Presentation is loading. Please wait.

Presentation is loading. Please wait.

Red Team Exercise Part 3 Week 4

Similar presentations


Presentation on theme: "Red Team Exercise Part 3 Week 4"— Presentation transcript:

1 Red Team Exercise Part 3 Week 4
XX XX CMGT433 Professor XX XX

2 Table of Contents Introduction.
Review of Blue Team Defense Presentation. Defenses vs Attacks. Our New Attack Description. Justification of the Attack. References. Table of Contents Speaker Notes: This presentation will cover the following topics.

3 Defenses vs. Attacks Defense Attack Intrusion detection system
Denial of service Defenses vs. Attacks Denial of Service: An attack where a malicious user tries to keep legitimate users from getting to information or services. Denial of service attacks can impair single machines or entire networks and can cost an organization time and cash managing them. Intrusion detection system: Inspects all inbound and outbound system activity and distinguishes suspicious patterns that may demonstrate a system or system attack from somebody endeavoring to break into or compromise a system. When all is said in done, IDS recognizes attacks by: Coordinating watched arrange traffic with patterns of known attack Searching for deviation of traffic conduct from the built up protocol Once an attack is recognized, the suspicious traffic can be blocked or constrained.

4 Attack vs Defense Results
Denial of Service - An attacker attempts to prevent legitimate users from accessing information or services. Intrusion detection system Justification: Firewall and encryption are to prevent penetration and protect the infrastructure, but with this, the intruders manage to penetrate the company. That is why intrusion detection systems are becoming more of a requirement. Denial of Service - An attacker attempts to prevent legitimate users from accessing information or services. Intrusion detection system Justification: Firewall and encryption are to prevent penetration and protect the infrastructure, but with this, the intruders manage to penetrate the company. That is why intrusion detection systems are becoming more of a requirement.

5 Our New Attack Against Blue Team
DoS Attack Affect on Network Operations Flooding the server with multiple request Tying up available connections which will not allow new connection to be made therefore legitimate users will be denied use of services. Hide more nefarious attacks In the midst of all the traffic being sent to and being requested from the target servers it would be more difficult to notice another attack being masked by the DoS attack. The primary objective of the DoS attack is to utilize so many resources that we may affect the operation of the network and overwhelm security operators. If we tie up available connections we can stop users from accessing the company's website/network. We can overwhelm the IPS by sending vast amounts of information for it to process. If we can tie up resources utilizing our DOS we can bog down the IPS enough to also hide other attacks. We can use the DOS as a distraction to mask other attempts at accessing the network as the IDS will be sending out alerts to the security admins to report each time there it detects an intrusion. By overwhelming the IDS and the security administrators with multiple intrustion detection alerts we should be able to cause some disruption in the network infrastructure.

6 Our New Attack Description
Ping Flood DoS Attack Commonly known as the Ping of Death, this DoS Attack will send IP packets that are larger than the what is allowed by the IP protocol which is 65,535 bytes. The Ping Flood attack differs as it doesn’t wait for a reply it just keeps sending oversized ICMP packets until it overwhelms the system so it crashes or reboots. In addition to oversized packets, we will also be sending malformed packets in different fragments that are less than 65,535. When the target system tries to reassemble them, they will be left with an oversized packet that will effect memory overflow and could lead to a system crash. Commonly known as the Ping of Death, this DoS Attack will send IP packets that are larger than the what is allowed by the IP protocol which is 65,535 bytes. The Ping Flood attack differs as it doesn’t wait for a reply it just keeps sending oversized ICMP packets until it overwhelms the system so it crashes or reboots. In addition to oversized packets, we will also be sending malformed packets in different fragments that are less than 65,535. When the target system tries to reassemble them, they will be left with an oversized packet that will effect memory overflow and could lead to a system crash.

7 Attack Justification By blocking ping messages, they prevent legitimate ping use – and there are still utilities that rely on ping for checking that connections are live. Invalid packet attacks can be directed at any listening port—like FTP ports—and they may not want to block all of these, for operational reasons. Ping of death attacks can be easily spoofed so our identity can be hidden. We just need blue teams IP addresses and not intimate knowledge of the system to perform the attack. As the Red team campaign against the consumer based company continues, we have developed a response to the bolstered security protection implemented on the network by the Blue team. Our ping of death will put tremendous pressure on the network, the administrators, and the incident response teams. Due to the nature of the attack, any ports and services which accept an ICMP traffic will become overwhelmed and unable to receive legitimate network traffic thus resulting in a denial of service (DOS). Attribution for this type of attack will not be easy for the Blue team because of the plethora of open source tools designed to perform this type of DOS. The company more than likely has never tested there true capacity of their total network bandwidth and will be unable to recover gracefully from this type of DOS. Unfortunately, any information system the consumer based company has facing the internet accepting ICMP on any port or service will be affected. If the company has not tailored their baseline security controls for this type of DOS then the Red teams attack will likely succeed

8 Reference Rouse, M. ( ). Search Security. Retrieved from What Denial of Service (DoS) Attacks Symbolize!(2018). Retrieved from Intrusion Detection System (IDS)(2018). Retrieved from Ping of death (PoD) (2018). Retrieved from Reference Page


Download ppt "Red Team Exercise Part 3 Week 4"

Similar presentations


Ads by Google