Wednesday 16 September 2015

Classes of IP Addresses

Basics of Networking-IP Address

IP Addresses:

It is an address in a network which is used for communication between two computer. In Laymen terms as we need an address to send postcard or Letters from one destination to another similarly in network while sending mails or whenever we need communication computer uses unique identifiers to send information to specific computers on a Network.
TCP/IP is standard for how to communicate on the network.

Two Versions of IP Addresses are there:
IPV4:  IP’s displayed in dotted Decimal Notation. It uses 32 binary bits to create a secure unique address separated on the Network.
Expressed by four numbers separated by dots.
For ex: 192.168.10.1

IPV6: It uses 128 binary bits to create a single unique address on the Network.
Expressed in eight groups of hexadecimal digits (base-0). Numbers are separated by colons.
For ex: 2001:dcab::3257:9652

Classes of IP Addresses:

Five classes are defined on the base of IP Hierarchy.


In these classes of IP Addresses:
0: Reserved and represents all IP addresses.
127: Loop back IP Address. Generally used for testing.
255: Reserved for Broadcasting Purposes

IP Address Class
No. of bits for NID/HID
No. of N/w Id bits
Possible number of N/w per Id
No. of Host IP per N/W Id
Class A
     8/24
  8-1=7
  27 -2=126
224-2 = 166,277,274
Class B
    16/16
 16-2=14
  214 =16,384
216-2= 65,534
Class C
     24/8
 24-3=21
 221 = 2,09,752
28-2=254

                                IP Address based on Class Networks
No. of Networks = 2networkbits
No. of Hosts/Network = 2hostbits -2

Note: All classes are identified by their first octet of IP addresses:

Class A Addresses

The first bit of first octet is always set to 0(zero).
As defined above it lies in b/w 1-126
            00000000-011111111
                            1-126
 Default Subnet Mask of Class A Address: 255.0.0.0
 127.x.x.x reserved for loop back IP Address.

Class B Addresses

The first two bits of first octet are always set to 10.
It lies b/w 128-191
              100000000-10111111
                           128-191
     Default Subnet Mask of Class A Address: 255.255.0.0     


Class C Addresses

 The first three bits of first octet always set to 110
  It lies in b/w 192-223
                    11000000-11011111
                                192-223
     Default Subnet Mask of Class C Address: 255.255.255.0

Class D Addresses

 The first two bits of first octet are always set to 1110
 It lies in b/w 224-239
            11100000-11101111
                        224-239
Reserved for Multi-casting. No Need to extract the host address from the IP address as there is data not designed for particular host as we are using it for broadcasting purposes.
Don’t have any Subnet Mask.

Class E Addresses

  Only using it for Experimental purposes.

  It lies in b/w 240-254.
Posted by at 4 comments:

Tuesday 15 September 2015

Dangerous Flaw in WhatsApp Web: vCard Vulnerability


Dangerous Flaw in WhatsApp for Web Version. Hackers can easily hack your device and inject malware.
Around 900 million People active users out of which 200 million users are at Risk.
The Vulnerabilities were discovered by security Researcher Kasif Sekel at Checkpoint which allows attackers to tale benefit of v Card contact card format to malware's to non-tech (unsuspected) users.




WhatsApp Web is a technology that replicates the WhatsApp mobile app experience within a web browser. The web interface allows users to view and respond to text messages, videos etc.

This Web based version of WhatsApp has a vulnerability to an exploit that allow hacker’s (through Social Engineering) to install malware on their machine.

Hackers would just send them a small, apparently innocent contacts file — which, when opened, would allow hackers to run malicious code and leave them open to being hit by code that could take control of their computer, viewing what they are doing or spread viruses.

Working of What-app Exploit


Hackers only need to know the victim's Phone number associated with WhatsApp web account.

  • An apparently tamed v Card (Contact Number) is send to the victim. The v Card riddled with a malicious code.
  • The victim who launches that executable file will be infected with that malware.
  • The contents of malware contains Ransom ware, bot-nets, RAT (Remote access Tools) and other malicious code. 

 What it does?       

  • Get complete access of the victim's machine.    
  • Monitor user activities
  • Spread Malware's

Need not worry Fix is Ready


All versions of WhatsApp Web after version 0.1.4481 already contain the fix for the vulnerability.



Posted by at 2 comments:

Monday 14 September 2015

RaaS


RaaS(Ransom-ware as a Service)


Ransomware as a Service is a ransomware very similar to Tox. Ransomware is a type of virus which will infect target computer, encrypts their files and will not decrypt until victim's will not a pay an amount of Money(Ransomware) most often in Bitcoins.

The company McAfee has highlighted a service offered on the Tor network: Tox is as a site offering the ransomware as a service.

RaaS is a ransomware creation tool, which allows to design ransomwares. Cyber criminals have to enter their BitCoin address and the payment that they want the ransomware to demand from the victims.
it is created for hackers to easily design encrypting ransomware payloads to distrube from their botnets.

Hackers can create his/her own Ransomware with in Few steps on Tox Website.


TOX

It is a tool kit which is designed for nontech users to spread this ransomware.
The developers of this software makes money by taking a 20% of any successful social engineer's attack.

Steps to Create your own Ransomware

  1.  Create an account on tox website without any email address and other identifiable information.
  2.  A user then types in the ransom amount they want to ask for, an additional note  such as the name of the target, and add captcha and click “Create”.

How to Identify these types of Ransomwares?

These type of Ransomwares generally come in the email Campaigns through Social engineering attacks.

You can see it in your Emails and genrally they uses fake word icons and having .scr extension.This file is around a size of 2 MB.

Once a Victims open this .scr file provided in an Email, The paylod will encrypt all the data on their system and decrypts only when if a Bitcoin payment is made.

How To Get rid of and Protect themselves from this Ransomware?

1. Don't fell in to these Kind of Social Engineering attacks. Before Running the attachment check for the Extensions first(is it a .scr, .exe).
2. Backup Your Data. if you have unfortunately executed it and having your Data Backup. You are safe from paying Ransom.

Posted by at 4 comments:
Subscribe to: Posts (Atom)