Nslab

Bhilai Institute of Technology, Durg
D
Department
t t off C
Computer
t S Science
i &E
Engineering
i i
CryptographyandNetworkSecurity
yp g p y y
Laboratory
TheNeedforIT
TheNeedforITSecurity
IncreasedConnectivityhasledtoincreasein
FrequencyofCyberAttacks
fC b A k
TheVirulenceofthesecuritythreats
Themaliciousattacksdonotrequiresophisticatedskillsor
hardware
A13yearoldboyranaDDOSattackonwww.grc.com.
LackofexpertisetoaddressthischallengeiscitedasRootCause
by UK Information Security Breaches Survey 2004 PWC
byUKInformationSecurityBreachesSurvey,2004.PWC.
HaveYouSeen?
Emailswithunwantedattachments
PC/systemnotrespondingtoyou
PC/systemnotrespondingtoyou
butdoessomethingonitsown
PCbecomingveryslow
Mailsaskingyoutoverifyyourbankaccountdetails??
Mails
MailstalkingabouthiddenfortuneofadictatorinAfrica?
talking about hidden fortune of a dictator in Africa?
Someonecopyingtheimportantfile
Someonecopyingtheimportantfile design,quotation.
fromyourPCwithoutyourknowledge
y y g
AttacksonMalaysianCorporates
No of Attacks
NoofAttacks Growth
Jan2004 4.8 26.6%
June2004 7.3 52%
Dec2004 6.7
8.2%
8.2%
Jan2005
J 2005 25 5
25.5 278%
Feb2005 15.4
39.7%
39.7%
Source MalaysianComputerEmergencyResponse
Team,website www.mycert.org.my
CorporateInitiatives
Source ZDnetITPrioritySurvey
PriorityforITSecurity
SecurityProjectswerePriority
#3,in2004.
20%oftheTopProjects.
In 2005 security
In2005,security
implementationsareexpectedto
be15%offutureplans.
ZDnet
CryptographyandNetworkSecurity
yp g p y y
TrainingKit
iSecuriTMainMenu
Introduction to Network Security
Cryptography
Web Services Using

g Crypto
yp
Techniques
Network Identification
Network / System Threats
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Web Services Using

g Crypto
yp
Techniques
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Web Services Using

g Crypto
yp
Techniques
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Web Services Using

g Crypto
yp
Techniques
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Web Services Using

g Crypto
yp
Techniques
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Web Services Using

g Crypto
yp
Techniques
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Web Services Using

g Crypto
yp
Techniques
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Web Services Using

g Crypto
yp
Techniques
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Web Services Using

g Crypto
yp
Techniques
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
iSecuriTMainMenu
Cryptography
Web Services Using

