table of Contents
Foreword
| problem | Reply |
|---|---|
| This work belongs to the curriculum | Network attack and defense practice |
| Where this requirement in the job | "Network attack and defense practice," the first week of operation |
1. knowledge carding and summary
"Network attack and defense technology and practice" in the first chapter by Dasher worm emergency response events allow readers to establish an initial impression of the network attack and defense technology; then reviewed the history of the Hacker Ethic ; also gives network attack and defense technology framework , and the book as a structure, to expand the introduction and explanation of the various types of offensive and defensive techniques; Finally, the professionalism and the relevant laws and regulations as a technician should have.
1.1 Dasher Worm Case
- Dasher worm mechanism
Dasher worm mainly use the Microsoft Windows operating system in 2005, broke the MSDTC service MS05-051 security vulnerability, but also integrates MS05-039 exploit code and other vulnerabilities.
Attack steps:
A first external source of infection MS05-051 compromised by the target host port TCP1025 MSDTC service vulnerability;.
B Shellcode injected after performing connection control command server, location server and the FTP download instruction;.
C from the FTP server. Dasher worm downloaded to the target host;
D Dasher worm activated on the target host;.
E Dasher worm activated on the target host is further spread outside the scan.
- Responses
Chinese Honeynet Project - Artemis team in the first time detected Dasher worm activity and intercepts the spread of samples, in-depth analysis of the mechanism of sample behavior of the help CNCERT / CC worm implementation of effective control, to avoid the further spread of the outbreak.
Forensic analysis and tracking steps are as follows:
A gain control of the command server worm propagation involved in the process, remote access FTP server, Web server space, to obtain evidence;.
B remote FTP server, the hacker uploaded FTP program, worm samples. preservation of evidence;
. c confirm command control server by IP localization position;
d obtain remote access privileges forensics Web server space to find the IP address of the closely related worm served;.
. E coordination operators to find a specific location.
- Sentiment
Author a full and detailed introduction to the process of Dasher worm incident, and the worm mechanism, as well as responses has been further elaborated, allowing readers to network attack and defense in the end is what a deep understanding of. With the rapid rise of the Internet, security problems have cropped up more and more, in which the defense network is particularly important. In this regard, we should strive to improve network security emergency response capabilities should strengthen risk awareness of network security, enhanced network risk perception intuitive and urgency.
Defense Technology Framework 1.2 Network
FIG technical framework network attack follows:
The following Web security attack and defense for the primary content (in the figure of the second layer) described as follows:
- System security attack and defense
Basic offensive and defensive security system is a software program in security vulnerabilities. Life cycle software vulnerabilities include: security vulnerability research and excavation, penetration attack code development and testing, security vulnerability and penetration exploit code circulating in a closed team, security vulnerability and penetration attack code began to spread malicious programs appeared and began to spread, infiltration attack code / large-scale spread of malicious programs and harm the Internet penetration attack code / malware faded away.
- Internet Protocol security attacks
There are a lot of security issues TCP / IP protocol stack, including the following.
(1) network interface layer: either a wired Ethernet network protocol commonly used, or the mainstream WIFI wireless network protocols are based on broadcasting, there is a risk of eavesdropping sniffers.
(2) interconnect layer: there is the risk of IP protocol IP source address spoofing, ARP spoofing risk ARP protocol, ICMP protocol could face Smurf attacks.
(3) Transport Layer: TCP three-way handshake protocol may face SYN denial of service attack.
(4) Application Layer: Early internet application layer protocol, such as HTTP, FTP, POP3, SMTP etc. in plain text encoding, the presence of sensitive information eavesdropping, tampering, impersonation and the like risk.
- Physical attacks
Physical attack when an attacker to bypass physical security protection system (such as anti-theft door), to obtain the destruction of important information. Divided into physical attack type and skill-based violence. Violent armed personnel and equipment mainly rely on weapons, were destroyed by destructive means of protection system; skill-based refers to the combination of human intelligence and action force.
The main defense against physical attacks is to follow the technical standards and specifications physical security projects, improve physical security protection system resources, including explosion-proof devices, security guards and patrol, security response mechanism.
- Social engineering
Any system has the participation of people, so no matter how good the hardware and software of this system of protective measures to do if a problem occurs in the human link, then all means of protection are useless. It is social engineering attacks are a significant threat in the field of information security.
Social engineers not only need to master the skills for psychology, but also powerful and delicate ability to obtain information, and personal influence. The purpose is to persuade social engineers on target, so it takes a small amount of time and effort you can successfully obtain information.
Defense of social engineering attacks, can be understood by social engineering techniques, security awareness and training specifications, as well as the quality and characteristics of the practice of self psychology. For example, the Internet does not disclose personal information, do not easily trust others, strict adherence to confidentiality procedures and norms.
