Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    Advanced Network Defense

    Uploaded by

    kouamfranck96

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Advanced Network Defense

    Uploaded by

    kouamfranck96
    2 views35 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    2 views35 pages

    Advanced Network Defense

    Uploaded by

    kouamfranck96

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 35

    Advanced Network Defense

    Presented by Florian Lennuyeux


    SUMMARY

    Introduction 1
    2 Scanning and Sniffing
    Network 3
    4 Ethernet Frame Analysis
    Practical work 5
    1 Introduction

    1 Basic terms

    2 Bot vs Botnet

    3 Sniffing
    1 Basic terms

    ❑ Adresse IP
    identifiant unique pour une machine sur un réseau TCP/IP
    (couche 3)
    Version 4 sur 32 bits, 192.168.2.1
    Version 6 sur 128 bits, 2001:db8:0:85a3:0:0:ac1f:8001
    Internet Protocol
    ❑ Adresse MAC
    identifiant unique de la carte réseau d’une machine sur la
    couche liaison de donnée (couche 2)
    Media Access Control
    ❑ Protocole ARP
    traduction d’une adresse IP en un adresse MAC
    Address Resolution Protocol
    1 Basic terms

    ❑ Broadcasting
    ❑ Envoyer une info d’une source à un ensemble de
    récepteurs
    ❑ IP : souvent x.x.x.255, MAC : ff:ff:ff:ff:ff:ff
    ❑ DHCP
    ❑ Protocole offrant une configuration automatique des
    paramètres IP (adresse IP, masque de sous-réseau,
    passerelle, serveurs DNS…)
    ❑ Dynamic Host Configuration Protocol
    ❑ DNS
    ❑ Protocole de résolution de nom de domaine donnant
    l’adresse IP
    ❑ Domain Name System
    ❑ ICMP
    ❑ Protocole fondamental permettant de connaître le statut
    d’un hôte ou le chemin sur le réseau (commande ping
    par exemple)
    ❑ Internet Control Message Protocol
    2 Bot vs Botnet

    BOTNET
    Network of bots
    orchestrated by a
    Command and
    Control Center

    BOT
    Computer programms
    design to automatically
    execute series of operations
    3 Sniffing

    ACTIF
    Sniffing through a
    switch-based
    network

    PASSIF
    Sniffing through a hub,
    wherein the traffic is sent
    to all ports
    2 Scanning and Sniffing

    1 Scanning attacks

    2 Sniffing attacks
    1 Scanning attacks

    ICMP TCP Connect


    ICMP Scanning Ping Sweep
    Echo Scanning Full Open Scan
    1 Scanning attacks

    Stealth Scan Inverse TCP ACK Flag


    Xmas Scan
    Half-open Scan Flag Scanning Probe Scanning
    1 Scanning attacks

    IDLE/IPID SSDP and


    UDP Scanning Others
    Header Scan List Scanning
    2 Sniffing attacks

    MAC Flooding

    DHCP Attacks

    DNS Poisoning

    Switch Port Stealing

    ARP Poisoning
    2 Sniffing attacks

    MAC Flooding

    MAC PORT
    00d3.ad34.123g 1
    esd3.45df.45t6 2
    4er2.23as.df41 3
    2 Sniffing attacks

    DHCP Attacks

    DHCP Starvation Attack Rogue DHCP Server Attack

    Attacker sets rogue DHCP server, use DHCP


    Denial of service attack on DHCP Server
    Starvation and respond to IP requests
    2 Sniffing attacks

    DNS Poisoning

    Domaine IP
    Google 8.8.8.8
    Cloudflare 1.1.1.1
    2 Sniffing attacks

    Switch Port Stealing

    MAC PORT
    00d3.ad34.123g 1
    esd3.45df.45t6 2
    4er2.23as.df41 3
    2 Sniffing attacks

    ARP Poisoning

    ARP = Address Resolution Protocol

    MAC PORT
    00d3.ad34.123g 1
    esd3.45df.45t6 2
    4er2.23as.df41 3
    3 Network

    1 Firewall

    2 IDS / IPS

    3 Three Way Handshake


    1 Firewall
    1 Firewall
    2 IDS
    2 IPS
    2 IDS - Alerting

    Attack No Attack

    Alert True Positive False Positive

    No Alert False Negative True Negative


    3 Three Way Handshake - Flags

    Data contained in
    There will be no
    the packet should be
    further Resets a connection
    processed
    transmissions
    immediatley

    URG FIN RST

    PSH ACK SYN

    Initiates a
    Sends all buffered Acknowledges the
    connection between
    data immediately receipt of a packet
    hosts
    3 Three-Way Handshake

    SYN, SEQ#10

    Server
    Client ESTABLISHED
    3 Three-Way Handshake

    FIN, SEQ#50

    Server
    Client TERMINATED
    4 Ethernet Frame Analysis

    1 Ethernet Analysis

    2 Wireshark
    1 Ethernet frame analysis

    00 60 08 74 ce 39 00 60 08 61 04 7b 08 00 45 00 02 4c ef 56 40

    00 80 06 4c 73 0a 0a 9f 02 c3 5d 50 78 0a 7b 00 50 15 35 05 44

    4c 80 64 5f 50 18 22 38 b9 57 00 00 50 41 53 53 3a 54 4f 54 4f
    1 Ethernet part
    1 IP Part
    1 TCP Part
    1 TCP Part
    2 Custom Wireshark
    5 Practical Work
    Thank you for your attention.
    Have a great day !

    You might also like