Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation.

Published byDarlene Cummings Modified over 9 years ago

Similar presentations

Presentation on theme: "Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation."— Presentation transcript:

1 Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation

2 About Me  AKA Simple Nomad  http://www.nmrc.org/ http://www.nmrc.org/  Currently Sr. Security Analyst for BindView’s RAZOR Team  http://razor.bindview.com/ http://razor.bindview.com/

3 About This Presentation  Assume basics –Understand IP addressing –Understand basic system administration  Tools –Where to find them –Basic usage  A “Network” point of view

4 Network Mapping  Active  Passive

5 Active Mapping  Techniques –ICMP Sweeps –Firewalk –Nmap  Defenses –Tight firewall rules –Block most ICMP –Block packets with TTL of 0 or 1

6 Passive Mapping  Techniques –Manual via Public sources –Automated via Siphon  Defenses –Strong policy regarding publishing/posting –Egress filtering and decent ISP

7 Distributed Tools and Stealth Techniques  Attack Models  Good Guy Usage

8 Basic Distributed Attack Models  Attacks that do not require direct observation of the results  Attacks that require the attacker to directly observe the results

9 Basic Model ServerAgent Client Issue commands Processes commands to agents Carries out commands

10 More Advanced Model TargetAttacker Forged ICMP Timestamp Requests ICMP Timestamp Replies Sniffed Replies

11 Even More Advanced Model Target FirewallFirewall

12 Even More Advanced Model Target FirewallFirewall Upstream Host

13 Even More Advanced Model Target Attack Node FirewallFirewall Upstream Host Master Node

14 Even More Advanced Model Target Attack Node FirewallFirewall Upstream Host Attacks or Probes Master Node

15 Even More Advanced Model Target Attack Node FirewallFirewall Upstream Host Attacks or Probes Replies Master Node

16 Even More Advanced Model Target Attack Node Sniffed Replies Attack Node FirewallFirewall Upstream Host Attacks or Probes Replies Master Node

17 Even More Advanced Model Target Attack Node Sniffed Replies Attack Node FirewallFirewall Upstream Host Attacks or Probes Replies Master Node

18 Good Guy Usage  VPN technology  Remote managed networks

19 The Hype of DDoS  What is DDoS?  Stealth Techniques Used within DDoS

20 Defenses Against Distributed Attacks  Ingress and Egress filtering  Usage of IDS inside and out  Analysis of network traffic and logs

21 Protocol Fun  Traffic Pattern Masking  Network Stegnography

22 Traffic Pattern Masking  Techniques –SMTP patterns –DNS patterns –Web traffic  Defenses –Egress filtering –Logging –Study of logs and network dumps

23 Network Stegnography  Techniques –HTTP –SMTP –Packet combinations  Defenses –Egress filtering –More logging, etc

24 Questions….  For followup: –Work http://razor.bindview.com/ thegnome@razor.bindview.com –Play http://www.nmrc.org/ thegnome@nmrc.org

Download ppt "Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation."

Similar presentations

Black Hat Briefings 2000: Strategies for Defeating Distributed Attacks Simple Nomad Hacker Nomad Mobile Research Centre Occam Theorist RAZOR Security Team,

Black Hat Briefings 2000: Strategies for Defeating Distributed Attacks Simple Nomad Hacker Nomad Mobile Research Centre Occam Theorist RAZOR Security Team,
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
DefCon: Network Mapping Techniques Simple Nomad Nomad Mobile Research Centre BindView Corporation.

DefCon: Network Mapping Techniques Simple Nomad Nomad Mobile Research Centre BindView Corporation.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Ipchains A packet-filtering Firewalls supported by Linux distributions.

Ipchains A packet-filtering Firewalls supported by Linux distributions.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Black Hat Europe 2000: Strategies for Defeating Distributed Attacks Simple Nomad Hacker Nomad Mobile Research Centre Occam Theorist RAZOR Security Team,

Black Hat Europe 2000: Strategies for Defeating Distributed Attacks Simple Nomad Hacker Nomad Mobile Research Centre Occam Theorist RAZOR Security Team,
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Port Scanning.

Port Scanning.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

Similar presentations

Ads by Google