1 Reading Log Files. 2 Segment Format

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
Computer Security and Penetration Testing
TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Transmission Control Protocol (TCP)
Intermediate TCP/IP TCP Operation.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Lecture 7 Transport Layer
Guide to Network Defense and Countermeasures Second Edition
Fundamentals of Computer Networks ECE 478/578 Lecture #20: Transmission Control Protocol Instructor: Loukas Lazos Dept of Electrical and Computer Engineering.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
1 TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
1 CS 4396 Computer Networks Lab Transmission Control Protocol (TCP) Part I.
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
Chapter 7 – Transport Layer Protocols
TRANSPORT LAYER  Session multiplexing  Segmentation  Flow control (TCP)  Connection-oriented (TCP)  Reliability (TCP)
Firewalls and Intrusion Detection Systems
Outline Definition Point-to-point network denial of service
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.
CS155: Computer and Network Security Programming Project 3 – Spring 2008 Craig Gentry, Naef Imam, Arnab Roy {cgentry, nimam, Thanks.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
ECE Prof. John A. Copeland fax Office: Klaus 3362.
Port Scanning.
TRANSPORT LAYER T.Najah Al-Subaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
FIREWALL Mạng máy tính nâng cao-V1.
Firewalls A note on the use of these ppt slides:
The Transmission Control Protocol (TCP) TCP is a protocol that specifies: –How to distinguish among multiple destinations on a given machine –How to initiate.
6.1. Transport Control Protocol (TCP) It is the most widely used transport protocol in the world. Provides reliable end to end connection between two hosts.
1 7-Oct-15 OSI transport layer CCNA Exploration Semester 1 Chapter 4.
TCP : Transmission Control Protocol Computer Network System Sirak Kaewjamnong.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Transmission Control Protocol TCP. Transport layer function.
1 Guide to Network Defense and Countermeasures Chapter 9.
Chapter 6-2 the TCP/IP Layers. The four layers of the TCP/IP model are listed in Table 6-2. The layers are The four layers of the TCP/IP model are listed.
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
Protocol Headers 0x0800 Internet Protocol, Version 4 (IPv4) 0x0806 Address Resolution Protocol (ARP) 0x8100 IEEE 802.1Q-tagged frame 0x86DD Internet Protocol,
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
8: Network Security 8-1 IPsec: Network Layer Security r network-layer secrecy: m sending host encrypts the data in IP datagram m TCP and UDP segments;
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Slide #1 CIT 380: Securing Computer Systems TCP/IP.
DoS/DDoS attack and defense
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
or call for office visit,
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified
© 2002, Cisco Systems, Inc. All rights reserved..
Transport Layer1 TCP Connection Management Recall: TCP sender, receiver establish “connection” before exchanging data segments r initialize TCP variables:
Cisco I Introduction to Networks Semester 1 Chapter 7 JEOPADY.
or call for office visit, or call Kathy Cheek,
Transport Layer.
TCP/IP Internetworking
TCP.
TCP/IP Internetworking
Figure 3-23: Transmission Control Protocol (TCP) (Study Figure)
Introduction to Computer Networks
Statistical based IDS background introduction
Session 20 INST 346 Technologies, Infrastructure and Architecture
Transport Layer 9/22/2019.
TCP Connection Management
Presentation transcript:

1 Reading Log Files

2 Segment Format

3 Datagram Header Three key fields –Source IP address –Destination IP address –Type (contents)

TCP Flags TCP packets have one-bit flags Flags are used to specify the meaning of the packet. –SYN (Start of connection): S –ACK (Acknowledge): ack –FIN ("FINish" or French for “end”): F –RESET: R –PUSH: P –URGENT: urg

5 Connection Establishment Active participant (client) Passive participant (server) SYN, SequenceNum = x ACK, Acknowledgment =y+1 Acknowledgment =x+1 SYN+ACK, SequenceNum=y,

6 Sequence of Messages – TCP Flow Control

7 TCPDump

8 TCPdump – Absolute and Relative Sequence Numbers

9 TCPdump Trace 3-Way Handshake Data Transfer

10 TCPdump Trace Connection Termination

11 TCPdump Trace ACK Scan

12 Snort

13 Snort

14 Introduction to Practicals

15 Introduction to Practicals Network or system log trace of an event of interest on which the practical is based Source of the detect –e.g., snort Probability that the source address was spoofed Description of the attack Attack mechanism Correlations Evidence of active targeting Severity Defensive recommendation Multiple-choice question

16 Introduction to Practicals The traffic was logged because it violated the security policy The network or system trace –False positives –False negatives –False interpretations

17 One Trace Example P. 21 of the textbook

18 Probability the source address was spoofed Probably spoofed –DoS attacks: Smurf, ICMP broadcast, etc. Probably not spoofed –TCP packets are not spoofed if the three-way handshake is completed Combination of both aspects Despoof: checking TTL to determine whether a received packet is spoofed or not –

19 Description of Attack Common Vulnerabilities and Exposures (CVE) – –One of the most important standards efforts for intrusion detection and information security in general –For example: TCP SYN flood, ADM buffer overflow against DNS, etc.

SYN Flood Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. –CVE –Keeping track of each half-open connection takes up resources

21 Attack Mechanism Is this a stimulus or response? –RFCs are the standards documents –Unfortunately, different implementations of TCP/IP react differently to deliberate violations of RFC standards What service is being targeted? Does the service have known vulnerabilities or exposures? Is this benign, an exploit, DoS, or reconnaissance?

22 Expected Stimulus-Response Destination Host Listens on Requested Port –Stimulus –Response

23 Expected Stimulus-Response Destination Host not listening on Requested Port –Stimulus –Response

24 Expected Stimulus-Response Destination Host Does not Exist –Stimulus –Response

25 Expected Stimulus-Response Destination Port Blocked –Stimulus –Response

26 Expected Stimulus-Response Destination Port Blocked, Router Does not Respond –Stimulus –Response

27 Protocol Benders FTP –Session Negotiations –Dir command issued by the user

28 Abnormal Stimuli Evasion stimulus, Lack of Response

29 Abnormal Stimuli No Stimulus, All Response –Suppose no out bound traffic

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.