What if you hit back? Counter-intelligence and Counter-attack

Slides:

Advertisements

Similar presentations

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Advertisements

Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.

Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation.

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Information Security Overview BA483 – May 15 th, 2006 Presented By Kris Rosenberg, CISSP, MCSE, CCNA CTO Oregon State University College of Business.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

Explore the use of multiple gateways for intrusion detection defense Sunil Bhave & Sonali Patankar CS526 Fall 2002.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.

Honey Inspector Mike Clark Honeynet Project. Honeynet Inspector  Background.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Security Warnings TROPE: Teachers’ Resources for Online Privacy Education 1.

Threats to I.T Internet security By Cameron Mundy.

Sravanthi Vattikuti Sri Harsha Devabhaktuni

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.

CIS 450 – Network Security Chapter 3 – Information Gathering.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

CSC8320. Outline Content from the book Recent Work Future Work.

Network Presence, LLC SM Innovative Security Solutions SM Understanding, Planning For, and Responding To Denial of Service Attacks SANS 2001.

Computer Security By Rachel Gaines. Computers are used for work, play, and everything in between. So here’s how to keep it fun and protected.

Nullcon Goa 2010http://nullcon.net Botnet Mitigation, Monitoring and Management - Harshad Patil.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

A MULTIFACETED APPROACH TO UNDERSTANDING THE BOTNET PHENOMENON Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose & Andreas Terzis IMC’06.

Investigation and Evaluation of Systems for Generating Automatic Alerts Using Honeynet Data Master’s Thesis Seminar Presentation Esko Harjama.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

ISA Server 2004 Introduction Владимир Александров MCT, MCSE, MCSD, MCDBA Корус, Управител

Network Programming and Network Security Lane Thames Graduate Research Assistant.

FIREWALL. The member in group 1. Bhummikorn M.2/5 No.5 2.Borwornrat Khrongsiriwat M.2/5 No.6 3. Panaphon sangobsakun M.2/5 No.20 4.Kalint Muangsornkeaw.

Guide to Computer Forensics and Investigations, Second Edition Chapter 12 Network Forensics.

Advanced Persistent Threats (APT) Sasha Browning.

Web Portals Gateway To Information Or A Hole In Our Perimeter Defenses sm sm Deral Heiland – Layered Defense Research.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Computer Security By Duncan Hall.

Copyright Introduction to Computer Networking Learning About Other Devices.

An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.

Role Of Network IDS in Network Perimeter Defense.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

The internet is a place of both useful and bad information. It has both good and bad side- and it’s all too easy for kids to stray into it. And no parents/guardian.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Web security | data security | security © 2010 Websense, Inc. All rights reserved. Strategy for Defense Against Web-based Advanced Persistent Threats.

The Technicalities of Active Response Sergio Caltagirone April 26, 2005 CS 523 – Net Sec.

Network Security Lab Jelena Mirkovic Sig NewGrad presentantion.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Top 5 Open Source Firewall Software for Linux User

NETWORKS Fall 2010.

Types of Cyber Crimes Phishing - is a scam to steal your online username and password. Phishing attacks work by tricking you into entering your username.

“Can You See Me Now?” Shining the Light On Hackers & Identity Thieves

Antivirus Support Phone Number + 1-(844) One Step IT Solutions December 6, 2017

Website: Contact No: ID:

Dissecting Distributed Malware Networks

LINUX SECURITY Dongmei Wu ID: /25/00.

Sightings and Observations

Introduction to Internet Worm

An overview over Botnets

Presentation transcript:

What if you hit back? Counter-intelligence and Counter-attack Honeynet Project - project@honeynet.org What if you hit back? Counter-intelligence and Counter-attack Dave Dittrich University of Washington <dittrich @ cac.washington.edu> 11/14/2018

Honeynet Project - project@honeynet.org Overview Honeynet Project - project@honeynet.org Levels of Active Defense Use of “Intelligence” Case Studies Included as Examples Conclusion Discussion 11/14/2018

Levels of active defense Honeynet Project - project@honeynet.org Intelligence gathering locally Intelligence gathering remotely Actively tracing the attacker Actively retaliating against the attacker 11/14/2018

Honeynet Project - project@honeynet.org Intelligence (local) Honeynet Project - project@honeynet.org Host, IDS & Firewall Logs Malware artifacts & Sniffer Logs Network Traffic Case study: “BlennY” (1999) 11/14/2018

Intelligence (remote) Honeynet Project - project@honeynet.org External services Internal commands Malware artifacts Case study: Trin00 (1999) 11/14/2018

Honeynet Project - project@honeynet.org Active traceback Honeynet Project - project@honeynet.org Requires intelligence (local, remote) Requires active cooperation of remote site Requires careful correlation of logs Case study: mountd attacks (1998) 11/14/2018

Honeynet Project - project@honeynet.org Active retaliation Honeynet Project - project@honeynet.org Requires multiple levels of local/remote intelligence More remote, less trustworthy/accessible Attribution? Liability Case study: (not here!) 11/14/2018

Conclusion Locally, you have control Remotely, you don’t Attribution is hard Think very carefully 11/14/2018

Honeynet Project - project@honeynet.org Questions? Website: http://staff.washington.edu/dittrich/ Email: dittrich@cac.washington.edu 11/14/2018