g Crypto
yp
Techniques
Malware Tools
Web Vulnerabilities
Appendix A & B
Download
Benefits
UniqueOneStopSolutionComprehensiveTrainingKitforVariousIT
UniqueOneStopSolutionComprehensiveTrainingKitforVariousIT
SecurityTopics
Cryptography
NetworkandSystemSecurityThreats
Viruses&Trojans
Webvulnerabilities
ComprehensiveCourseware
Thetrainingdesignandthecoursewarewascreatedincollaborationwith
seniorprofessorsatAnnaUniversity
seniorprofessorsatAnnaUniversity KBC,Chennai
Benefits cont
Fifteennodescanconnecttothecentralcontrolunit
Eachnodecanactas
BlackPC
BlackPC Runcyberattacksorcripplenormalnetworkservices
oras
TrustedPC
TrustedPC Runcounter
Runcountermeasurestokeepnetworkservices
normal
Usersworkonmanagingnetworkservicesunderreallifecyberthreats
ConnectseveralPCsemulateanetwork(Internet)
ConnectseveralPCsemulateanetwork(Internet) tocreatenecessary
environment,relevanttothetopicforexperiments
IsolatedfromInternetorLAN
I l t df I t t LAN
Cryptography
CryptographicConcept
Cryptography
CryptographicTechniquesarecategorizedasshownbelow
Cryptography RC4(RivestCipher)
SymmetricEncryptionScheme,StreamCipher RC4
SymmetricEncryptionScheme,StreamCipher
Samekey(password)forencryptionanddecryption
Cryptography RC4
Communication
Cryptography RC4
Experiment Encryption
Experiment
Cryptography RC4
Experiment Decryption
Experiment
Cryptography RC4
Experiment Decryption
Experiment
Cryptography SDES(SimpleDataEncryptionStandard)
SymmetricEncryptionScheme,BlockCipher
DESuses64bitblockswith56bitkeys
y
SimpleDESuses10
SimpleDESuses10bitskeytogeneratetwo8
bitskeytogeneratetwo8bitkeys
Pl
Plaintextisbrokenintoblockof8
Plaintextisbrokenintoblockof8
i i b k i bl k f 8bits
bi
Cryptography SDES
SDESKeyGeneration
Cryptography SDES
ExperimentforS
ExperimentforSDES
DES KeyGeneration
Cryptography SDES
ExperimentforS
ExperimentforSDES
DES Encryption
Cryptography SDES
ExperimentforS
ExperimentforSDES
DES Decryption
Cryptography 3DES(TripleDES)
3DESevolvedtogivemorestrength
Encrypt decrypt encryptprocessforafulldataencryption
3keysgivenfor3timesofDESoperation
y g p
Cryptography 3DES
Cryptography 3DES
Experimentfor3
Experimentfor3DES
DES Encryption
Cryptography TripleDES
Experimentfor3
Experimentfor3DES
DES Decryption
Cryptography RSA(AsymmetricBlockCipher)
AsymmetricBlockCipher)
AsymmetricEncryptionScheme,BlockCipher
Separatekeysforencryption(publickey)anddecryption(privatekey)
Separatekeysforencryption(publickey)anddecryption(privatekey) no
needtodisclosetheprivatekeytoanyoneandsoconsideredmoresecure
Cryptography RSA
Communication
ExperimentforRSA
ExperimentforRSA KeyGeneration
Cryptography MD5(MessageDigest)
MessageDigestAlgorithm
Aonewayfunctiontousewithsignatures,certifications,downloadableapplications
Aone
Computes
Computes128bitvaluefromanylengthinputdata
Computes128bitvaluefromanylengthinputdata
128 bit value from any length input data abinaryoratext
