Presentation is loading. Please wait.

Presentation is loading. Please wait.

Red Team Exercise Part 3 Week 4

Published byAndrea Lloyd Modified over 5 years ago

Similar presentations

Presentation on theme: "Red Team Exercise Part 3 Week 4"— Presentation transcript:

1 Red Team Exercise Part 3 Week 4
XX XX CMGT433 Professor XX XX

2 Table of Contents Introduction.
Review of Blue Team Defense Presentation. Defenses vs Attacks. Our New Attack Description. Justification of the Attack. References. Table of Contents Speaker Notes: This presentation will cover the following topics.

3 Defenses vs. Attacks Defense Attack Intrusion detection system
Denial of service Defenses vs. Attacks Denial of Service: An attack where a malicious user tries to keep legitimate users from getting to information or services. Denial of service attacks can impair single machines or entire networks and can cost an organization time and cash managing them. Intrusion detection system: Inspects all inbound and outbound system activity and distinguishes suspicious patterns that may demonstrate a system or system attack from somebody endeavoring to break into or compromise a system. When all is said in done, IDS recognizes attacks by: Coordinating watched arrange traffic with patterns of known attack Searching for deviation of traffic conduct from the built up protocol Once an attack is recognized, the suspicious traffic can be blocked or constrained.

4 Attack vs Defense Results
Denial of Service - An attacker attempts to prevent legitimate users from accessing information or services. Intrusion detection system Justification: Firewall and encryption are to prevent penetration and protect the infrastructure, but with this, the intruders manage to penetrate the company. That is why intrusion detection systems are becoming more of a requirement. Denial of Service - An attacker attempts to prevent legitimate users from accessing information or services. Intrusion detection system Justification: Firewall and encryption are to prevent penetration and protect the infrastructure, but with this, the intruders manage to penetrate the company. That is why intrusion detection systems are becoming more of a requirement.

5 Our New Attack Against Blue Team
DoS Attack Affect on Network Operations Flooding the server with multiple request Tying up available connections which will not allow new connection to be made therefore legitimate users will be denied use of services. Hide more nefarious attacks In the midst of all the traffic being sent to and being requested from the target servers it would be more difficult to notice another attack being masked by the DoS attack. The primary objective of the DoS attack is to utilize so many resources that we may affect the operation of the network and overwhelm security operators. If we tie up available connections we can stop users from accessing the company's website/network. We can overwhelm the IPS by sending vast amounts of information for it to process. If we can tie up resources utilizing our DOS we can bog down the IPS enough to also hide other attacks. We can use the DOS as a distraction to mask other attempts at accessing the network as the IDS will be sending out alerts to the security admins to report each time there it detects an intrusion. By overwhelming the IDS and the security administrators with multiple intrustion detection alerts we should be able to cause some disruption in the network infrastructure.

6 Our New Attack Description
Ping Flood DoS Attack Commonly known as the Ping of Death, this DoS Attack will send IP packets that are larger than the what is allowed by the IP protocol which is 65,535 bytes. The Ping Flood attack differs as it doesn’t wait for a reply it just keeps sending oversized ICMP packets until it overwhelms the system so it crashes or reboots. In addition to oversized packets, we will also be sending malformed packets in different fragments that are less than 65,535. When the target system tries to reassemble them, they will be left with an oversized packet that will effect memory overflow and could lead to a system crash. Commonly known as the Ping of Death, this DoS Attack will send IP packets that are larger than the what is allowed by the IP protocol which is 65,535 bytes. The Ping Flood attack differs as it doesn’t wait for a reply it just keeps sending oversized ICMP packets until it overwhelms the system so it crashes or reboots. In addition to oversized packets, we will also be sending malformed packets in different fragments that are less than 65,535. When the target system tries to reassemble them, they will be left with an oversized packet that will effect memory overflow and could lead to a system crash.

7 Attack Justification By blocking ping messages, they prevent legitimate ping use – and there are still utilities that rely on ping for checking that connections are live. Invalid packet attacks can be directed at any listening port—like FTP ports—and they may not want to block all of these, for operational reasons. Ping of death attacks can be easily spoofed so our identity can be hidden. We just need blue teams IP addresses and not intimate knowledge of the system to perform the attack. As the Red team campaign against the consumer based company continues, we have developed a response to the bolstered security protection implemented on the network by the Blue team. Our ping of death will put tremendous pressure on the network, the administrators, and the incident response teams. Due to the nature of the attack, any ports and services which accept an ICMP traffic will become overwhelmed and unable to receive legitimate network traffic thus resulting in a denial of service (DOS). Attribution for this type of attack will not be easy for the Blue team because of the plethora of open source tools designed to perform this type of DOS. The company more than likely has never tested there true capacity of their total network bandwidth and will be unable to recover gracefully from this type of DOS. Unfortunately, any information system the consumer based company has facing the internet accepting ICMP on any port or service will be affected. If the company has not tailored their baseline security controls for this type of DOS then the Red teams attack will likely succeed

8 Reference Rouse, M. ( ). Search Security. Retrieved from What Denial of Service (DoS) Attacks Symbolize!(2018). Retrieved from Intrusion Detection System (IDS)(2018). Retrieved from Ping of death (PoD) (2018). Retrieved from Reference Page

Download ppt "Red Team Exercise Part 3 Week 4"

Similar presentations

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.
NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *

WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Similar presentations

Ads by Google