Download presentation
Presentation is loading. Please wait.
Published byDerick Guyse Modified over 9 years ago
1
CIS 193A – Lesson13 Attack and Defense
2
CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack and defend strategies.
3
CIS 193A – Lesson13 Transport Layer Attacks Connection Resource Exhaustion –packets designed to saturate all available resources for servicing new connections. e.g syn flooding Header abuses –packets that contain maliciously constructed, broken or falsified headers. e.g. forged RST packets Transport Stack Exploits –packets that attack kernel code vulnerabilities
4
CIS 193A – Lesson13 Port Scans with Nmap TCP connect() Scans: Nmap –sT –typical handshake protocol. TCP SYN Scan: Nmap -sS –raw socket used to generate syn packet TCP FIN, XMAS, NULL scans TCP ACK scan: Nmap –sA TCP idle scan: Nmap –sI UDP scan: Nmap -sU
5
CIS 193A – Lesson13 Sample TCP Scan
6
CIS 193A – Lesson13 Sample Fin Scan
7
CIS 193A – Lesson13 Sample ACK Scan
8
CIS 193A – Lesson13 Other Types of Scans Port Sweeps –Checking a small set of ports on a number of computers: nmap –P0 –p 22 –sS 192.168.1.0/24 TCP Sequence Prediction Attacks –inject data into a stream, hijack a session, or force a session to close. SYN Floods –Denial of service attack from spoofed source addresses
9
CIS 193A – Lesson13 Review
10
CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack and defend strategies. Nmap acts as an attacking agent iptables provides loggin rules for invalid packets or packets that are not part of an established connection. The packets are logged to the psad daemon psad (Port Scan Attack Detector) analyzes and creates alerts for suspicious packets
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.