2008年2月23日 星期六

網路環境側寫 Network mapping/profiling

網路環境側寫 (Network mapping):

主動式:
ICMP sweeps, ICMP OS detection
firewalk, nmap

防護機制:
block most ICMP, block packets with TTL=0, 1

被動式:
manually from public resource, automated-> siphon

防護機制:
policy on publishing and posting, egress filtering

分散式攻擊:

基本模式:
client ---command--> server ---command---> agents

進階模式 一:
attacker ----forged ICMP timestamp requests---> target
target ----ICMP timestamp response----> fored
(reply sniffed by attacker)

進階模式 二:
-----> attack node 1 --- | | master --------> attack node 2
------attack(probe)--firewall-> target | -----> attack node 3 ---|

target --firewall--replies---sniffed by master or upstream host--
->?

防護機制:
ingress, egress filtering, IDS inside and outside firewall
traffic log and analysis

VPN and Traffic pattern masking:

SMTP, DNS, HTTP traffic (hiden in plain text sight), and
combination

防護機制:
egress filtering, logging, network dumps and analyses

沒有留言:

張貼留言