a binary or a text
Evenabit/bytechangeintheinputcancauseconsiderablechangeinthe128bit
output
Makeslifedifficultwhenanyonealtersthecontentofthefile
Example:attachingaviruswithagamefileoranutility
changingthecontentsofadocument
Cryptography MD5
Operation:
Splitsmessage/datainto512bitblocks
S lit /d t i t 512 bit bl k
Appendbitsattheendtomakemessageasmultipleof512bitsblocks
Usea128bitinitialvectorwiththe1st512bitblockandcomputeMD5
UsepreviousblockMD5(128bitvalue)forsuccessiveblockcomputationandarriveatafinal
128bitmessagedigestvalue
Cryptography MD5
ExperimentforMD5
ExperimentforMD5 MessageInput
Cryptography MD5
ExperimentforMD5
ExperimentforMD5 OperationwithYBits
Cryptography MD5
ExperimentforMD5
ExperimentforMD5 OperationwithEachBlock
Cryptography BlockCipherModes(ECB)
ElectronicCodeBook(ECB)
Encrypt/decryptindividualblocks
Eachbyteisencryptedbythekey
y yp y y
E
Encryption
ti
Decryption
ExperimentforECB
ExperimentforECB EncryptionMode
ExperimentforECB
ExperimentforECB DecryptionMode
Cryptography BlockCiphermodes(CBC)
Encryption
CipherBlockChaining(CBC)
XORpreviousblockcipher
textwithcurrentplaintext
bl k d th
blockandthenencrypttoget
tt t
thecurrentcyphertext
Needsinitialchainingvector
Needs initial chaining vector
(ICV)forthefirstblockand Decryption
thisneedstobechangedto
avoidrevealinginitialpattern
Cryptography BlockCiphermodes(CFB)
CipherFeedBack(CFB)
Encryptpreviousblock
cypher text and then XOR
cyphertextandthenXOR
Encryption
withtheblockofplaintextto
getthecyphertext
ThisalsoneedsICVforthe
firstencryptedblock
Decryption
Cryptography BlockCiphermodes(CFB)
ExperimentforCFB
ExperimentforCFB EncryptionMode
Cryptography BlockCiphermodes(OFB)
OutputFeedBack(OFB)
SameasCFBexceptthattake
theciphertextoftheprevious
h h f h
blockbeforeitgetXORed
withitsplaintext Encryption
Decryption
Cryptography BlockCipherModes(OFB)
WebServicesUsingCryptoTechniques
PKI
ExtensionofRSA
Usesacertificationmechanismbywhichpublickeyandprivatekeysare
obtained:
bt i d
PublicandprivatekeypairsareobtainedthroughTrustedAuthority
PublicandprivatekeypairsareobtainedthroughTrustedAuthority
RootCertifyingAuthority(RootCA);SubCA.
R t CA
RootCA
SUBCA
EntityCertificate
AvoidsanyattackslikeMAN
A id
AvoidsanyattackslikeMAN
k lik MANin i theMiddlewhilepassingpublickey
in h Middl hil i bli k
Bothkeysareintheformofcertificatesthatcanbestoredinsystems
Noneedtorememberalengthynanddvaluestodecrypt
MD5 also used to digitally sign those certificates to avoid alteration
MD5alsousedtodigitallysignthosecertificatestoavoidalteration
PKI:Experiment
p
PKI:Experiment CertificationCreation
PKI:Application
pp
Authenticationschemes
PasswordorIP
PasswordorIP userlog
userlogin
UseridandpasswordmatchingorIPaddressmatchingtoallow
User id and password matching or IP address matching to allow
user.
Password & IP both userlog

