HSC
Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Resources > Lectures > Ethereal, a multi-purpose network analyzer - how to detect viruses and worms with network analysis
Go to: HSC Trainings
Search:  
Version française
   Services   
o Skills & Expertise
o Consulting
o ISO 27001 services
o Vulnerabilities monitoring
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o ARJEL
o Training courses
o E-learning
   Conferences   
o Agenda
o Past events
o Tutorials
   Resources   
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
   Company   
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
 communication
 
 
o HSC Newsletter
o Press review
o Press releases
o Publications
   Contacts   
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Ethereal, a multi-purpose network analyzer - how to detect viruses and worms with network analysis  
> Access to the content HTML Beginning of the presentation
PDF PDF version [528 KB]  
> Description Presentation of network analysis techniques that can be used to detect and capture viruses and worms. Brief presentation of the Ethereal network analyzer.  
> Context & Dates Talk made during JSSI 2004, on 4 May 2004.
 
> Author Jean-Baptiste Marchand 
> Type [ French - HTML ]  
> Abstract &
Table of content
Flyleaf
Plan
Ethereal : fonctionnalités (1/3)
Ethereal : fonctionnalités (2/3)
Ethereal : fonctionnalités (3/3)
Capture de trafic sur l'Internet
Capture de trafic : trace résultat
Analyse du trafic : typologie
Typologie : 20 ports TCP les plus visés
Services TCP visés (1/2)
Services TCP visés (2/2)
Typologie : ports UDP visés
Services UDP visés
Premier bilan
Techniques d'analyse (1/2)
Techniques d'analyse (2/2)
Trafic MSRPC (port 135/tcp)
Vulnérabilités MSRPC : 1776 octets
Vulnérabilités MSRPC : vers Blaster
Vers Blaster dans ethereal
Vulnérabilités MSRPC : 72 octets
Variantes de 72 octets, dans tethereal
Vulnérabilités MSRPC : 204 octets
Vulnérabilités MSRPC : conclusion
Backdoor Blaster
Variantes Blaster
Variantes de Blaster observées
Virus MyDoom
Exécutables via MyDoom (1/2)
Exécutables via MyDoom (2/2)
Trafic vers backdoor MyDoom : 3127/tcp
Trafic vers backdoor MyDoom : 3128/tcp
Trafic vers backdoor MyDoom : 1080/tcp
Trafic vers backdoor MyDoom : 10080/tcp
MyDoom : virus observés
Vers Agobot / Gaobot
Agobot dans ethereal
Trafic sur le port 80/tcp (1/2)
Trafic sur le port 80/tcp (2/2)
Backdoor Bagle
Vers Witty (1/3)
Vers Witty (2/3)
Vers Witty (3/3)
Witty : trafic réseau
Autre trafic observé
Slammer (1434/udp)
Vers Sasser (1/3)
Vers Sasser (2/3)
Vers Sasser (3/3)
Conclusion
Références : outils
Remerciements  
> Related documents
themeVirus
[Presentation]  Workstation Security [29 March 2007 - French]
[Presentation]  Threats and vulnerability over networks and PCs [23 March 2005 - French]
[Presentation]  Vulnerabilities: from discovery to exploitation [4 November 2004 - French]
[Article]  Barrer la route aux virus de téléphones portables [18 November 2002 - French]
[Techno-watch]  NIMDA´s review [5 October 2001 - French]
themeSniffing
[Presentation]  Managing insecurity of spontaneous infrastructures [3 April 2006 - French]
[Presentation]  Spontaneous infrastructures : witch security ? [19 October 2005 - French]
[Presentation]  Ethereal: an open-source network analyzer and a must-have security tool [2 February 2005 - French]
[Tip]  Follow-up on discovering the libnids [6 September 2001 - French]
[Tip]  Introduction to the libnids [13 April 2001 - French]
[Tool]  smbsniff tool [SMB protocol sniffer - English]
[Tip]  Advanced BPF expressions [13 December 2000 - French]
[Tip]  Introduction to the libpcap [4 December 2000 - French]
[Tip]  Sniffers selection [10 October 2000 - French]
themeHoneypots
[Presentation]  Intrusion detection and network forensic [6 May 2004 - French]
[Presentation]  Network Flows based forensics of a honeypot [9 March 2004 - French]
[Techno-watch]  CanSecWest 2002 Conference [4 May 2002 - French]
[Presentation]  Honeypots [12 March 2002 - French]
> Copyright © 2004, Hervé Schauer Consultants, all rights reserved.

 

Last modified on 14 May 2004 at 11:14:10 CET - webmaster@hsc.fr
Information on this server - © 1989-2010 Hervé Schauer Consultants