Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC586 Network Forensics IP Tracing/Domain Name Tracing.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CSC586 Network Forensics IP Tracing/Domain Name Tracing."— Presentation transcript:

1 CSC586 Network Forensics IP Tracing/Domain Name Tracing

2 In this lesson you will learn: What IP address and domain name look up are and when to use them What IP trace is and when to use it What IP geolocation is and how to use it What a Proxy server is What fast flux malware is

3 IP Address Background IP addresses are managed and created by the Internet Assigned Numbers Authority (IANA)‏ Large blocks are allocated to one of 5 Regional Internet Registries :  American Registry for Internet Numbers - ARIN,  RIPE Network Coordination Centre - RIPE NCC,  Asia-Pacific Network Information Centre - APNIC,  Latin American & Caribbean Internet Registry - LACNIC  African Network Information Centre - AfriNIC

4 IP Address Background (2)‏ Public vs. Private IP Addresses  Public addresses – unique to avoid address conflicts -used on the WAN  Private addresses – used on the LAN these are unique within the scope of the LAN network  Private address Ranges: 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255

5 IP Address Background (3)‏ 3 Classes of IP addresses that are typically used:  Class A – large networks many devices  Class B – medium sized networks  Class C – small networks

6 IP Address and Domain Name Lookup What it is Web sites allow you to enter the IP address, or domain name and return information about who registered the site How to use it Enter the suspect IP address or web site and the registration information will be displayed

7 IP Address and Domain Name Locators Forensic use Used to identify sites visited Registrant information is often made up, it is often necessary to trace credit info to obtain the owner Examples of problems with sites are Domain Name Squatters Typo Squatters Phishing DNS Spoofing

8 Domain Name Locators Web tools available:  ARIN  Sam Spade  Whois  RIPE  Many others

9 Domain Name Locators Example

10 IP Trace What it is t racert tool can help you figure out the route a packet follows to get from one place or another. How to use it List the fully qualified domain name after the tracert command, the output will list the name and IP address of the destination and all hops along the way

11 IP Trace Forensic use Traces the route the packets took Route identifies ISP or Proxy Route also can identify general location of suspect

12 IP Trace Example

13 IP Trace Tracing tools available Command line:  XP, Windows 2000, Vista, tracert  Windows NT Tracert, pathping  Linux, Unix traceroute On Line:  NeoTrace  Visual Route Lite

14 CSC586 Network Forensics IP Geolocators What it is IP geolocators show the location of the gateway of the users ISP. How to use it Enter the suspect IP address, this will show the location, and location details generally up to the ISP gateway of the address

15 IP Geolocators Forensic Use Used to determine a suspects approximate location Used to validate online sales addresses Banking authentication process

16 IP Geolocators Examples

17 IP Geolocators Tools available in different granularities Whois http://cqcounter.com/whois/http://cqcounter.com/whois/ IP_address.com Many other tools showcased at www.tracemyspace.com

18 CSC586 Network Forensics Proxy Severs What they are Proxy servers service client requests by forwarding requests to other servers on behalf of the client. Used to make web surfing anonymous A circumventor is a proxy server that allow access to a blocked web site through an allowed web site. How to use them To mask your IP address and go to a site that your company, school, etc. doesn't allow go to www.youhide.com and enter the website you want to go to.

19 Proxy Severs Forensic Use When a proxy server is identified in an IP trace the Server organization must be issued a subpoena for the user information This information can help trace where the user was conecting to Information may also provide credit card and password information

20 Proxy Severs Example

21 Proxy Servers Tools available youHide.com MySpaceProxy www.fastproxynetwork.comwww.fastproxynetwork.com Anonymous proxy www.zend2.com

22 Fast Flux Malware What it is A DNS technique that hides phishing and malware sites behind compromised hosts that act as proxies. How it is used Multiple addresses assigned to a fully qualified domain name Usually uses a reverse proxy Used for Cyber Crime

23 Fast Flux Malware Forensic issues: Traditional phishing scams that compromised one or more computer systems was relatively simple to shut down this is not One mothership acts as the back end which makes it easier for criminals to manage and harder for LE to muddle through the layers to get to it Front end nodes may be spread across multiple continents, and time zones which make tracking down a malicious web site very difficult

24 Fast Flux Malware The End

Download ppt "CSC586 Network Forensics IP Tracing/Domain Name Tracing."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Top-Down Network Design Chapter Six Designing Models for Addressing and Naming Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Six Designing Models for Addressing and Naming Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Addressing the Network – IPv4 by Dodi Heriadi. IP Addressing Structure Describe the dotted decimal structure of a binary IP address and label its parts.

Addressing the Network – IPv4 by Dodi Heriadi. IP Addressing Structure Describe the dotted decimal structure of a binary IP address and label its parts.
Yerevan, July 11, 20121 Armenian edition of Jovan Kurbalija’s book “Internet Governance” I.Mkrtumyan, ISOC AM H.Baghyan, MediaEducation Center.

Yerevan, July 11, Armenian edition of Jovan Kurbalija’s book “Internet Governance” I.Mkrtumyan, ISOC AM H.Baghyan, MediaEducation Center.
METEOROLOGICAL TELECOMMUNICATION AND METCAP A GLANCE TO NETWORK BRIEFLY Ömer Hüdai ALBAYRAK 2010ALANYA.

METEOROLOGICAL TELECOMMUNICATION AND METCAP A GLANCE TO NETWORK BRIEFLY Ömer Hüdai ALBAYRAK 2010ALANYA.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing emails are designed.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Operating Systems Concepts 1/e Ruth Watson Chapter 11 Chapter 11 Network Maintenance Ruth Watson.

Operating Systems Concepts 1/e Ruth Watson Chapter 11 Chapter 11 Network Maintenance Ruth Watson.
Nassau Community College

Nassau Community College
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 13: Troubleshoot TCP/IP.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 13: Troubleshoot TCP/IP.
Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.

Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
CSEE W4140 Networking Laboratory Lecture 3: IP Forwarding and ICMP Jong Yul Kim 02.08.2010.

CSEE W4140 Networking Laboratory Lecture 3: IP Forwarding and ICMP Jong Yul Kim
Lecture Packets, IPs, and Domain Names Packet Switching at the core of TCP/IP Robert Kahn & Vint Cerf –Fathers of the Internet –Vint Cerf is currently.

Lecture Packets, IPs, and Domain Names Packet Switching at the core of TCP/IP Robert Kahn & Vint Cerf –Fathers of the Internet –Vint Cerf is currently.
Internet Operations and the RIRs. Overview ARIN and the Regional Internet Registry (RIR) System IP Number Resources, DNS and Routing IP Address Management.

Internet Operations and the RIRs. Overview ARIN and the Regional Internet Registry (RIR) System IP Number Resources, DNS and Routing IP Address Management.
Phishing Analysis. Ojectives Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the.

Phishing Analysis. Ojectives Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the.
Mapping Out Cyber Crime Infrastructure A Law Enforcement Approach Jon Flaherty UK National Cyber Crime Unit 13 th May 2015 RIPE 70 - Amsterdam.

Mapping Out Cyber Crime Infrastructure A Law Enforcement Approach Jon Flaherty UK National Cyber Crime Unit 13 th May 2015 RIPE 70 - Amsterdam.

Similar presentations

Ads by Google