Password&IPboth user log
login
UserId,password&IPaddressbothareusedtoallowuser.
Challenge Handshake Authentication Protocol based (CHAP) application

ChallengeHandshakeAuthenticationProtocolbased(CHAP) application
login
log
Serverchallengestheclientwithacodeandasksforaresponse.
Theclientshouldrespondwiththesecretvalueanditscorrectness
p
ischeckedattheserver.
MD5hashvalueofthesecretvalueisexchangedandonlywhenit
matchesapplicationisallowedtoproceed.
ExperimentforLogin&PasswordAuthentication
ExperimentforIPAuthentication
Authenticationschemes:Password&IP
ExperimentforPassword&IPAuthentication
ExperimentforCHAPAuthentication
ExperimentforConfigurationMenu
g g p y
Steganography
Art&scienceofhidingdatawithinanotherdatalikeimagefiles,audiofiles,
ht l fil
htmlfiles
Withoutrevealinganyclueofsuchhiddeninfoduringnormalusageof
suchfile.
ContrasttoCryptography
ContrasttoCryptography
yp g p y encrypteddatawillindicateinsomeform
yp
thatencryptiontookplace
Isinpracticeforaverylongtime
Isinpracticeforaverylongtime datesbacktoseveralcenturies
Writingmessagewithmaterialslikelimejuicewhichwillnotbeseen
h l lk l h h ll b
withnakedeye
Etchingmessagesinsmallpiecesofwoodandwaxingthemtolooklike
tablets
Hidinginnormaltextitself
Messagesshrunktothesizeofdotsandhiddenincharacterdotssuch
asi,jetc.,.
g g p y
Steganography
Twotypes:
Insertion:
I ti U
UsingLSBofimagefiles
i LSB f i fil
Transformation: Mathematicaltransformations
g g p y
Steganography
Experimentationallowsuserto:
Inputtextfiletheneedstobehiddenandthejpegimagefilethatcarriesthe
hiddentext
Selecttheorderofembedding
Selecttheorderofembedding linearorshuffled
SelectencryptoptiontouseF5algorithmtoembeddataintheimagefile
Select encrypt option to use F5 algorithm to embed data in the image file
Suggestions:
Embedatextfileusinglinearorshuffledoptionandcomparetheresultwiththe
originalimagefileforanyclaritydegradationwithnakedeye
Increasethetextfilesizeforagivenimagefileandcomparetheclarityassaid
above
Use
Useauniformcolouredimagefile
a uniform coloured image file sayasinglecoloured,darkorlightand
say a single coloured, dark or light and
checkforclarityoftheimage
g g p y
Steganography
Experimentfor
NetworkIdentification
NetworkEnumeration
Discoveryofremotehostsorsystemsinanetwork
Firststepnormallytakenbynetworkadministratorsandhackersfortheirown
Fi t t ll t k b t k d i i t t dh k f th i
purposes
Purpose:
Systemidentification
InternetControlMessagingProtocol(ICMP)packetsorTCP/IPinsome
casesusedforthis
PingSweep,ICMPping,TCPpingtechniquesareused
p p p q
Portscanningandservicesidentification
Portsarevirtualentryandexitwaysfordatatransferbetweenhostand
client
StandardserviceslikeHTTP,FTP,SSHetc.,usesstandardportslike80,21,
, , , p , ,
22whileotherapplications/servicescanuseanythingbetween1024~64K
TCPpacketsandsometimesUDPpacketsareusedtoscanports
OSdetection
NetworkEnumeration
Experimentationallowsuserto:
Identifythesystem/hoststhatareupandrunninginthei
Id tif th
Identifythesystem/hoststhatareupandrunninginthei
t /h t th t d i i th iSECURITnetwork
SECURIT t k
Identifyopenportsofahostinthei
IdentifyopenportsofahostintheiSECURITnetworkwithouttheknowledgeofanyone
usingit
GuesstheOSrunninginsuchhosts
Suggestions:
Usethesetechniquestoidentifyhosts,portsinDoSattackexperiment
NetworkEnumeration
NetworkEnumeration
NetworkEnumeration
NetworkEnumeration
NetworkEnumeration
NetworkEnumeration
NetworkEnumeration
NetworkEnumeration
NetworkEnumeration
NetworkEnumeration
Network/SystemThreats DoS
1)) OperatingSystemAttach
p g y
Attackbugsinspecific
operatingsystems
Andcanbefixedwithpatches
2)NetworkingAttack
2) N t ki Att k
Exploitinherentlimitations
of
networkingandmay
R
Requirefirewallprotection
i fi ll t ti
DenyusersaccessingservicessuchasFTP,HTTP
SendhugenumberofrequestsinseveralwaystoaparticularserviceoraOSand
makeitsloworcrashtherebydenyingservicetolegitimateusers
Types:
OSattack
OSattack exploitsbugsinOSandtryattackingit
UsuallysolvedbytheOSvendorsbymeansofpatches
UsuallysolvedbytheOSvendorsbymeansofpatches butnewbugs
cropsupandsoattackcontinues
Networkattack
Smurfattack
Smurfattack SpoofvictimsIPaddressandfloodwithICMPpingrequest
TCP
TCPSYNattack
SYNattack OnlyinitiateTCPhandshakeandcauseservertoqueue
acknowledgementsandtherebymakingitsloworcrash
Pingofdeathattack(oversizedpacketattack)
Ping of death attack (oversized packet attack) now
nowreduceddueto
reduced due to
softwareupdatesbyvendorswhichsafelydiscardsoversizedTCPpackets
inPingcommand
SendseveralTCPSYNpacketswithfalsesendersIPaddresstoserverand
make
makeittimeoutinsendingacknowledgements
makeittimeoutinsendingacknowledgements
it timeout in sending acknowledgements createsaackqueueandso
creates a ack queue and so
slowsdown
GETDoSattack
GETDoSattack attackport80(HTTPservice)byestablishingseveralGET
requestsusuallyfromseveralmachines(DistributedDOS)
Experimentationallowsuser:
ToattackaFTPservicethroughport21andmakeitdenytheserviceaftersome
time
UsercanalsohaveafeelofDoSattackbyseeingthenumberofconnections
establishedtothehostsunderattackbyusinganOSinternalcommandnetstat
y g
Suggestions:
AttackFTPportinWindowsandcomparetheresponsewiththatofLinux
system
t
TryattackingHTTPportatport80inWindowsandLinux
DoS is a Cracker tool and so should not be tried or implemented

