Week 46 / 2022

Mohamed Saif published on
5 min, 820 words

Tags: frappe Networking Malware Analysis

Networking

  • In Internet jargon, all of these devices are called hosts or end systems.

  • End systems are connected together by a network of communication links and packet switches.

  • transmission rate, bits/seconds.

  • packets are analogous to trucks, communication links are analogous to highways and roads, packet switches are analogous to intersections, and end systems are analogous to buildings.

  • Internet standards are developed by the Internet Engineering Task Force (IETF) [IETF 2016]. The IETF standards documents are called requests for comments (RFCs). RFCs started out as general requests for comments (hence the name) to resolve network and protocol design problems that faced the precursor to the Internet [Allman 2011]. RFCs tend to be quite technical and detailed. They define protocols such as TCP, IP, HTTP (for the Web), and SMTP (for e-mail). There are currently more than 7,000 RFCs. Other bodies also specify standards for network components, most notably for network links. The IEEE 802 LAN/MAN Standards Committee [IEEE 802 2016], for exam- ple, specifies the Ethernet and wireless WiFi standards.

  • Internet: as an infrastructure that provides services to applications.

  • Internet Socket Interface specifies how a program running on one end system asks the Internet infrastructure to deliver data to a specific destination program running on another end system (a set of rules that the sending program must follow so that the Internet can deliver the data to the destination program). the postal service requires that..

  • In our human protocol, there are specific messages we send, and specific actions we take in response to the received reply messages or other events

  • A protocol defines the format and the order of messages exchanged between two or more communicating entities, as well as the actions taken on the transmission and/or receipt of a message or other event.

  • Mastering the field of computer networking is equivalent to understanding the what, why, and how of networking protocols.

  • Horizontal layering of airline functionality divided the airline functionality into layers, providing a framework in which we can discuss airline travel. Note that each layer, combined with the layers below it, implements some functionality, some service.

  • Each layer provides its service by (1) performing certain actions within that layer and by (2) using the services of the layer directly below it.

  • Layred architecture makes it much easier to change the implementation of the service provided by the layer.

  • We are interested in the services that a layer offers to the layer abov the so-called service model of a layer.

  • One potential drawback of layering is that one layer may duplicate lower-layer functionality. A second potential drawback is that functionality at one layer may need information (for example, a timestamp value) that is present only in another layer; this violates the goal of separation of layers.

  • Application Layer: message -> Transport Layer: segment -> Network Layer: datagrams -> Link Layer: frames -> Physical Layer: bits.

  • In the Internet there are two transport protocols, TCP and UDP, either of which can transport application-layer messages.

  • There is only one IP protocol, and all Internet components that have a network layer must run the IP protocol.

    message path

  • We see that at each layer, a packet has two types of fields: header fields and a payload field. The payload is typically a packet from the layer above.

frappe

  • Can't connect to mysql inside docker container?
  • diffeence between Purchase Receipt and Stock Entry?

purchase-receipt-flow

Malware Analysis: research

  • malicious software is any computer software intended to harm the host operating system or to steal sensitive data.
  • Types of Malware: virus, worm, trojan horse, rootkit, or backdoor.
  1. Viruses: are pieces of malware that require human intervention to propagate to other machines. Think of this intervention as a user installing a malicious program from a website or a phishing email.
  2. Worms: Unlike Viruses, Worms do not need the help of humans to move to other machines. They can spread easily and can infect a high number of machines in a short amount of time.
  3. Trojan: These appear to be normal programs that have a legitimate function, like a game or a utility program. But underneath the innocent-looking user interface, a Trojan performs malicious tasks without the user being aware.
  4. Spyware: This type of malware gathers data about the user and sends it to a third-party.
  5. Keylogger: This is a special type of spyware. It is specialized in recording the keystrokes made by the user.
  6. Ransomware: These types of malware have become more common in the last decade. When a piece of Ransomware infects a machine, it encrypts all the stored files. It then asks the user for a ransom in exchange for the decryption key. Well-known examples of Ransomware are WannaCry and Locky.
  • malware analysis is performed typically falls under one of two types:
  1. Static malware analysis
  2. Dynamic malware analysis
  • Network Traffic Analysis (NTA)