1 / 20

Packets and Protocols

Packets and Protocols. Recognizing Attacks with the protocol analyzer. Packets and Protocols Recognizing attacks. Hacker tools Many tools exist Most are freeware Many are simply adaptations of existing features/tools in the operating system Ping Trace route Nbtstat nslookup.

keagan
Download Presentation

Packets and Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Packets and Protocols Recognizing Attacks with the protocol analyzer

  2. Packets and ProtocolsRecognizing attacks • Hacker tools • Many tools exist • Most are freeware • Many are simply adaptations of existing features/tools in the operating system • Ping • Trace route • Nbtstat • nslookup

  3. Packets and ProtocolsRecognizing attacks • Ping • Uses ICMP • Many options exist for the ping command

  4. Packets and ProtocolsRecognizing attacks C:\WINDOWS>ping Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] target_name Options: -t Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -l size Send buffer size. -f Set Don't Fragment flag in packet. -i TTL Time To Live. -v TOS Type Of Service. -r count Record route for count hops. -s count Timestamp for count hops. -j host-list Loose source route along host-list. -k host-list Strict source route along host-list. -w timeout Timeout in milliseconds to wait for each reply.

  5. Packets and ProtocolsRecognizing attacks • Trace route • Uses ICMP Type 8, type 0 and TTL • Sends type 8 w/TTL=1 • Receives TTL expired • Sends type 8 w/TTL=2 • Received TTL expired

  6. Packets and ProtocolsRecognizing attacks • NBTStat • Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP). • Yet another way a hacker can gather data to be used against you

  7. Packets and ProtocolsRecognizing attacks • Nslookup • DNS tool used to look resolve IP addresses to names and to give the DNS server servicing the request. • Similar to ping -a

  8. Packets and ProtocolsRecognizing attacks • There are many tools already written that bring together these common utilities • Common hacker tools can be found at • Sourceforge

  9. Packets and ProtocolsRecognizing attacks • Sam Spade • GUI tool used for gathering information from Websites

  10. Packets and ProtocolsRecognizing attacks • Ping sweep tools • Used to discover IP addresses on networks by using ICMP and ARP

  11. Packets and ProtocolsRecognizing attacks • Port scan tools • Used to find what ports are open on what devices • Can scan sequentially or random

  12. Packets and ProtocolsRecognizing attacks • Cain and Able • Good multipurpose tool for cross platform vulnerability checks

  13. Packets and ProtocolsRecognizing attacks • ZenMap • Another multipurpose tool to gather information against network nodes

  14. Packets and ProtocolsRecognizing attacks • SNMP Sweeps • Two types • Brute force • Simple guessing program • Starts with the password of a then b -> z then aa, ab, ac ->zz then aaa, aab etc • Dictionary • Uses a pre-made list of common words or phrases

  15. Packets and ProtocolsRecognizing attacks • Brute Force

  16. Packets and ProtocolsRecognizing attacks • Dictionary Attack

  17. Packets and ProtocolsRecognizing attacks • What to look for: • Ping sweep • Look for an inordinate amount of ICMP traffic • Port Scan • Look for incrementing destination ports • SNMP Attack • Look for a sudden bust of SNMP traffic and monitor the community field in the capture

  18. Packets and ProtocolsRecognizing attacks • How to defend: • Ping • Filter out unwanted ICMP types • Port Scan • Lock down devices and turn off unneeded applications and ports • SNMP attacks • Use strong passwords

  19. Packets and ProtocolsRecognizing attacks

  20. Packets and ProtocolsRecognizing attacks • The best solution? • Get an IDS/IPS • Intrusion detection system – passive • Intrusion prevention system - active

More Related