Hacker Highschool_ Lesson 7 Attack Analysis.pdf
(
322 KB
)
Pobierz
LESSON 7
ATTACK ANALYSIS
LESSON 7 – ATTACK ANALYSIS
“License for Use” Information
The following lessons and workbooks are open and publicly available under the following
terms and conditions of ISECOM:
All works in the Hacker Highschool project are provided for non-commercial use with
elementary school students, junior high school students, and high school students whether in a
public institution, private institution, or a part of home-schooling. These materials may not be
reproduced for sale in any form. The provision of any class, course, training, or camp with
these materials for which a fee is charged is expressly forbidden without a license including
college classes, university classes, trade-school classes, summer or computer camps, and
similar. To purchase a license, visit the LICENSE section of the Hacker Highschool web page at
www.hackerhighschool.org/license.
The HHS Project is a learning tool and as with any learning tool, the instruction is the influence
of the instructor and not the tool. ISECOM cannot accept responsibility for how any
information herein is applied or abused.
The HHS Project is an open community effort and if you find value in this project, we do ask
you support us through the purchase of a license, a donation, or sponsorship.
All works copyright ISECOM, 2004.
2
LESSON 7 – ATTACK ANALYSIS
Table of Contents
“License for Use” Information..................................................................................................................
2
Contributors................................................................................................................................................
4
7.0 Introduction..........................................................................................................................................
5
7.1 Netstat and Host Application Firewalls............................................................................................
6
7.1.1 Netstat............................................................................................................................................
6
7.1.2 Firewalls..........................................................................................................................................
7
7.1.3 Exercises.........................................................................................................................................
8
7.2 Packet Sniffers......................................................................................................................................
9
7.2.1 Sniffing............................................................................................................................................
9
7.2.2 Decoding Network Traffic.........................................................................................................
11
7.2.3 Sniffing Other Computers..........................................................................................................
12
7.2.4 Intrusion Detection Systems......................................................................................................
13
7.2.5 Exercises.......................................................................................................................................
13
7.3 Honeypots and Honeynets..............................................................................................................
14
7.3.1 Types of Honeypots....................................................................................................................
14
7.3.2 Building a Honeypot..................................................................................................................
15
7.3.3 Exercises.......................................................................................................................................
15
Further Reading........................................................................................................................................
17
Glossary.....................................................................................................................................................
18
3
LESSON 7 – ATTACK ANALYSIS
Contributors
Pete Herzog, ISECOM
Chuck Truett, ISECOM
Marta Barceló, ISECOM
Kim Truett, ISECOM
4
LESSON 7 – ATTACK ANALYSIS
7.0 Introduction
There are a lot of programs on your computer that will want to open up network connections.
Some of these programs have valid reasons for connecting (your web browser won't work
nearly as well without access to a network connection as it will with one), others have been
written by people with motives ranging from questionable to criminal. If you want to protect
your computer, you'll have to learn how to detect network access, and identify the source
and intent. Not every attempt at network access is an attack, but if you don't know how to
identify friend from foe, you might as well just leave your door open.
7.1 Netstat and Host Application Firewalls
To be able to identify an attack, you have to know what applications and processes normally
run on your computer. Just looking at a graphical interface, whether in Windows or Linux,
won't let you see what's going on underneath the surface.
Netstat
and a
firewall
can be used
to help you identify which programs should be allowed to connect with the network.
7.1.1 Netstat
(netstat is also discussed in section 5.2.3) The
netstat
command will display the status of the
network. Netstat can give you information about what ports are open and the IP addresses
that are accessing them, what protocols those ports are using, the state of the port, and
information about the process or program using the port.
At a command prompt enter:
netstat -aon
(for Windows) or
netstat -apn
(for Linux)
and netstat will produce a display similar to this:
Active Connections
Proto
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
Local Address
0.0.0.0:1134
0.0.0.0:1243
0.0.0.0:1252
257.35.7.128:1243
257.35.7.128:1258
127.0.0.1:1542
127.0.0.1:1133
127.0.0.1:1134
127.0.0.1:1251
127.0.0.1:1252
Foreign Address
0.0.0.0:0
0.0.0.0:0
0.0.0.0:0
64.257.167.99:80
63.147.257.37:6667
0.0.0.0:0
127.0.0.1:1134
127.0.0.1:1133
127.0.0.1:1252
127.0.0.1:1251
State
LISTENING
LISTENING
LISTENING
ESTABLISHED
ESTABLISHED
LISTENING
ESTABLISHED
ESTABLISHED
ESTABLISHED
ESTABLISHED
PID
3400
3400
2740
3400
3838
1516
3400
3400
2740
2740
Now, you need to match the numbers in the PID column with names of the processes that are
running. In Windows, you should bring up the
Windows Task Manager,
by pressing
5
Plik z chomika:
jacek_040
Inne pliki z tego folderu:
Exploiting Web-Based Applications - FREE Video Training Course PART 1.rar
(506812 KB)
Exploiting Web-Based Applications - FREE Video Training Course PART 2.rar
(933817 KB)
50 Android Hacks.pdf
(3465 KB)
50 Reasons For Mastering Penetration Testing.azw3
(171 KB)
610.1 - Malware Analysis Fundamentals.pdf
(31650 KB)
Inne foldery tego chomika:
Zgłoś jeśli
naruszono regulamin