Strategies for Defeating Distributed Attacks

Strategies for Defeating Distributed Attacks

Black Hat via YouTube Direct link

Firewall Rules Limit inbound to only necessary services • Limit outbound via proxies to help control access • Block all outbound to only necessary traffic

10 of 13

10 of 13

Firewall Rules Limit inbound to only necessary services • Limit outbound via proxies to help control access • Block all outbound to only necessary traffic

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Strategies for Defeating Distributed Attacks

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Assume basics - Understand IP addressing - Understand basic system administration
  3. 3 Attack Recognition Problems Blended "patter" and "effect" attacks • Sniffing attacks Decoys and false identification of attack source
  4. 4 Attack Recognition Problems • Blended "patter" and "effect" attacks • Sniffing attacks Decoys and false identification of attack source
  5. 5 Changing Attack Patterns • More large-scale attacks • Better enumeration and assessment of the target by the attacker
  6. 6 Two Basic Distributed Attack Models • Attacks that do not require direct observation of the results • Attacks that require the attacker to directly observe the results
  7. 7 Defensive Techniques Cont. Minimal ports open Stateful inspection firewalls Modified kernels/IDS to look for fingerprint packets
  8. 8 Defensive Techniques Cont. Limit ICMP inbound to host/destination unreachable Limit outbound ICMP
  9. 9 DMZ Server Recommendations Split services between servers Current patches • Use trusted paths, anti-buffer overflow settings and kernel patches • Use any built-in firewalling software • Make use of b…
  10. 10 Firewall Rules Limit inbound to only necessary services • Limit outbound via proxies to help control access • Block all outbound to only necessary traffic
  11. 11 Intrusion Detection Systems • Use only IDS's that can be customized • IDS should be capable of handling fragmented packet reassembly • IDS should handle high speeds
  12. 12 Spoofed Packet Defenses Get TTL of suspected spoofed packet • Probe the source address in the packet Compare the probe reply's TTL to the suspected spoofed packet
  13. 13 Late Breaking News • HackerShield RapidFire Update 208

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.