Dick Loveless 20 January 20101 Status of UXC Dick Loveless 20 January 2010.
Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView...
-
Upload
darlene-cummings -
Category
Documents
-
view
222 -
download
2
Transcript of Stealth Network Strategies: Offensive and Defensive Mark Loveless RAZOR Security BindView...
Stealth Network Strategies: Offensive and Defensive
Mark Loveless
RAZOR Security
BindView Corporation
About Me
AKA Simple Nomad http://www.nmrc.org/ Currently Sr. Security Analyst for
BindView’s RAZOR Team http://razor.bindview.com/
About This Presentation
Assume basics– Understand IP addressing– Understand basic system administration
Tools– Where to find them– Basic usage
A “Network” point of view
Active Mapping
Techniques– ICMP Sweeps– Firewalk– Nmap
Defenses– Tight firewall rules– Block most ICMP– Block packets with TTL of 0 or 1
Passive Mapping
Techniques– Manual via Public sources– Automated via Siphon
Defenses– Strong policy regarding publishing/posting– Egress filtering and decent ISP
Basic Distributed Attack Models
Attacks that do not require direct observation of the results
Attacks that require the attacker to directly observe the results
More Advanced Model
TargetAttacker
Forged ICMPTimestamp Requests
ICMP TimestampReplies
SniffedReplies
Even More Advanced Model
Target
Attack Node
Attack Node
Attack Node
Firewall
UpstreamHost
Master Node
Even More Advanced Model
Target
Attack Node
Attack Node
Attack Node
Firewall
UpstreamHost
Attacksor
Probes
Master Node
Even More Advanced Model
Target
Attack Node
Attack Node
Attack Node
Firewall
UpstreamHost
Attacksor
Probes
Replies
Master Node
Even More Advanced Model
Target
Attack Node
SniffedReplies
Attack Node
Attack Node
Firewall
UpstreamHost
Attacksor
Probes
Replies
Master Node
Even More Advanced Model
Target
Attack Node
SniffedReplies
Attack Node
Attack Node
Firewall
UpstreamHost
Attacksor
Probes
Replies
Master Node
Defenses Against Distributed Attacks Ingress and Egress filtering Usage of IDS inside and out Analysis of network traffic and logs
Traffic Pattern Masking
Techniques– SMTP patterns– DNS patterns– Web traffic
Defenses– Egress filtering– Logging– Study of logs and network dumps
Network Stegnography
Techniques– HTTP– SMTP– Packet combinations
Defenses– Egress filtering– More logging, etc
Questions….
For followup:– Work
• http://razor.bindview.com/
– Play• http://www.nmrc.org/