1 / 24

Stealth Network Strategies: Offensive and Defensive

Explore the various techniques and tools for network mapping, distributed attacks, DDoS defenses, and protocol fun. Learn how to defend against stealth techniques and implement effective security measures.

mlugo
Download Presentation

Stealth Network Strategies: Offensive and Defensive

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation

  2. About Me • AKA Simple Nomad • http://www.nmrc.org/ • Currently Sr. Security Analyst for BindView’s RAZOR Team • http://razor.bindview.com/

  3. About This Presentation • Assume basics • Understand IP addressing • Understand basic system administration • Tools • Where to find them • Basic usage • A “Network” point of view

  4. Network Mapping • Active • Passive

  5. Active Mapping • Techniques • ICMP Sweeps • Firewalk • Nmap • Defenses • Tight firewall rules • Block most ICMP • Block packets with TTL of 0 or 1

  6. Passive Mapping • Techniques • Manual via Public sources • Automated via Siphon • Defenses • Strong policy regarding publishing/posting • Egress filtering and decent ISP

  7. Distributed Tools and Stealth Techniques • Attack Models • Good Guy Usage

  8. Basic Distributed Attack Models • Attacks that do not require direct observation of the results • Attacks that require the attacker to directly observe the results

  9. Basic Model Client Server Agent Issue commands Processes commands to agents Carries out commands

  10. More Advanced Model Forged ICMP Timestamp Requests Attacker Target Sniffed Replies ICMP Timestamp Replies

  11. Even More Advanced Model F i r e w a l l Target

  12. Even More Advanced Model F i r e w a l l Target Upstream Host

  13. Even More Advanced Model Attack Node F i r e w a l l Attack Node Target Master Node Attack Node Upstream Host

  14. Even More Advanced Model Attack Node F i r e w a l l Attack Node Attacks or Probes Target Master Node Attack Node Upstream Host

  15. Even More Advanced Model Attack Node F i r e w a l l Attack Node Attacks or Probes Target Master Node Attack Node Replies Upstream Host

  16. Even More Advanced Model Attack Node F i r e w a l l Attack Node Attacks or Probes Target Master Node Attack Node Sniffed Replies Replies Upstream Host

  17. Even More Advanced Model Attack Node F i r e w a l l Attack Node Attacks or Probes Target Master Node Attack Node Sniffed Replies Replies Upstream Host

  18. Good Guy Usage • VPN technology • Remote managed networks

  19. The Hype of DDoS • What is DDoS? • Stealth Techniques Used within DDoS

  20. Defenses Against Distributed Attacks • Ingress and Egress filtering • Usage of IDS inside and out • Analysis of network traffic and logs

  21. Protocol Fun • Traffic Pattern Masking • Network Stegnography

  22. Traffic Pattern Masking • Techniques • SMTP patterns • DNS patterns • Web traffic • Defenses • Egress filtering • Logging • Study of logs and network dumps

  23. Network Stegnography • Techniques • HTTP • SMTP • Packet combinations • Defenses • Egress filtering • More logging, etc

  24. Questions…. • For followup: • Work • http://razor.bindview.com/ • thegnome@razor.bindview.com • Play • http://www.nmrc.org/ • thegnome@nmrc.org

More Related