Presentation is loading. Please wait.

Presentation is loading. Please wait.

Footprinting (definition 1)

Published byErik Lang Modified over 6 years ago

Similar presentations

Presentation on theme: "Footprinting (definition 1)"— Presentation transcript:

1 Introduction to Footprinting, Fingerprinting, and Signature Recognition

2 Footprinting (definition 1)
The process of collecting publicly available information about an organization, its networks, address ranges, and the people who use them. May include printed material as well as electronic methods. Security administrators need to know what information is available on the Internet about their organization.

3 Web Reconnaissance Collecting information about an organization by examining the source code on its publicly posted web pages.

4 Network Reconnaissance (also called fingerprinting)
Activities performed to map out the size and scope of a network using network utilities. Information collected may include the number and addresses of servces, border routers, etc. Commonly used utilities include ping and traceroute.

5 The Attack Algorithm Most attacks start with network reconnaissance, e.g. port scanning and excessive pinging, trying to map the attacked network If reconnaissance is done very slowly over time and from multiple seemingly unrelated IPs (i.e. in a distributed way), it is almost impossible to detect After the reconnaissance comes the specific attack to targeted discovered machines Security admin has to be able to recognize the pattern aka signature of each attack

6 Footprinting/fingerprinting (definition 2)
Each attack (and each attack tool) has a certain “footprint” or “fingerprint” i.e. signature it leaves, by which it can be recognized e.g each virus has its own “signature” “footprint” of most attacks is starting with a ping sweep or a port scan Port scanning tools have their own footprints TCP SYN flood footprint is numerous TCP SYN packets to the same IP Why do you need to know various “tracks”? Because you must configure your firewall rules accordingly.

7 Port Scanning attacks/port-scan-attack Port scan sees which ports are available, which OS you are using, … S/port_scan_detectors.shtml A view from the trenches A tool to detect port scans

Download ppt "Footprinting (definition 1)"

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Footprinting February 16, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Footprinting February 16, 2010 MIS 4600 – MBA © Abdou Illia.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Penetration Testing.

Penetration Testing.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Port Scanning.

Port Scanning.
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)

 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.

Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.
Module 7: Firewalls and Port Forwarding 1. Overview Firewall configuration for Web Application Hosting Forwarding necessary ports for Web Application.

Module 7: Firewalls and Port Forwarding 1. Overview Firewall configuration for Web Application Hosting Forwarding necessary ports for Web Application.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
CIS 450 – Network Security Chapter 3 – Information Gathering.

CIS 450 – Network Security Chapter 3 – Information Gathering.
DIYTP 2009. Assessing a System - Basics  Why?  Vulnerabilities  What to look at:  The six ‘P’s  Patch  Ports  Protect  Policies  Probe  Physical.

DIYTP Assessing a System - Basics  Why?  Vulnerabilities  What to look at:  The six ‘P’s  Patch  Ports  Protect  Policies  Probe  Physical.

Similar presentations

Ads by Google