Presentation is loading. Please wait.

Presentation is loading. Please wait.

Footprinting (definition 1)

Similar presentations


Presentation on theme: "Footprinting (definition 1)"— Presentation transcript:

1 Introduction to Footprinting, Fingerprinting, and Signature Recognition

2 Footprinting (definition 1)
The process of collecting publicly available information about an organization, its networks, address ranges, and the people who use them. May include printed material as well as electronic methods. Security administrators need to know what information is available on the Internet about their organization.

3 Web Reconnaissance Collecting information about an organization by examining the source code on its publicly posted web pages.

4 Network Reconnaissance (also called fingerprinting)
Activities performed to map out the size and scope of a network using network utilities. Information collected may include the number and addresses of servces, border routers, etc. Commonly used utilities include ping and traceroute.

5 The Attack Algorithm Most attacks start with network reconnaissance, e.g. port scanning and excessive pinging, trying to map the attacked network If reconnaissance is done very slowly over time and from multiple seemingly unrelated IPs (i.e. in a distributed way), it is almost impossible to detect After the reconnaissance comes the specific attack to targeted discovered machines Security admin has to be able to recognize the pattern aka signature of each attack

6 Footprinting/fingerprinting (definition 2)
Each attack (and each attack tool) has a certain “footprint” or “fingerprint” i.e. signature it leaves, by which it can be recognized e.g each virus has its own “signature” “footprint” of most attacks is starting with a ping sweep or a port scan Port scanning tools have their own footprints TCP SYN flood footprint is numerous TCP SYN packets to the same IP Why do you need to know various “tracks”? Because you must configure your firewall rules accordingly.

7 Port Scanning attacks/port-scan-attack Port scan sees which ports are available, which OS you are using, … S/port_scan_detectors.shtml A view from the trenches A tool to detect port scans


Download ppt "Footprinting (definition 1)"

Similar presentations


Ads by Google