240 likes | 257 Views
Explore the various techniques and tools for network mapping, distributed attacks, DDoS defenses, and protocol fun. Learn how to defend against stealth techniques and implement effective security measures.
E N D
Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView Corporation
About Me • AKA Simple Nomad • http://www.nmrc.org/ • Currently Sr. Security Analyst for BindView’s RAZOR Team • http://razor.bindview.com/
About This Presentation • Assume basics • Understand IP addressing • Understand basic system administration • Tools • Where to find them • Basic usage • A “Network” point of view
Network Mapping • Active • Passive
Active Mapping • Techniques • ICMP Sweeps • Firewalk • Nmap • Defenses • Tight firewall rules • Block most ICMP • Block packets with TTL of 0 or 1
Passive Mapping • Techniques • Manual via Public sources • Automated via Siphon • Defenses • Strong policy regarding publishing/posting • Egress filtering and decent ISP
Distributed Tools and Stealth Techniques • Attack Models • Good Guy Usage
Basic Distributed Attack Models • Attacks that do not require direct observation of the results • Attacks that require the attacker to directly observe the results
Basic Model Client Server Agent Issue commands Processes commands to agents Carries out commands
More Advanced Model Forged ICMP Timestamp Requests Attacker Target Sniffed Replies ICMP Timestamp Replies
Even More Advanced Model F i r e w a l l Target
Even More Advanced Model F i r e w a l l Target Upstream Host
Even More Advanced Model Attack Node F i r e w a l l Attack Node Target Master Node Attack Node Upstream Host
Even More Advanced Model Attack Node F i r e w a l l Attack Node Attacks or Probes Target Master Node Attack Node Upstream Host
Even More Advanced Model Attack Node F i r e w a l l Attack Node Attacks or Probes Target Master Node Attack Node Replies Upstream Host
Even More Advanced Model Attack Node F i r e w a l l Attack Node Attacks or Probes Target Master Node Attack Node Sniffed Replies Replies Upstream Host
Even More Advanced Model Attack Node F i r e w a l l Attack Node Attacks or Probes Target Master Node Attack Node Sniffed Replies Replies Upstream Host
Good Guy Usage • VPN technology • Remote managed networks
The Hype of DDoS • What is DDoS? • Stealth Techniques Used within DDoS
Defenses Against Distributed Attacks • Ingress and Egress filtering • Usage of IDS inside and out • Analysis of network traffic and logs
Protocol Fun • Traffic Pattern Masking • Network Stegnography
Traffic Pattern Masking • Techniques • SMTP patterns • DNS patterns • Web traffic • Defenses • Egress filtering • Logging • Study of logs and network dumps
Network Stegnography • Techniques • HTTP • SMTP • Packet combinations • Defenses • Egress filtering • More logging, etc
Questions…. • For followup: • Work • http://razor.bindview.com/ • thegnome@razor.bindview.com • Play • http://www.nmrc.org/ • thegnome@nmrc.org