1 / 10

Attack and Defense

Attack and Defense. Focus Question. Describe how Nmap, psad, and iptables work together for playing out attack and defend strategies. Transport Layer Attacks. Connection Resource Exhaustion packets designed to saturate all available resources for servicing new connections. e.g syn flooding

sagira
Download Presentation

Attack and Defense

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Attack and Defense

  2. Focus Question Describe how Nmap, psad, and iptables work together for playing out attack and defend strategies.

  3. Transport Layer Attacks • Connection Resource Exhaustion • packets designed to saturate all available resources for servicing new connections. e.g syn flooding • Header abuses • packets that contain maliciously constructed, broken or falsified headers. e.g. forged RST packets • Transport Stack Exploits • packets that attack kernel code vulnerabilities

  4. Port Scans with Nmap • TCP connect() Scans: Nmap –sT • typical handshake protocol. • TCP SYN Scan: Nmap -sS • raw socket used to generate syn packet • TCP FIN, XMAS, NULL scans • TCP ACK scan: Nmap –sA • TCP idle scan: Nmap –sI • UDP scan: Nmap -sU

  5. Sample TCP Scan

  6. Sample Fin Scan

  7. Sample ACK Scan

  8. Other Types of Scans • Port Sweeps • Checking a small set of ports on a number of computers:nmap –P0 –p 22 –sS 192.168.1.0/24 • TCP Sequence Prediction Attacks • inject data into a stream, hijack a session, or force a session to close. • SYN Floods • Denial of service attack from spoofed source addresses

  9. Review

  10. Focus Question Describe how Nmap, psad, and iptables work together for playing out attack and defend strategies. • Nmap acts as an attacking agent • iptables provides loggin rules for invalid packets or packets that are not part of an established connection.The packets are logged to the psad daemon • psad (Port Scan Attack Detector) analyzes and creates alerts for suspicious packets

More Related