in a real network
Network/SystemThreats DDoS
Attackaservicefromseveralmachineswhichmaybedistributedinanetwork/internet
Attackaservicefromseveralmachineswhichmaybedistributedinanetwork/internet all
attacking at the same time
attackingatthesametime
Crackerplantsattackingagents/softwarecodesinseveralmachines
withouttheuserknowledgebywayofTrojans/wormsand
maytriggerallofthemthroughabackdoortoattackaserviceatthesametime
i ll f h h h b kd k i h i
Network/SystemThreats DDoS
ExperimentsuggestsperformingaDDoSattackfromseveralmachinesconnectedtoi
ExperimentsuggestsperformingaDDoSattackfromseveralmachinesconnectedtoiSECURIT
on a FTP service
onaFTPservice
Suggestion:
ComparethetimetakenbetweenDosandDDoStobringdowntheFTPservice
ComparethetimetakenbetweenDosandDDoStobringdowntheFTPservice useatleast
3 agents to attack under DDoS
3agentstoattackunderDDoS
DDoS is a Cracker tool and so should not be tried or implemented

i a reall network
in t k
Network/SystemThreats Sniffing
CaptureTCP/IPpacketsthatpassesinanetwork
Foranalysisincaseofadministrator
F l i i f d i i t t
Forstealingdataincaseofhacker
Broadcastpacketscanbecapturedinaswitchedenvironment
SpecificIPpacketswhichdoesnotcomeinthevicinityofthesniffingsystem,inswitched
environment,cannotbecaptured
Switchmaybemadetobroadcastallpacketsandsnifferwillthencapturethem
Switchmaybemadetobroadcastallpacketsandsnifferwillthencapturethem MAC
fl di
flooding
Sniffersusuallyhaveanalyzersbuiltin
Varietyofpackets
Varietyofpackets TCP,ARP,UDP,ICMP
TCP,ARP,UDP,ICMP willbetravelinginanetworkand
socategorizingthemispartofanalyzingtool
Sniffingcanbepreventedby
Sniffing can be prevented by
usingSecureShell(SSH)connections
usingSecureShell(SSH)connections forFTP,TELNETaccess
PrettyGoodPrivacy(PGP)orPKIorSecureMultipurposeInternetMail
Extension(S/MIME)
Extension(S/MIME) fore
foremail
Securesocketlayer(SSL)
Securesocketlayer(SSL) forbrowsers
Experimentationallowsusertocaptureseveralpacketspassingacross2different
networkini
networkini
t k i iSECURITandgiveasimplefeedbackaboutthepackettype.
SECURIT d i i l f db k b t th k tt
Completepacketdumpisalsoavailablefortheusertotryanalysingitontheirown
Suggestion:
SendPingcommandacross2networkandcapturepacketswithpacketsniffer
toolandanalyseitcontents
Usemailsnifferapplicationtocapturepacketssentbymailclient
Usemailsnifferapplicationtocapturepacketssentbymailclient sendtext
mailandencryptedmail
Network/SystemThreats Spoofing
Methodtogainaccesstoanothercomputerpretendingtobeatrusteduser
Types:
IPspoofing
IPspoofing ChangethesenderIPaddresstoatrustedIPaddressandsend
packets
MACspoofing
MACspoofing ChangetheMACaddresstoanotherNICsMACaddressand
sendpacketstofoolthereceiver
IfitisanunknownMACaddr,switchwillsendARPpacketsandthe
spoofingmachinecansendafalseIPaddressandthenstartaIPspoofing
Webspoofing
Webspoofing
actoftrickingwebbrowsertotalktoahackerservertocollectdata
Usingwebscriptsinwebpagescanbethestartingpointforwebspoofing
U i b i t i b b th t ti i tf b fi
Emailspoofing
mailspoofing
Changeasendersnametoaknownnametotherecipientandthentryto
sendunwanteddata,maliciouscodes
TTodoIPspoofandMACspoof
d IP f d MAC f
CaptureIPpacketsusingEtherealapplicationatthedestinationmachineandobservethe
packetssendersaddress
S
Suggestion:
i
WhiledoingtheIPspoofing,trywithanexistingIPinthenetworkandanunknownIPand
observetheconditioninnetworkusingEthreal
Spoofing is used in DoS

