Red Team Exercise Part 3 Week 4

Slides:



Advertisements
Similar presentations
Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.
Advertisements

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Computer Security and Penetration Testing
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
COEN 252: Computer Forensics Router Investigation.
Lecture 15 Denial of Service Attacks
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
Chapter 6: Packet Filtering
Agenda Review route summarization Cisco acquire Sourcefire Review Final Exam.
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
--Harish Reddy Vemula Distributed Denial of Service.
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.
DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.
Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.
Denial of Service Attacks
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.
McLean HIGHER COMPUTER NETWORKING Lesson 13 Denial of Service Attacks Description of the denial of service attack: effect: disruption or denial of.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
DoS/DDoS attack and defense
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Role Of Network IDS in Network Perimeter Defense.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. SANS ‘98 Conference -
Denial of Service Attacks Simulating Strategic Firewall Placement By James Box, J.A. Hamilton Jr., Adam Hathcock, Alan Hunt.
By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
Denial-of-Service Attacks
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Some Great Open Source Intrusion Detection Systems (IDSs)
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Defining Network Infrastructure and Network Security Lesson 8.
An Introduction To ARP Spoofing & Other Attacks
DDoS Attacks on Financial Institutions Presentation
Footprinting (definition 1)
Domain 4 – Communication and Network Security
Outline Basics of network security Definitions Sample attacks
Error and Control Messages in the Internet Protocol
Introduction to Networking
6.6 Firewalls Packet Filter (=filtering router)
Network Security: DoS Attacks, Smurf Attack, & Worms
Network Security: IP Spoofing and Firewall
CS4622 Team 4 Worms, DoS, and Smurf Attacks
Intro to Denial of Serice Attacks
Outline Basics of network security Definitions Sample attacks
Intrusion Detection system
Session 20 INST 346 Technologies, Infrastructure and Architecture
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

Red Team Exercise Part 3 Week 4 XX XX CMGT433 Professor XX XX

Table of Contents Introduction. Review of Blue Team Defense Presentation. Defenses vs Attacks. Our New Attack Description. Justification of the Attack. References. Table of Contents Speaker Notes: This presentation will cover the following topics.

Defenses vs. Attacks Defense Attack Intrusion detection system Denial of service Defenses vs. Attacks Denial of Service: An attack where a malicious user tries to keep legitimate users from getting to information or services. Denial of service attacks can impair single machines or entire networks and can cost an organization time and cash managing them. Intrusion detection system: Inspects all inbound and outbound system activity and distinguishes suspicious patterns that may demonstrate a system or system attack from somebody endeavoring to break into or compromise a system. When all is said in done, IDS recognizes attacks by: Coordinating watched arrange traffic with patterns of known attack Searching for deviation of traffic conduct from the built up protocol Once an attack is recognized, the suspicious traffic can be blocked or constrained.

Attack vs Defense Results Denial of Service - An attacker attempts to prevent legitimate users from accessing information or services. Intrusion detection system Justification: Firewall and encryption are to prevent penetration and protect the infrastructure, but with this, the intruders manage to penetrate the company. That is why intrusion detection systems are becoming more of a requirement. Denial of Service - An attacker attempts to prevent legitimate users from accessing information or services. Intrusion detection system Justification: Firewall and encryption are to prevent penetration and protect the infrastructure, but with this, the intruders manage to penetrate the company. That is why intrusion detection systems are becoming more of a requirement.

Our New Attack Against Blue Team DoS Attack Affect on Network Operations Flooding the server with multiple request Tying up available connections which will not allow new connection to be made therefore legitimate users will be denied use of services. Hide more nefarious attacks In the midst of all the traffic being sent to and being requested from the target servers it would be more difficult to notice another attack being masked by the DoS attack. The primary objective of the DoS attack is to utilize so many resources that we may affect the operation of the network and overwhelm security operators. If we tie up available connections we can stop users from accessing the company's website/network. We can overwhelm the IPS by sending vast amounts of information for it to process. If we can tie up resources utilizing our DOS we can bog down the IPS enough to also hide other attacks. We can use the DOS as a distraction to mask other attempts at accessing the network as the IDS will be sending out alerts to the security admins to report each time there it detects an intrusion. By overwhelming the IDS and the security administrators with multiple intrustion detection alerts we should be able to cause some disruption in the network infrastructure.

Our New Attack Description Ping Flood DoS Attack Commonly known as the Ping of Death, this DoS Attack will send IP packets that are larger than the what is allowed by the IP protocol which is 65,535 bytes. The Ping Flood attack differs as it doesn’t wait for a reply it just keeps sending oversized ICMP packets until it overwhelms the system so it crashes or reboots. In addition to oversized packets, we will also be sending malformed packets in different fragments that are less than 65,535. When the target system tries to reassemble them, they will be left with an oversized packet that will effect memory overflow and could lead to a system crash. Commonly known as the Ping of Death, this DoS Attack will send IP packets that are larger than the what is allowed by the IP protocol which is 65,535 bytes. The Ping Flood attack differs as it doesn’t wait for a reply it just keeps sending oversized ICMP packets until it overwhelms the system so it crashes or reboots. In addition to oversized packets, we will also be sending malformed packets in different fragments that are less than 65,535. When the target system tries to reassemble them, they will be left with an oversized packet that will effect memory overflow and could lead to a system crash.

Attack Justification By blocking ping messages, they prevent legitimate ping use – and there are still utilities that rely on ping for checking that connections are live. Invalid packet attacks can be directed at any listening port—like FTP ports—and they may not want to block all of these, for operational reasons. Ping of death attacks can be easily spoofed so our identity can be hidden. We just need blue teams IP addresses and not intimate knowledge of the system to perform the attack. As the Red team campaign against the consumer based company continues, we have developed a response to the bolstered security protection implemented on the network by the Blue team. Our ping of death will put tremendous pressure on the network, the administrators, and the incident response teams. Due to the nature of the attack, any ports and services which accept an ICMP traffic will become overwhelmed and unable to receive legitimate network traffic thus resulting in a denial of service (DOS). Attribution for this type of attack will not be easy for the Blue team because of the plethora of open source tools designed to perform this type of DOS. The company more than likely has never tested there true capacity of their total network bandwidth and will be unable to recover gracefully from this type of DOS. Unfortunately, any information system the consumer based company has facing the internet accepting ICMP on any port or service will be affected. If the company has not tailored their baseline security controls for this type of DOS then the Red teams attack will likely succeed

Reference Rouse, M. (2000-2018). Search Security. Retrieved from https://searchsecurity.techtarget.com/definition/denial-of-service What Denial of Service (DoS) Attacks Symbolize!(2018). Retrieved from http://www.forensicsware.com/blog/dos-attack.html Intrusion Detection System (IDS)(2018). Retrieved from https://www.techopedia.com/definition/3988/intrusion-detection-system-ids Ping of death (PoD) (2018). Retrieved from https://www.incapsula.com/ddos/attack-glossary/ping-of-death.html Reference Page

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.