Ringkasan ini tidak tersedia. Harap
klik di sini untuk melihat postingan.
tutorial about web security computer networking
Maybe some of you crypto gurus can comment on their blog post -- is it possible to decrypt traffic if the cipher suite is TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037) instead of TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)? The cited perfect forward secrecy article says Diffie-Hellman provides PFS but isn't clear on the differences between plain DH and DHE (ephemeral).
tshark -V -n -r capture -R "ssl.handshake.ciphersuite == 0x39"
...edited...
Secure Socket Layer
TLSv1 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 74
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 70
Version: TLS 1.0 (0x0301)
Random
gmt_unix_time: Jan 26, 2007 19:32:44.000000000
random_bytes: 76744E818415307EA6F7C14FAF4BA640F67834C1263E5065...
Session ID Length: 32
Session ID (32 bytes)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Compression Method: null (0)
Count:1 Event#1.78890 2007-01-15 03:17:36
BLEEDING-EDGE DROP Dshield Block Listed Source
203.113.188.203 -> 69.143.202.28
IPVer=4 hlen=5 tos=32 dlen=48 ID=39892 flags=2 offset=0 ttl=104 chksum=57066
Protocol: 6 sport=1272 -> dport=4899
Seq=2987955435 Ack=0 Off=7 Res=0 Flags=******S* Win=65535 urp=35863 chksum=0
Payload:
None.
alert ip [80.237.173.0/24,217.114.49.0/24,68.216.152.0/24,89.0.143.0/24,69.24.128.0/24,
193.138.250.0/24,69.158.31.0/24,211.147.241.0/24,207.138.45.0/24,201.230.81.0/24,
221.12.113.0/24,195.245.179.0/24,193.255.250.0/24,199.227.77.0/24,218.106.91.0/24,
66.70.120.0/24,203.113.188.0/24,219.146.96.0/24,129.93.9.0/24,61.128.211.0/24]
any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING";
reference:url,feeds.dshield.org/block.txt; threshold: type limit, track by_src, seconds 3600,
count 1; sid:2403000; rev:319; fwsam: src, 72 hours;)
/nsm/rules/cel433/bleeding-dshield-BLOCK.rules: Line 32
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 203.113.128.0 - 203.113.191.255
...edited...
person: Nguyen Manh Hai
nic-hdl: NMH2-AP
e-mail: spam@viettel.com.vn
address: Vietel Corporation
address: 47 Huynh Thuc Khang, Dong Da District, Hanoi City
phone: +84-4-2661278
fax-no: +84-4-2671278
country: VN
changed: hm-changed@vnnic.net.vn 20040825
mnt-by: MAINT-VN-VIETEL
source: APNIC
1 2007-01-14 22:17:36.162428 203.113.188.203 -> 69.143.202.28 TCP 1272 > 4899
[SYN] Seq=0 Len=0 MSS=1460
2 2007-01-14 22:17:36.162779 69.143.202.28 -> 203.113.188.203 TCP 4899 > 1272
[RST, ACK] Seq=0 Ack=1 Win=0 Len=0
3 2007-01-14 22:17:37.230040 203.113.188.203 -> 69.143.202.28 TCP 1272 > 4899
[SYN] Seq=0 Len=0 MSS=1460
4 2007-01-14 22:17:37.230393 69.143.202.28 -> 203.113.188.203 TCP 4899 > 1272
[RST, ACK] Seq=0 Ack=1 Win=0 Len=0
Sensor:cel433 Session ID:5020091160069307011
Start Time:2007-01-15 03:17:36 End Time:2007-01-15 03:17:37
203.113.188.203:1272 -> 69.143.202.28:4899
Source Packets:2 Bytes:0
Dest Packets:2 Bytes:0
lnc0: <PCNet/PCI Ethernet adapter> port 0x1400-0x147f
irq 18 at device 17.0 on pci0
lnc0: Attaching PCNet/PCI Ethernet adapter
lnc0: [GIANT-LOCKED]
lnc0: Ethernet address: 00:0c:29:38:7d:ea
lnc0: if_start running deferred for Giant
lnc0: PCnet-PCI
taosecurity:/root# ifconfig lnc0
lnc0: flags=108843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,
NEEDSGIANT> mtu 1500
inet6 fe80::20c:29ff:fe38:7dea%lnc0 prefixlen 64 scopeid 0x1
inet 198.18.153.167 netmask 0xffff0000 broadcast 198.18.255.255
ether 00:0c:29:38:7d:ea
Ethernet0.present = "TRUE"
ethernet0.virtualDev="e1000"
em0: <Intel(R) PRO/1000 Network Connection Version - 3.2.18>
port 0x1070-0x1077
mem 0xec820000-0xec83ffff,0xec800000-0xec80ffff irq 18
at device 17.0 on pci0
em0: Memory Access and/or Bus Master bits were not set!
em0: Ethernet address: 00:0c:29:fd:f6:1d
kbld:/root# ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet6 fe80::20c:29ff:fefd:f61d%em0 prefixlen 64 scopeid 0x1
inet 198.18.152.169 netmask 0xffff0000 broadcast 198.18.255.255
ether 00:0c:29:fd:f6:1d
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active