Network Security Assessment: Know Your Network

Sabin, Todd 

sadmind service 

    vulnerability 

Sam Spade Windows client  2nd  3rd  4th 

Samba 

SAMR interface 

save_config command (TNS Listener) 

saved frame pointer overwrite 

saved instruction pointer overwrite 

scanning

    ACK flag probe  2nd 

    connect( ) port 

    dumb 

    for vulnerabilities 

    FTP bounce 

    half-open SYN flag 

    idle 

    inverse TCP flag 

    IP ID header 

    IP network 

    proxy bounce 

    sniffer-based spoofed 

    spoofed TCP 

    stealth TCP 

    SYN 

    TCP port 

        inverse 

        third-party 

    third-party port 

    UDP port  2nd 

    vanilla port 

scanning tools

    commercial 

        Cisco Secure Scanner 

        Core IMPACT 

        ISS Internet Scanner 

    free 

        Nessus utility 

        nmap utility 

        NSAT utility 

        SuperScan utility 

scanrand utility  2nd 

scanudp utility 

Schiffman, Mike  2nd 

screenshots of specific open windows 

script kiddies 

search engines 

Secunia web site 

Secure Shell  [See SSH]

SecuRemote or SecureClient software 

Security Accounts Manager (SAM) database 

Security Association (SA) 

security events and conferences 

security management effectiveness 

SecurityFocus 

    BID 646 

segmentation fault 

SELECT query 

Send ICMP Nasty Garbage (SING) 

Sendmail 

    enumerating users through firewall with SMTP proxy 

    EXPN command 

    obtaining version using Help 

    RCPT TO: 

    security recommendations 

    service assessment 

    services protected by firewall 

    user enumeration 

    VRFY command 

    vulnerabilities  2nd  3rd 

sendmail system( ) command manipulation 

SensePost 

Server Message Block (SMB)  2nd 

services command (TNS Listener) 

session analysis tools 

shack exploit 

shell port 

showmount 

SIG overflow 

Simple Network Management Protocol  [See SNMP]

SKEY authentication mechanisms 

SMB (Server Message Block) 

SMB Auditing Tool (SMB-AT) 

SMB-AT utility 

smbbf utility 

SMBCrack utility  2nd 

smbdumpusers utility 

SMBRelay 

SMPT (Simple Mail Transfer Protocol) 

    open relay testing 

    probing 

    relay servers

        anti-virus circumvention 

    service assessment 

    service fingerprinting 

smtpmap utility 

smtpscan utility 

sniffer-based spoofed scanning 

sniffing

    attacks 

    interface IP addresses 

SNMP (Simple Network Management Protocol) 

    community strings 

    compromising devices by reading from 

    compromising devices by writing to 

    OID values 

    service vulnerabilities 

    vulnerabilities 

SNMP Management Information Base  [See MIB data]

snmpwalk utility 

snmpXdmid service 

    RPC service vulnerability 

social engineering 

Soft Project web site 

software vulnerabilities 

Solaris

    globbing issues 

    mail server

        security recommendations 

        vulnerabilities 

    version 8 accessible services vulnerabilities 

    versions 2.5 through 2.7 exploits 

Song, Dug  2nd 

source ports, using specific 

source routing 

    loose 

    vulnerabilities 

source routing testing 

sp_makewebtask procedure 

SPIKE Proxy 

SPIKE utility 

spoofed TCP scanning 

spoofing attacks 

spoofscan utility 

SQL Auditing Tool (SQLAT) 

SQL Server 

    brute-force utilities 

    buffer overflow vulnerabilities 

    command injection 

    transport protocols 

    tutorial 

SQL Server Resolution Service (SSRS) 

sqlbf utility 

sqlping utility 

SSH (Secure Shell) 

    brute-force password grinding 

    fingerprinting 

    service assessment 

    service banner

        grabbing using telnet 

    service fingerprints, common 

    vulnerabilities 

SSH Communications 

ssh port 

SSH1 CRC32 compensation vulnerability 

SSL

    web service 

SSRS (SQL Server Resolution Service) 

stack (runtime memory) 

stack frame 

    pointer 

    variables 

stack off-by-one  [See off-by-one]

stack overflows  2nd 

stack pointer 

stack smash 

stacks

    overwriting any word on 

    reading adjacent items on 

    reading data from any address on 

standard scanning methods 

statd service 

static overflows 

status (rpc.statd) 

status command (TNS Listener) 

stealth TCP scanning methods 

stop command (TNS Listener) 

stored procedures, calling 

Strict Source and Route Record (SSRR) 

stunnel utility  2nd 

    identifying web services using 

subnet broadcast addresses, identifying 

SummerCon web site 

Sun Solstice AdminSuite daemon (sadmind) vulnerability 

SuperScan utility  2nd 

Syn Ack Labs 

SYN port scan 

SYN probe packet 

SYN/ACK packet 

synlogger 

Sys-Security Group 

systat services 

system commands, running arbitrary 

System V-derived /bin/login static overflow exploits