1.3 Hacker Ethic and legal regulations
Currently, countries in the world are constantly improve laws and regulations and provisions related to computer crime, cyber attacks, the Internet is not outside the law, whether it is white hat black hat, should consciously abide by the code of conduct within the industry and relevant laws and regulations.
2. Homework
(1) hacker movie appreciation, write a film review published on a personal blog, or social engineering or physical attacks to intercept fragments from the film and television work, which explain the use of the means of attack, to be specific comments.
(2) by means of social engineering attempt to obtain personal information about other students, and to expand your social worker process, including success and failure.
2.1 hacker movie viewing
- Movies
"Who am I: There is no absolute security system" is a 2014 Canadian premiere of the movie themes hackers, network gathering dark, zero-day attacks, IP tracking, Trojan attacks and other common scenes in the film have mentioned . Indeed, no system is absolutely safe, because the weakness of human nature is any security loopholes in the system.
The following briefly describes the plot (do not want to be spoilers, please close their eyes glide (╯ # -_-) ╯ ~)
Benjamin twenty-five is a country with a high talented hackers, Max is a desire to "hacker world" potential revolutionaries, they met and set up two others and hacking CLAY (laugh clown) together. Long time, CLAY lose ground in the online world. CLAY Despite growing success, but there are MRX hacker community achievements CLAY God's nose. When reporters asked MRX views on the CLAY, MRX ask: Who CLAY that? Max was born with pride so incensed, he decided to take CLAY complete a remarkable attack: attack the German intelligence service.
Benjamin will steal the data sent to the server MRX to prove their powerful, MRX data network gang sold to Russia, the Russian mafia network that hackers Krypton turned out to be for the government of their lives According to the data of the German Intelligence Service. Russian gangster killed Krypton. CLAY cited the impending massacre of a dream wake up, only to find MRX to get rid of stakeholders.
CLAY again break the Interpol database, manages to steal data. In the data to the MRX moment, MRX see through CLAY conspiracy, destruction of data on the spot, found hidden among the Trojans. CLAY attacks of the network so that they become a wanted man Europol. Female police officers successfully arrested Hannah Benjamin.
Benjamin repeat the whole process in the interrogation room CLAY crime, help Hannah find MRX-- a 19-year-old boy genius through Trojans, and it brought to justice. Benjamin's retelling let Hannah glimpses he was a multiple personality patients, CLAY team in fact only one person, the others are from his imagination. Through the investigation more confident that their ideas Hanna. Witness Protection Program is unable to protect the mentally ill. For moral and high sense of responsibility, Hannah Benjamin spared, authorizing him to enter the Witness Protection Europol database modifications, the inclusion of a list of witnesses protection.
- technical analysis
① Benjamin order to attract the attention of Mary, help her get the test questions, black university education system server. 0day exploit vulnerabilities to get access. [But he was patrol caught kk
0day vulnerabilities] [unified name for a certain type of vulnerability. It refers to the system as yet unpublished vulnerabilities, or has been disclosed but no official patch vulnerabilities.
② Max with Benjamin went to a party, in order to prove their strength to Max and two others, Benjamin black out where the floor grid.
Ok. . . I looked at the code a little here, the hero first with nmap port scan, then the iec-backdoor bash a script written in advance of their own, others would not read hhh
③ Max Benjamin demonstrate how to use social engineering to fool two donuts. And say the verse, "your facial skin is thick enough, so the world will be at your feet." I think this is the use of Limakesi clerk afraid to stir up trouble state of mind.
④ Max and Benjamin completed the first secret mission, they will address the forum used a laptop to connect to another WiFi, you can see the contents of the forum outside the command and control content projected by the projector.
Local file ⑤CLAY to German Intelligence Agency crushed (not specified I guess) to find an employee's name and E-mail, by sending a fake e-mail, let them make a good open link, and then pass to get into the Intelligence Bureau.
2.2 social engineering attempt
I find the first micro-channel contacts, find one who does not know when to add friends of friends (do not really know), then wait until he made circle of friends, pretending to casual comment to him. Thereafter let him whisper to me drop my guard, finally got his current company name, home address, etc. of personal information.
一顿操作下来,我认为社工的一个重点就是要取得对方的信任,但这说起来容易,其实不仅需要强大的心理素质,还要对心理学极为了解。社工可以用较小的花费得到重要的秘密信息,是网络攻防中不可忽视的一环,因为有人的地方,就有漏洞。
3.学习中遇到的问题及解决
第一章的内容大多为理解性的概念,较为通俗易懂。只有阅读黛蛇蠕虫病毒的传播时,有一些茫然,后通过查阅资料,大致弄懂了病毒机理。
4.学习感想和体会
网络攻防是一个很大的概念,其覆盖面广,知识零散,必须靠自己主动的学习挖掘,而不是被动的接受技术。
参考资料
- 网络攻防——黛蛇蠕虫病毒
- 《网络攻防技术与实践》(诸葛建伟著)