DoS, DDoS attacks to hide the real identity
identity. Do
not try or implement spoofing in a real network
MalwareTools
j pp
Trojans,Dropper&Backdoors
Maliciouscodesarrivingintoasystem/PClikeTrojanhorsestory
Maliciouscodescomesalongwithanormalapplication(gameorautility)and
getsdroppedwhentheappisexecuted
Thedroppedcodeswillbecomeactiveandopensupadoor(backdoor)tosetup
The dropped codes will become active and opens up a door (backdoor) to setup
aconnectiontothehackersystem
Candootherfunctions,passontoothersystemsinthenetdependingonhackers
i t ti
intention
Backdooraccessisalsousedbyremotecontrolapplicationsforadministration
purposesorforlicensemanagementofanapplication
p p g pp
MalwareTools
j pp
User PC
Download an
application (for
example a game)
Remote download
(Dropper pretends to Game Trojan
server or a hacker
be a game) (Intended (Hooked up with
server hosting free
application)
pp ) the g
game
applications for
application)
download
Connect to
Remote PC
(backdoor)
Remote PC
listening to Activate Listen for packets &
the trojan reconstruct
(Eavesdropping)
MalwareTools
j pp
Experimentationinvolves
downloadingasamplegamethatalsohasamaliciouscode
downloadingasamplegamethatalsohasamaliciouscode Trojan
Trojangetsdroppedintheclientsystemwhenthesamplegameis
executed
MaliciouscodethenconnectstotheHackersystemthroughaport
(calledbackdoorasitisopenedbyamaliciouscode)togiveaccessto
h k
hacker
Aconfigurationfileisalsoavailablewiththedownloadedgamein
which
whichuser(asahacker)canchangetheIPaddressofasystemthrough
user (as a hacker) can change the IP address of a system through
whichtheaffectedsystemcanbecontrolled
thehackersystemcanthencontrolthisgamesystem
MalwareTools
j pp
Suggestions:
Trysendingsensitivefiletohackersystemthroughthebackdoorbyspecifying
thefilenameintheconfigurationfile
Seeifananti
See if an anti
antivirustooldetectsthesemaliciouscodeactivity
virus tool detects these malicious code activity
ObservethismaliciouscoderunningmomentarilyintheWindowsTask
ManagersProcessestab
These malicious codes gives connectivity to another system

