Download
attack and defense n.
Skip this Video
Loading SlideShow in 5 Seconds..
Attack and Defense PowerPoint Presentation
Download Presentation
Attack and Defense

Attack and Defense

140 Vues Download Presentation
Télécharger la présentation

Attack and Defense

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Attack and Defense

  2. Focus Question Describe how Nmap, psad, and iptables work together for playing out attack and defend strategies.

  3. Transport Layer Attacks • Connection Resource Exhaustion • packets designed to saturate all available resources for servicing new connections. e.g syn flooding • Header abuses • packets that contain maliciously constructed, broken or falsified headers. e.g. forged RST packets • Transport Stack Exploits • packets that attack kernel code vulnerabilities

  4. Port Scans with Nmap • TCP connect() Scans: Nmap –sT • typical handshake protocol. • TCP SYN Scan: Nmap -sS • raw socket used to generate syn packet • TCP FIN, XMAS, NULL scans • TCP ACK scan: Nmap –sA • TCP idle scan: Nmap –sI • UDP scan: Nmap -sU

  5. Sample TCP Scan

  6. Sample Fin Scan

  7. Sample ACK Scan

  8. Other Types of Scans • Port Sweeps • Checking a small set of ports on a number of computers:nmap –P0 –p 22 –sS 192.168.1.0/24 • TCP Sequence Prediction Attacks • inject data into a stream, hijack a session, or force a session to close. • SYN Floods • Denial of service attack from spoofed source addresses

  9. Review

  10. Focus Question Describe how Nmap, psad, and iptables work together for playing out attack and defend strategies. • Nmap acts as an attacking agent • iptables provides loggin rules for invalid packets or packets that are not part of an established connection.The packets are logged to the psad daemon • psad (Port Scan Attack Detector) analyzes and creates alerts for suspicious packets