網路環境側寫 (Network mapping):
主動式:
ICMP sweeps, ICMP OS detection
firewalk, nmap
防護機制:
block most ICMP, block packets with TTL=0, 1
被動式:
manually from public resource, automated-> siphon
防護機制:
policy on publishing and posting, egress filtering
分散式攻擊:
基本模式:
client ---command--> server ---command---> agents
進階模式 一:
attacker ----forged ICMP timestamp requests---> target
target ----ICMP timestamp response----> fored
(reply sniffed by attacker)
進階模式 二:
-----> attack node 1 --- | | master --------> attack node 2
------attack(probe)--firewall-> target | -----> attack node 3 ---|
target --firewall--replies---sniffed by master or upstream host--
->?
防護機制:
ingress, egress filtering, IDS inside and outside firewall
traffic log and analysis
VPN and Traffic pattern masking:
SMTP, DNS, HTTP traffic (hiden in plain text sight), and
combination
防護機制:
egress filtering, logging, network dumps and analyses
