a high-frequency wireless
local area network (WLAN).
•USB Ethernet_Universal Serial Bus. An
external peripheral interface standard for
communication between a computer and
external peripherals over a cable using biserial transmission.
=
• Packet Internet
Groper, a utility to
determine whether a
specific IP address is
accessible.
• It works by sending a
packet to the
specified address and
waiting for a reply.
PING is used
primarily to
troubleshoot Internet
connections.
216.239.37.99
Netstat_is a
command line
tool that
displays a list
of the active
connections a
computer
currently has,
both incoming
and outgoing.
•
•
•
•
Traceroute is a TCP/IP
utility which allows the
user to determine the
route packets take to
reach a particular host.
Traceroute works by
increasing the "time to
live" value of each
successive packet sent.
The first packet has a
time to live (TTL) value
of one, the second two,
and so on.
When a packet passes
through a host, the host
decrements the TTL
value by one and
forwards the packet to
the next host.
Neotrace - A very
convenient traceroute
utility.
•Displays the traceroute
nodes as symbols with
country flags.
•Associates the Whois
for each network node in
the trace. You may also
want to download Visual
Route, which can
overlay your traced route
over a geographic map.
PORT NUMBERS
The port numbers are divided into three
ranges: the Well Known Ports, the
Registered Ports, and the Dynamic
and/or Private Ports.
WELL KNOWN PORT NUMBERS
•The Well Known Ports are assigned by
the IANA and on most systems can
only be used by system (or root)
processes or by programs executed by
privileged users.
•Ports are used in the TCP to name the
ends of logical
connections which carry long term
conversations. For the purpose of
providing services to unknown callers, a
service contact port is
defined.
•This list specifies the port used by the
server process as
its contact port. The contact port is
sometimes called the
"well-known port".
•
•
•
This site does a reverse
DNS lookup of an IP
address by searching
domain name registry and
registrar tables.
You may be able to identify
the domain name of a
spammer sending you
spam email or the domain
name of a computer trying
to break into your firewall.
You may also be able to
use this information to
determine the name of the
internet service provider
assigned to a particular IP
address.
•
•
•
Finger is an Internet
software tool for locating
people on other Internet
sites.
A finger is also
sometimes used to give
access to non-personal
information, but the most
common use is to see if
a person has an account
at a particular Internet
site.
Not all sites allow
incoming finger
requests.
•WHOIS databases contain
nameserver, registrar, and in
some cases, full contact
information about a domain
name.
•Each registrar must maintain
a WHOIS database containing
all contact information for the
domains they 'host'.
•A central registry WHOIS
database is maintained by the
InterNIC.
•This database contains only
registrar and nameserver
information for all .com, .net
and .org domains.
Subnet Masking
Applying a subnet mask to an IP address allows you to identify the network
and node parts of the address. The network bits are represented by the 1s in
the mask, and the node bits are represented by the 0s. Performing a bitwise
logical AND operation between the IP address and the subnet mask results in
the Network Address or Number.
For example, using our test IP address and the default Class B subnet mask,
we get:
10001100.10110011.11110000.11001000
140.179.240.200 Class B IP
Address 11111111.11111111.00000000.00000000
255.255.000.000
Default Class B Subnet Mask -------------------------------------------------------10001100.10110011.00000000.00000000
140.179.000.000 Network
Address
Default subnet masks:
Class A - 255.0.0.0 - 11111111.00000000.00000000.00000000
Class B - 255.255.0.0 - 11111111.11111111.00000000.00000000
Class C - 255.255.255.0 - 11111111.11111111.11111111.00000000
IP Addressing
•An IP (Internet Protocol) address is a unique identifier for a node or host
connection on an IP network. An IP address is a 32 bit binary number usually
represented as 4 decimal values, each representing 8 bits, in the range 0 to
255 (known as octets) separated by decimal points. This is known as "dotted
decimal" notation.
Example: 140.179.220.200
It is sometimes useful to view the values in their binary form.
140 .179 .220 .200 10001100.10110011.11011100.11001000
•Every IP address consists of two parts, one identifying the network and one
identifying the node. The Class of the address and the subnet mask
determine which part belongs to the network address and which part belongs
to the node address
Address Classes
There are 5 different address classes. You can determine which class any IP
address is in by examining the first 4 bits of the IP address.
Class A addresses begin with 0xxx, or 1 to 126 decimal.
Class B addresses begin with 10xx, or 128 to 191 decimal.
Class C addresses begin with 110x, or 192 to 223 decimal.
Class D addresses begin with 1110, or 224 to 239 decimal.
Class E addresses begin with 1111, or 240 to 254 decimal.
Private Subnets
There are three IP network addresses reserved for
private networks. The addresses are 10.0.0.0/8,
172.16.0.0/12, and 192.168.0.0/16.
• They can be used by anyone setting up internal IP
networks, such as a lab or home LAN behind a NAT
or proxy server or a router.
•It is always safe to use these because routers on
the Internet will never forward packets coming from
these addresses.
•TCP (Transmission
Control Protocol) A set of
rules that enables a
broad spectrum of
different kinds of
computers to establish a
connection and exchange
streams of data.
•TCP guarantees delivery
of data and also
guarantees that packets
will be delivered in the
same order in which they
were sent, so it is
considered "reliable."
Most long-haul traffic on
the Internet uses TCP.
TCP Handshake
•TCP handshake A three-step process
computers go through when negotiating
a connection with one another.
•Simplistically described, in a normal
TCP handshake:
1. Computer A sends a SYN packet (for
"synchronize");
2. Computer B acknowledges the
connection attempt and sends back its
own SYN packet (thus, a SYN/ACK
packet), and
3. Computer A acknowledges Computer
B's response. Once both computers are
synchronized and acknowledged, they
can begin passing data back and forth.
TCP Handshake
TCP Handshake
• In the initial
packet, the
sender, Host #1,
inserts a selfassigned initial
sequence number
in the TCP
header Sequence
Number field
(21371727)
TCP Handshake
• Host #2
defined its
starting
sequence
number
as 135471
TCP Handshake
• Host 1’s sequence
number is now 2371728
• The Acknowledgement
Number field value is
now set to 135472
Internet Control Message Protocol
•The Internet Control Message Protocol (ICMP)
protocol is classic example of a client server
application. The ICMP server executes on all IP
end system computers and all IP intermediate
systems (i.e routers).
•The protocol is used to report problems with
delivery of IP datagrams within an IP network. It
can be used to show when a particular End
System (ES) is not responding, when an IP
network is not reachable, when a node is
overloaded, when an error occurs in the IP header
information, etc.
• The protocol is also frequently used by Internet
managers to verify correct operations of End
Systems (ES) and to check that routers are
correctly routing packets to the specified
destination address.
References
DistroWatch: Put the fun back into computing. Use Linux, BSD.News and
feature lists of Linux and BSD distributions.
http://distrowatch.com/
Unbuntu: Unbuntu is a complete Linux-based operating system, freely available
with both community and professional support. It is developed by a large
community and we invite you to participate too!
http://www.ubuntu.com/
Linux: Linux is a free Unix-type operating system originally created by Linus
Torvalds with the assistance of developers around the world. Developed under
the GNU General Public License , the source code for Linux is freely available
to everyone. Click on the link below to find out more about the operating system
that is causing a revolution in the world of computers.
http://www.linux.com
Nettools: The most useful tools available online, discussion forums, security
news, ...
Sends out an echo request to a specific computer on the network.
http://www.all-nettools.com/toolbox,net