CSIRT Training Material Technical Issues Klaus Möller DFN-CERT May 2001.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Lesson 3-Hacker Techniques
TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
Network Mapping  Identify Live Hosts  Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery  Identify Perimeter.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.
Guide to Network Defense and Countermeasures Second Edition
Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.
1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo 1 Agenda Last words on buffer overflows Overview.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Lecture 15 Denial of Service Attacks
ECE Prof. John A. Copeland fax Office: Klaus 3362.
Basic Elements of Attacks and Their Detection. Contents Elements of TCP/IP addressing Layers in Internet communication Phases of an attack 2/46.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Port Scanning.
CS252: Systems Programming Ninghui Li Final Exam Review.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
Ana Chanaba Robert Huylo
Data Gathering A hacker can’t do anything to you if they don’t know anything about you. The hacker requires: –A target –Your ip address –Your OS type –What.
Session 1 Framework Security Threat Responsibility and Policy Architecture Response Flow Preparation.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Network Packet Generator Midway presentation Supervisor: Mony Orbach Presenting: Eugeney Ryzhyk, Igor Brevdo.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Chapter 2 Scanning Last modified Determining If The System Is Alive.
Denial of Service (DoS) Attacks: A Nightmare for eCommerce Jearanai Muangsuwan Strayer University.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
1 Lab 1: Reconnaissance, Network Mapping, and Vulnerability Assessment Reconnaissance Scanning Network Mapping Port Scanning OS detection Vulnerability.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
McLean HIGHER COMPUTER NETWORKING Lesson 13 Denial of Service Attacks Description of the denial of service attack: effect: disruption or denial of.
Lecture 9: Buffer Ovefflows and ROP EEN 312: Processors: Hardware, Software, and Interfacing Department of Electrical and Computer Engineering Spring 2014,
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
Part I The Basic Idea software sequence of instructions in memory logically divided in functions that call each other – function ‘IE’ calls function.
Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.
DoS/DDoS attack and defense
Hands-On Ethical Hacking and Network Defense
Scanning.
or call for office visit,
Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Filip Chytrý Everyone of you in here can help us improve online security....
Network and Port Scanning Chien-Chung Shen
Comparison of Network Attacks COSC 356 Kyler Rhoades.
© SYBEX Inc All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”
Network and System Security Risk Assessment
Introduction to Information Security
CITA 352 Chapter 5 Port Scanning.
سمینار آموزشی امنیت شبکه
Internet Security by Alan S H Lam 2019/4/9.
Presentation transcript:

CSIRT Training Material Technical Issues Klaus Möller DFN-CERT May 2001

Agenda  Goals of this module  Decisions and reasons  Programme  Whats been left out  Next steps

Goals of the module  Make new members of incident handling teams familiar with:  Technical concepts behind incidents  Incident technical terminology  Goals of intruder activity  Weaknesses exploited

Decisions and reasons  1 ½ hour is much too short  Concentrate on most common forms of incidents  This way, new members can become productive  Leave more advanced attacks for later  Programme follows intrusion cycle  Scan  Breakin  Hiding  Abuse  Show full chain  „Canonical“ structure ?

Decisions and reasons (cont.)  Prerequisite skills:  Basic UNIX administration  OS Structure: Kernel, (shared) libraries, programmes  Shell and environment variables  Basic TCP/IP administration  Familarity with IP/OSI stack model  Network interface  IP address

Programme  Total length ~ minutes  How intruders work (~ 5 min)  Information gathering (~ 20 min)  Breaking into a system ( ~ 15 min)  Hiding traces and digging in (~ 10 min)  Abuses of systems (~ 10 min)

Programme (cont)  Information gathering  Scans  ICMP Sweeps (Echo, Timestamp, Netmask)  TCP Scans (SYN, ACK, RST, XMAS, NULL)  UDP Scans  Probes  DNS  Version information (banner grabbing, queries)  Distinguishing scans and probes from normal activity  WINS  Load balancers  traceroute

Programme (cont)  Breaking in  Buffer overflows  Program stack  When is a buffer vulnerable  Smashing the stack (overwriting return addreses)  Format string bugs  The unknown format chars of printf()  What functions are vulnerable  How it is done  How format bugs help buffer overruns

Programme (cont)  Hiding  Cleaning logfiles  Utmp, wtmp, lastlog  Other traces often overlooked by attackers  Shell history  Unsuccessful attacks  Digging in (rootkits)  Trojaned system commands  backdoors

Programme (cont)  Abuses (Denial-of-Service)  TCP SYN Flood  UDP Flood  Ping Flood  Smurf  Distinguishing between DoS and Scans  Backscatter

Whats been left out  Distributed attacks  Scans, Sniffing  Distributed Denial of Service  Other attack forms  Heap corruption  Return to libc  Kernel Mode rootkits  Warez, SPAM  Lots more

Next Steps  Flesh out course material  Slides  Handouts  Test materials  Incorporate critics  Document experiences

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.