Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Strategies for Defeating Distributed Attacks

Black Hat via YouTube

Overview

Explore strategies for defeating distributed attacks in this Black Hat USA 2000 conference talk. Delve into attack recognition problems, changing attack patterns, and two basic distributed attack models. Learn defensive techniques including minimal open ports, stateful inspection firewalls, and modified kernels/IDS for fingerprint packet detection. Discover DMZ server recommendations, firewall rule best practices, and intrusion detection system requirements. Examine spoofed packet defense methods and stay updated with late-breaking cybersecurity news. Gain valuable insights to enhance your network security posture and combat evolving distributed threats.

Syllabus

Intro
Assume basics - Understand IP addressing - Understand basic system administration
Attack Recognition Problems Blended "patter" and "effect" attacks • Sniffing attacks Decoys and false identification of attack source
Attack Recognition Problems • Blended "patter" and "effect" attacks • Sniffing attacks Decoys and false identification of attack source
Changing Attack Patterns • More large-scale attacks • Better enumeration and assessment of the target by the attacker
Two Basic Distributed Attack Models • Attacks that do not require direct observation of the results • Attacks that require the attacker to directly observe the results
Defensive Techniques Cont. Minimal ports open Stateful inspection firewalls Modified kernels/IDS to look for fingerprint packets
Defensive Techniques Cont. Limit ICMP inbound to host/destination unreachable Limit outbound ICMP
DMZ Server Recommendations Split services between servers Current patches • Use trusted paths, anti-buffer overflow settings and kernel patches • Use any built-in firewalling software • Make use of built-in state tables
Firewall Rules Limit inbound to only necessary services • Limit outbound via proxies to help control access • Block all outbound to only necessary traffic
Intrusion Detection Systems • Use only IDS's that can be customized • IDS should be capable of handling fragmented packet reassembly • IDS should handle high speeds
Spoofed Packet Defenses Get TTL of suspected spoofed packet • Probe the source address in the packet Compare the probe reply's TTL to the suspected spoofed packet
Late Breaking News • HackerShield RapidFire Update 208

Taught by

Black Hat

Reviews

Start your review of Strategies for Defeating Distributed Attacks

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.