Professional Documents
Culture Documents
Net Aegis
Net Aegis
Definition: A technique for discovering hosts weaknesses by sending port probes Its role in hacking: prerequisite for hacking, to learn about the victim host/network
4/10/12
Vertical scanning: Attackers scan some or all ports on a single host intending to characterize the services running on it. Horizontal scanning Attackers scan the ports on multiple IP addresses in some range of interest to find 4/10/12 which host is active and probe the topology of
Scanning Methodologies
TCP connect port scan TCP half open scan TCP Fin scan TCP ACK scan TCP reverse-indent scans , etc..
4/10/12
Current trends
4/10/12
4/10/12
INTERNET
IP address port id service IP address Port No IP Port Type (destination) address No of Transport Acknowledgem aegis layer ent service destination Type Network layer 1 192.168.3.1 80 http Interface layer 192.168.2. 4099 192.168.3. 80 http Click to edit Master subtitle style receiv 1 1 er Datalink layer aegis Physical layer Type 2 ACL-Access control list 4/10/12 Aegis Server Aegis Client ACL Senders Service firewall List Aegis Server Aegis Client ACL Receivers List Service firewall
INTERNET
Application layer Transport layer Network layer Interface layer Data link layer Sender Aegis Server original Physical layer Aegis Client packet ACL ACL-Access Service List control list 4/10/12 Senders firewall
INTERNET
send er Application layer Transport layer Network layer Interface layer Data link layer aegis Physical layer Type 2 ACL-Access control list 4/10/12 Aegis Server Aegis Client ACL Service List Senders Aegis Server Aegis Client ACL Service List Receivers IP address aegis (destnation) Type 1 192.168.3.1 port id Neg service ACK
80
http
receiv er
Network layer
destination Port No
Aegis type 2
Users packet
Step 4: on positive ACK, forward the packet in queue on negative ACK ,drop the packets. Step5: Receiver side ,check with Access Control List(ACL) and 4/10/12 then forward to destination
conclusion
* a threshold value is set , which indicates the number of possible port probes in the time constrain. * Minimizing the port probes, max probability of mismatch * vulnerability of the Network to the attack decreases drastically. * the attacks are time constrained, the port scanning process is delayed. 4/10/12