This article series will be based upon a network system breach. What we shall cover is the actual hack itself, from the reconnaissance stage, through to enumeration, network service exploitation, and ending with post-exploitation strategies. All of these steps will then be viewed at the packet level, and then explained. Being able to view, and understand an attack at the packet level is critically important for both system administrators (sys admin) and network security personnel. The output of firewalls, Intrusion Detection Systems (IDS) and other security devices will always in turn lead you to look at the actual network traffic. If you don’t understand what you are looking at, at the packet level, then all of the network security technology you have is utterly useless. This will then be followed by how to write a Snort signature based off of the attack traffic.
Tools used for this simulated network attack:
Setting the stage
There is no shortage of hostile scanning on the Internet today, not to mention worm activity, and other forms of malware, such as viruses. All of this amounts to a lot of white noise for the well protected computer network. What we shall look at is a person deliberately targeting a computer network. For the purposes of this article we shall assume that the hacker has already decided upon his victim and done earlier research such as finding out the IP address or addresses of the victim network. He may have also tried to find out other such nuggets of information, such as email addresses associated with that network. This type of information is critical in case the hacker were to find there was no way into the network after having scanned, profiled, and enumerated it. The email addresses that he may have harvested would be useful in setting up a client side attack by which he would try and lure a user to a malicious website via a link in an email. More on that type of attack in a later article series.
Hack, Hacking, Intrusion, Intrusion Detection System, IDS