TAILIEUCHUNG - Training Security EMEA - II

Basic Identification Port Scanning OS fingerprinting & Application scanning Advanced Identification Stealth operations Inline systems detection Security policy bypassing Fragmentation tricks ISN prediction & Spoofing Evading detection Bouncing | Security Training II – Network Hacking Renaud BIDOU Security Consultant EMEA Basic Identification Port Scanning OS fingerprinting & Application scanning Advanced Identification Stealth operations Inline systems detection Agenda – Part I : Identification Security policy bypassing Fragmentation tricks ISN prediction & Spoofing Evading detection Bouncing Agenda – Part II : Bypassing Denial of Service Floods Protocol anomalies Leveraging the DoS Reflection DDoS & Worms Agenda – Part III : DoS Redirection Playing with ARP Routing table scrambling DHCP slavery Wireless access SSID and beacon frames WEP weaknesses Agenda – Part IV : Interception Basic Identification Port Scanning About port scanning What scan sports for ? Identify running applications HTTP : 80, SMTP : 25 etc. Identify OS TCP 135+139+445 = Windows 2k/XP/2003 Identify Applications TCP 264+18264 = CHKP VPN Quick and dirty scan 100s of ports in a short time Easily detected Targeted PORTS 3-Way handshake based (SYN / SYN-ACK / ACK) Connect method Full TCP connection : established ok open received RST closed no answer to first SYN filtered Half-scan Send SYN only : received SYN-ACK open received RST closed no answer to first SYN filtered Scanning TCP Ports PORTS Anomaly based FIN Scan : FIN out of established session RFC : RST on open AND closed ports BSD based stacks : RST only on closed ports 90% of actual IP stacks FIN Scan variants X-mas tree : all TCP flags set Rely on TCP window size (0 closed, !0 open) Drawbacks Not very reliable : packet may be lost, filtered port as open Takes a lot of time as based on attacker stack timeout Scanning TCP Ports PORTS Only one method Packet sent on UDP ports ICMP Port unreachable closed no response open Drawbacks Same as FIN scan Not very reliable packet may be lost filtered port as open Takes a lot of time as based on attacker stack timeout Scanning UDP Ports PORTS Tools Unix / windows : nmap # nmap -sS .

• An ninh - Bảo mật
• network security
• programming languages​​
• computer networks
• information security
• ID systems
• lectures
• network security
• network security documents
• Web security
• security rules
• encryption techniques
• security techniques
• Security chat rooms
• especially
• Network Security Tools
• CCNA Security
• Lecture CCNA Security
• Modern Network Security Threats
• Evolution of Network Security
• Drivers for Network Security
• Network Perimeter
• Network Perimeter Security
• Network Security Principles
• Cryptography
• IDS Tools
• CGI attacks
• network intruders
• Managing Security
• Wireless
• Wireless Network Security
• attack techniques
• defensive techniques
• operating system security
• application security
• security policy
• Network Security Fundamentals
• Guide to Network Security Fundamentals
• Define information security
• Information security careers
• Operational security
• Harden physical security
• Secure the physical environment
• Mobile device security
• Lecture Network security
• Computer network
• Computer hacking
• Internet security
• Network security model
• Securing the Network Infrastructure
• Network cable plant
• Secure removable media
• Network security hacks
• Ebook Network security hacks
• Network security technologies
• Unix host security
• Windows host security
• Wireless Security
• Advanced security
• Computer forensics
• Harden security
• Network Management Security
• Management Security
• security mechanisms
• security services
• security architecture
• encryption system
• Security principles
• Effective authentication methods
• Control access to computer systems
• Security Baselines
• Disable nonessential systems
• Harden operating systems
• Protect e mail systems
• World Wide Web vulnerabilities
• Security policy cycle
• Risk identification
• Security management
• Identity management
• Plan for change management
• CompTIA® Security+
• CompTIA Security+ certification
• Linux file manipulation tools
• Internal physical security controls
• Network hardware security modules