within the network. Do not try or implement this experiment
setup in a real network
MalwareTools Virus&AVMethods
VIRUS VitalInformationResourcesUnderSiege
VIRUS
Maliciouscodesdoingunwantedactionswithfilesorsystemsandalso
passingontoinfectothersystemsthroughe
passingontoinfectothersystemsthroughemails,filesormedia
Classification
Bootsector,filetype,macro,script,parasitic,stealth,polymorphic
viruses
AVmethods
Scanningforknownsignaturepatterns
Checksumscanningforfileintegrity
Ch k i f fil i i
Heuristicscantodifferentiatebetweennormalandmaliciousactivity
Behaviourblockers
Behaviourblockers residesinmemorytodetectunusualmemory
pattern
patterninallocationorusage
in allocation or usage
MalwareTools Virus&AVMethods
Toselectafileandgetaknownharmlesssignatureattachedtoit
T l t fil d t k h l i t tt h d t it
Detectthepresenceofsignaturebyscanningand
Checkthefileintegrity(usingMD5)beforeandafterattachingthevirus
WebVulnerabilities
p g
WebBasedPasswordCapturing
WebVulnerabilities SQLInjection
WebVulnerabilities BufferOverflow
WebVulnerabilities Honeypots
Adecoysystemthataredesignedtolureanattackerawayfromacriticalsystem
Att
Attackerthinksthatitmaybearealsystemandtriesallmischievoustechniques
k thi k th t it b l t dt i ll i hi t h i
Thesestepsarecapturedforanlaysistounderstandtheattackersmotive,
activity
Types:
Lowinteraction
emulatesonlylimitedservicesandOS;attackersactivityislimitedtothe
levelofemulation
Ex:anemulatedFTPservicelisteninginport21andallinteractionslimited
onlytoFTP
g
HighInteraction
Emulatesarealsetupincludingallapplicationsandservicesandgivesareal
environmentforattackers
Helpstolearnfullbehaviourofanattacker
Usage:
Production
P d ti
Toprotectthesystemsthatareinrealuseinnetworksbydivertingthe
attacker/automatedattacktoahoneypotandslowingdowntheattackprocess
UsuallymonitorsunusedIPs,looksforunwantedscanningtothoseIPsbyattackers
andslowsdownthespreadofattacktoothersystems
and slows down the spread of attack to other systems
Research
Tocollectorlogalltheactivitiesanattackertriesoutinthosesystemsforfurther
researchpurpose
research purpose
Experimentationallows:
Settingupasinglehoneypotsystemandtryvariouscommandsthatonecan
thinkofasahacker
sayvariouspasswordanduserIdcombinationstogainaccesstoasystem
listingdownthefilesinafolder,deletingsomeofthemetc.,.
listing down the files in a folder, deleting some of them etc.,.
EntrytothesystemafterfewtriesofdifferentpasswordsforFTPorTelnetaccess
tothatsystem
Viewingthelogfilesitcreatesandobservethelistofallthetriedcommands
Viewingthelogfilesitcreatesandobservethelistofallthetriedcommands
rightfromgainingentrytothesystem
i ht f i i t t th t
Note:
Thisexperimentassumesthatthehackerisroutedtothehoneypotsystem
bythefirewall
y

Nslab

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Nslab

Uploaded by

Copyright:

Available Formats

Bhilai Institute of Technology, Durg

Jan2004 4.8 26.6%

June2004 7.3 52%

Introduction to Network Security

Web Services Using

Network / System Threats

Introduction to Network Security

Web Services Using

Network / System Threats

Introduction to Network Security

Web Services Using

Network / System Threats

Introduction to Network Security

Web Services Using

Network / System Threats

Introduction to Network Security

Web Services Using

Network / System Threats

Introduction to Network Security

Web Services Using

Network / System Threats

Introduction to Network Security

Web Services Using

Network / System Threats

Introduction to Network Security

Web Services Using

Network / System Threats

Introduction to Network Security

Web Services Using

Network / System Threats

Introduction to Network Security

Web Services Using

Network / System Threats

Password & IP both userlog

Challenge Handshake Authentication Protocol based (CHAP) application

DoS is a Cracker tool and so should not be tried or implemented

DDoS is a Cracker tool and so should not be tried or implemented

Spoofing is used in DoS

These malicious codes gives connectivity to another system

You might also like