Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.

Published byDerick Guyse Modified over 9 years ago

Similar presentations

Presentation on theme: "CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack."— Presentation transcript:

1 CIS 193A – Lesson13 Attack and Defense

2 CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack and defend strategies.

3 CIS 193A – Lesson13 Transport Layer Attacks Connection Resource Exhaustion –packets designed to saturate all available resources for servicing new connections. e.g syn flooding Header abuses –packets that contain maliciously constructed, broken or falsified headers. e.g. forged RST packets Transport Stack Exploits –packets that attack kernel code vulnerabilities

4 CIS 193A – Lesson13 Port Scans with Nmap TCP connect() Scans: Nmap –sT –typical handshake protocol. TCP SYN Scan: Nmap -sS –raw socket used to generate syn packet TCP FIN, XMAS, NULL scans TCP ACK scan: Nmap –sA TCP idle scan: Nmap –sI UDP scan: Nmap -sU

5 CIS 193A – Lesson13 Sample TCP Scan

6 CIS 193A – Lesson13 Sample Fin Scan

7 CIS 193A – Lesson13 Sample ACK Scan

8 CIS 193A – Lesson13 Other Types of Scans Port Sweeps –Checking a small set of ports on a number of computers: nmap –P0 –p 22 –sS 192.168.1.0/24 TCP Sequence Prediction Attacks –inject data into a stream, hijack a session, or force a session to close. SYN Floods –Denial of service attack from spoofed source addresses

9 CIS 193A – Lesson13 Review

10 CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack and defend strategies. Nmap acts as an attacking agent iptables provides loggin rules for invalid packets or packets that are not part of an established connection. The packets are logged to the psad daemon psad (Port Scan Attack Detector) analyzes and creates alerts for suspicious packets

Download ppt "CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack."

Similar presentations

TRUE Blind ip spoofed portscanning Thomas Olofsson C.T.O Defcom.

TRUE Blind ip spoofed portscanning Thomas Olofsson C.T.O Defcom.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
Computer Security and Penetration Testing

Computer Security and Penetration Testing
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar (http://www.insecure.org), it.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.

Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Transport Layer 3-1.  What is the Transport layer for?  Where does the code for the transport layer live?  What are the two protocols at this layer?

Transport Layer 3-1.  What is the Transport layer for?  Where does the code for the transport layer live?  What are the two protocols at this layer?
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.

Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.

Similar presentations

Ads by Google