monitoring systems for attempts to break-in
TRANSCRIPT
![Page 1: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/1.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 1/17
QUESTIONS ?????
MONITORING SYSTEMS FOR
ATTEMPTS TO BREAK IN
Project Presentation by
Hari Balakrishnan MSc. Computer Security
University of Essex [email protected]
![Page 2: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/2.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 2/17
Acknowledgements
• Dr Adrian Clark, University of Essex
Project guidance and mentoring
•
Ms Lynley Barker, University of EssexGuidance with Project proposal
![Page 3: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/3.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 3/17
SUBSTANTIAL STEPS TAKEN BY MOST IT SECTORS
![Page 4: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/4.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 4/17
Importance of monitoring
• Espionage
• Cyber warfare
•
Data Retention• Scanning
• IT Sectors
![Page 5: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/5.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 5/17
Project Objectives
• To gain insight on logs
• Real time implementation
• Code compatibility
• Super user access
• Nessus Vulnerability tool
• Extensions to
network monitoring
commands
![Page 6: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/6.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 6/17
Testing
• External scanning by
Nmap and Nessus
•
SSH Remote session• Wrong entries
• Running Applications
• SYN Flood sample code• ICMP attack by ping
![Page 7: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/7.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 7/17
Observation
• Identifying the attack
• Displaying all entries
• Updating new entries
• Showing specific
keywords
• Less computation time
• Low overheads• Netstat entries logged in both SYN flood and
ICMP attack are trivial.
![Page 8: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/8.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 8/17
Conclusion
• Easy for administrators
• Potential error logs in Httpd
• Work extensions for httpd logs
• /proc/net/ network extensions
• Mitigating using /proc
•
Usage of tcpdump for DDoS• Tcpdump can avoid usage of IPTraf, Wireshark
![Page 9: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/9.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 9/17
![Page 10: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/10.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 10/17
APPENDIX
• Included screenshots of the outcome,
tcpdump, /proc and httpd logs.
• Reference for the statistics:Countries vulnerability:
http://www.technologyreview.com/news/424538/breaches-and-security-by-the-
numbers/
Chart illustrations:
http://blogs.avg.com/view-from-the-top/looking-beyond-the-statistics-internet-safety-
tips/
Secure ICMP:
http://securityreliks.securegossip.com/2010/10/security-via-procsysnet-secure-icmp/
![Page 11: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/11.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 11/17
![Page 12: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/12.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 12/17
The Project
![Page 13: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/13.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 13/17
ICMP ATTACK IDENTIFIED BY TCPDUMP
![Page 14: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/14.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 14/17
SECURE ICMP
![Page 15: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/15.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 15/17
PREVENTING LOG FLOODS
![Page 16: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/16.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 16/17
Vulnerability Attack
• Nessus attackum_linux_manager and then Boot ‘.tar’
IN Client,
Enter the login name as root
Password letmein
Client:~# /etc/init.d/nessusd start
Another terminal
ssh –X [email protected]
Pass: letmein
Client:~#nessus
Use scan assistant:
Target: 155.245.21.49
Username:rootpassword:letmein
Lot of attacks are established…
Substantial evidences can be found in Httpd logs such as access_log and error_log.
![Page 17: Monitoring Systems for attempts to break-in](https://reader031.vdocuments.us/reader031/viewer/2022021220/577ce0d91a28ab9e78b43d2d/html5/thumbnails/17.jpg)
7/29/2019 Monitoring Systems for attempts to break-in
http://slidepdf.com/reader/full/monitoring-systems-for-attempts-to-break-in 17/17
DoS Attacks
• ICMP attack:Use terminal
Enter: ping 155.245.21.49 –t –l 0 to 65500
See tcpdump and netstat
• SYN Flood:Remote login by
Ssh –X [email protected]
Password:---------------
gcc synflood.c
sudo ./a.out
Netstat identifies SYN Flood with TIME_WAIT but tcpdump can be more helpful when compared to netstat.
Using nmap –sS IP Address can help to find out open ports and can be a potential threat for others.