Lockdoor Framework

A Penetration Testing Framework

View on GitHub

Networking Concepts

Types of networks

Physical and Logical topologies

Physical topologies

How network is connected together? via cables or wireless

Types of physical topologies

Bus topology
Ring topology

Star topology

Logical Topologies

These protocols are responsible for making sure that a signal sent by a system finds its way to it's destination.

There are two general ways systems can communcate on a network:


Token ring and FDDI

Token ring

Token Ring


Asynchronous Transfer Mode (ATM)

Establishing a channel for each connection allows ATM to provide Quality of Service (QoS). When setting up a virtual circuit, switches along the path can be requested to allocate the desired amount of bandwidth " I need 1MB to support a video conference, Do you have that much available?" If answer is "Yes" then a virtual circuit is created, if the answer is "No" we search for another switch.

Types of ATM

PVC is set up in advance usually manually.

Is established automatically on the fly

Wan Technologies

Allowing n sites to directly communicate with each one another would require n+1 links. In such situation it's better to use Packet-Switched technology. e.g Frame Relay

Frame Relay

It's a wan technology similar to Ethernet and Token Ring in that it's based on packet switching.

Lowering the costs of the WAN instead of using dedicated direct links between sites, you will use the Frame Relay Cloud.

MPLS (Multi-protocol Label Switching)

ISDN, DSL, Cable Modems


DSL (Digital Subscriber Line)

Cable modems

Network Hardware


Todays the standard for the modern ethernet networks is to use CAT 5 or CAT 6 cables

Network Tap

Better option will be a device that operates on the cable level to sniff all the data.

Vampire Tap

Network Devices

Network design


TCP/IP Model

How protocol stacks communicate

The basic princible of stack based communication is that: Data from one layer of the stack can only be understood by the corresponding layer from the remote computer

This layer independence does have a security implications: for example giving a wrong ip adress for a specific dns service, id IP and DNS layers work together they would probably notice the fake IP, but because they work independently from each other they will not notice that. You need security software to check all the layer and make sure the headers are showing the correct info.

How TCP packets are created

IP V4 header

IP V6 header

IP fragment attacks

Network Addressing

Subnet classes

Not used any more as it's a waste of ips. It has been supplanted by CIDR

CIDR (ClassLess Inter-Domain Routing)

Broadcast addresses

Limited broadcasts are used when computers boot so they can optain DHCP lease or otherwise configure network interfaces.

Private addresses

IP v6

MAC and IP address

ARP (Address Resolution Protocol)

Ports and protocols

DNS (Domain Name System)

Types of DNS Queries

Making a DNS Query

>$ nslookup www.yahoo.com
## Answers that come from cache are referred to as `non-authoritative` answers because a DNS server that does not house the actual database for that domain supplied them.
$ nslookup

DNS Security Attacks

Cache Poisoning

Defense against Cache Poisoning

Denial of Service


defense against footprinting

Registration Spoofing

IP protocols and the OSI

UDP (User Diagram Protocol)

Other important UDP-based protocols include:

TCP (Transmission control protocol)

TCP often is a network programmer's protocol of choice. It is probably the easier of the two protocols to program for, because most of the error handling is down inside the transport layer and out of sight from the application code.

Establishing a TCP connection

Closing a TCP connection

TCP header


FTP (File Transfer Protocol)

FTP Security issues

Active vs passive FTP

Implications of ftp connection on firewalls

A stateless firewall

that will have no knowledge about the mechanics of the different ports being requested to be opened for FTP. This type of firewall will require the following ports to be opened for FTP to function:

That's a lot of traffic to be permitted through a firewall.

The high traffic essentially provides a mechanism for unauthorized services to be accessible to or from the FTP server that may have nothing to do with FTP at all.

This loose security model can magnify the problems mentioned previously with respect to bounce scans with the PORT command and can provide a mechanism for a potentially infected FTP server to have a backdoor installed that is listening on an obscure high port.

If you are stuck with such a firewall, it would be better to disable passive FTP altogether, as active ftp is much less permissive in what it permits through the firewall.

A stateful firewall

It would be better, however, to use a stateful firewall that has additional knowledge of the FTP protocol and can dynamically open ports for the data channel based upon reading into command channel packets.

This type of firewall will always permit 21/TCP inbound (and the stateful replies outbound) for valid connections and will prevent the need to leave all of the ephemeral ports wide open at all times, either from 20/TCP or from all ephemeral ports.

ICMP (Internet Control Message Protocol)

Layer 3 (Network layer) protocol


ICMP header



Unix and Windows Traceroute

Works differently; might produce different results

Not only is traceroute a great tool for determining paths through the network, but it is also a pretty decent network mapper.

By carefully examining the output of several runs to different hosts on the same remote network, you can start to notice similarities and differences.

Common ports