Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation.

Slides:



Advertisements
Similar presentations
Black Hat Briefings 2000: Strategies for Defeating Distributed Attacks Simple Nomad Hacker Nomad Mobile Research Centre Occam Theorist RAZOR Security Team,
Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
DefCon: Network Mapping Techniques Simple Nomad Nomad Mobile Research Centre BindView Corporation.
Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Ipchains A packet-filtering Firewalls supported by Linux distributions.
Web server security Dr Jim Briggs WEBP security1.
Black Hat Europe 2000: Strategies for Defeating Distributed Attacks Simple Nomad Hacker Nomad Mobile Research Centre Occam Theorist RAZOR Security Team,
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Port Scanning.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Packets and Protocols Recognizing Attacks with the protocol analyzer.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
FIREWALKING. KNOW YOUR ENEMY: FIREWALLS What is a firewall? A device or set of devices designed to permit or deny network transmissions based upon a set.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
CIS 450 – Network Security Chapter 3 – Information Gathering.
Defense Techniques Sepehr Sadra Tehran Co. Ltd. Ali Shayan November 2008.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Linux Networking and Security
Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.
Chapter 2 Scanning Last modified Determining If The System Is Alive.
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4.
Distributed Denial of Service Attacks
CHAPTER 9 Sniffing.
Firewall Security.
The Intranet.
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
SPA: Single Packet Authentication MadHat Unspecific Simple Nomad nomad mobile research centre.
Tracking Rejected Traffic.  When creating Cisco router access lists, one of the greatest downfalls of the log keyword is that it only records matches.
DoS/DDoS attack and defense
Filtering Spoofed Packets Network Ingress Filtering (BCP 38) What are spoofed or forged packets? Why are they bad? How to keep them out.
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Autonomic Response to Distributed Denial of Service Attacks Paper by: Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley.
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
1 Figure 4-11: Denial-of-Service (DoS) Attacks Introduction  Attack on availability  Act of vandalism Single-Message DoS Attacks  Crash a host with.
Scanning.
Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
Application Control. Module Objectives By the end of this module participants will be able to: Define application control lists Define firewall policies.
Security Log Visualization with a Correlation Engine: Chris Kubecka Security-evangelist.eu All are welcome in the House of Bytes English Language Presentation.
 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
NAT、DHCP、Firewall、FTP、Proxy
The Intranet.
Top 5 Open Source Firewall Software for Linux User
Introduction to Network Scanning
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Overview of Networking & Operating System Security
Firewalls.
IIT Indore © Neminath Hubballi
By Seferash B Asfa Wossen Strayer University 3rd December 2003
Presentation transcript:

Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation

About Me  AKA Simple Nomad   Currently Sr. Security Analyst for BindView’s RAZOR Team 

About This Presentation  Assume basics –Understand IP addressing –Understand basic system administration  Tools –Where to find them –Basic usage  A “Network” point of view

Network Mapping  Active  Passive

Active Mapping  Techniques –ICMP Sweeps –Firewalk –Nmap  Defenses –Tight firewall rules –Block most ICMP –Block packets with TTL of 0 or 1

Passive Mapping  Techniques –Manual via Public sources –Automated via Siphon  Defenses –Strong policy regarding publishing/posting –Egress filtering and decent ISP

Distributed Tools and Stealth Techniques  Attack Models  Good Guy Usage

Basic Distributed Attack Models  Attacks that do not require direct observation of the results  Attacks that require the attacker to directly observe the results

Basic Model ServerAgent Client Issue commands Processes commands to agents Carries out commands

More Advanced Model TargetAttacker Forged ICMP Timestamp Requests ICMP Timestamp Replies Sniffed Replies

Even More Advanced Model Target FirewallFirewall

Even More Advanced Model Target FirewallFirewall Upstream Host

Even More Advanced Model Target Attack Node FirewallFirewall Upstream Host Master Node

Even More Advanced Model Target Attack Node FirewallFirewall Upstream Host Attacks or Probes Master Node

Even More Advanced Model Target Attack Node FirewallFirewall Upstream Host Attacks or Probes Replies Master Node

Even More Advanced Model Target Attack Node Sniffed Replies Attack Node FirewallFirewall Upstream Host Attacks or Probes Replies Master Node

Even More Advanced Model Target Attack Node Sniffed Replies Attack Node FirewallFirewall Upstream Host Attacks or Probes Replies Master Node

Good Guy Usage  VPN technology  Remote managed networks

The Hype of DDoS  What is DDoS?  Stealth Techniques Used within DDoS

Defenses Against Distributed Attacks  Ingress and Egress filtering  Usage of IDS inside and out  Analysis of network traffic and logs

Protocol Fun  Traffic Pattern Masking  Network Stegnography

Traffic Pattern Masking  Techniques –SMTP patterns –DNS patterns –Web traffic  Defenses –Egress filtering –Logging –Study of logs and network dumps

Network Stegnography  Techniques –HTTP –SMTP –Packet combinations  Defenses –Egress filtering –More logging, etc

Questions….  For followup: –Work –Play

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.