Traffic Analysis and Risk Assessment of a Medium-Sized ISP Alan W. Rateliff, II Florida Internet Service Provider Approximately 2000 ADSL users Connections.

Slides:

Advertisements

Similar presentations

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

Advertisements

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

System Security Scanning and Discovery Chapter 14.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

Common IS Threat Mitigation Strategies An overview of common detection and protection technologies Max Caceres CORE Security Technologies

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

Detecting Botnets Using Hidden Markov Models on Network Traces Wade Gobel Bio-Grid, Summer 2008.

Circuit & Application Level Gateways CS-431 Dick Steflik.

Web server security Dr Jim Briggs WEBP security1.

Host Intrusion Prevention Systems & Beyond

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Introduction to Honeypot, Botnet, and Security Measurement

? INTERNET WHAT, WHY, HOW. DEFINITION The Internet is a massive public spiderweb of computer connections. It connects personal computers, laptops, tablets,

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

 Collection of connected programs communicating with similar programs to perform tasks  Legal  IRC bots to moderate/administer channels  Origin of.

Current Network Schema Router Internet Switch PC.

Trend Micro Confidential 9/23/2015 Threat Rules Sharing Advanced Threats Research.

Honeypot and Intrusion Detection System

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.

--Harish Reddy Vemula Distributed Denial of Service.

DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.

Johannes Hassmund (2009), Project Report for Information Security Course, Linkoping University, Sweden. Speaker : Hung-Jen Chiang Studying IDS signatures.

Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

What is Network and Security Research? Network and Security Research, or Information Communication Technology (ICT) Research involves: the collection,

Host and Application Security Lesson 17: Botnets.

Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.

NETWORKING COMPONENTS Buddy Steele Assignment 3, Part 1 CECS-5460: Summer 2014.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

Chien-Chung Shen Bot and Botnet Chien-Chung Shen

A Multifaceted Approach to Understanding the Botnet Phenomenon Aurthors: Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Publication: Internet.

Firewalls Fighting Spyware, Viruses, and Malware Ch 5.

Role Of Network IDS in Network Perimeter Defense.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 4 Network Security Tools and Techniques.

By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)

© ETH Zürich | ID-KOM/NSG Simple Anomaly Detection via Netflows.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Network security Vlasov Illia

CompTIA Security+ Study Guide (SY0-401)

Port Scanning James Tate II

Backdoor Attacks.

Speaker : YUN–KUAN,CHANG Date : 2009/11/17

Future Internet Presenter : Eung Jun Cho

Chapter 2: Basic Switching Concepts and Configuration

CompTIA Security+ Study Guide (SY0-401)

ISMS Information Security Management System

IS4680 Security Auditing for Compliance

CORE Security Technologies

Chapter 4: Protecting the Organization

Using Software Restriction Policies

Presentation transcript:

Traffic Analysis and Risk Assessment of a Medium-Sized ISP Alan W. Rateliff, II Florida Internet Service Provider Approximately 2000 ADSL users Connections between 256kb/s and 5Mb/s Traffic monitoring between ADSL aggregation device and Internet

The Tool Selected ISP customer DSL traffic is sent to Q- Radar using a network switch “monitor” port Analyzes captures to identify potentially malicious traffic Three primary activities used as presentation basis

Traffic Anomolies Protocol and port mismatch 500kb/s bursts Remote system port scanning 1.2Mb/s bursts Internet Relay Chat bot-net controls > 59,000 events over 12-day period Honorable Mentions  “Direct-to-MX” SMTP transactions (spam, etc.)‏  P2P Networking (BitTorrent, eDonkey, etc.)‏

Protocol/Port Mismatches Protocol communication on a non-common port Evades port-blocking and monitoring  Firewalls and ACLs  Simple IDS IANA maintains official list of commonly used or well-known ports Examples of legitimate port mismatches:  SMTP (port 25) on port 587  HTTP (port 80) on port 8080

Remote System Port Scans First stages of attack on a remote system Probes for services actively accepting connections Services are probed for known vulnerabilities Can detect services on non-standard ports Can identify operating systems F/OSS Scanner: nmap (insecure.org)‏

Internet Relay Chat (IRC) Connections Internet-based “chat rooms” called “channels” Bot-net clients connect and idle in protected channels Bot Master issues commands to clients via protected channel Standard IRC port is 6667 (Defined by RFC 1459 and 2812)‏ Can make use of port mismatching

Mitigating Violations Pro Increases end-user security and satisfaction Decreases network loads Increases network usability Con Potential information leaks Potentially subject to disclosure Information could be abused Other privacy concerns

Discussion Strict policy and legal controls and enforcement can mitigate privacy concerns Other pros and cons Questions and comments