4/29/2023 0 Comments Backtrack 4![]() So even though this attack was not detectable by the target machine, my NSM machine captured the whole event, while it happened, in realtime. You can click on each alert and find out more about it, or view the actual packets involved in the alert in Wireshark. The alerts are color coded for severity and list the Source, or attackers IP address. See the Sguil interface screenshot below: The result? Sguil lit up like a Christmas tree. Wow, pretty impressive, but what can be done to detect this type of attack? Well, while this attack was running against my target machine, my NSM system monitored every packet coming into the system through a mirrored port. The NSM system runs Snort which detects intrusion attempts and displays the alerts in the network security analyst program Sguil. The program then automatically attacks the systems and tries to open a reverse shell to it. I always pick “reverse” – connect back to me. Provide it with a single IP address or a range of addresses that you want to attack, then what kind of payload shell you want. Just run the updates, option #1, then run Autopwn – option #2. You should have a screen that looks like this: You boot up your Backtrack 4 system, start networking, go to the Backtrack menu, select “penetration” menu, “Fast-Track” and finally “Fast-Track Interactive”. It then uses that information to create a tailored attack against the target system using Metasploit. The program runs nmap and looks for open ports. All you need to tell the program is what you want to attack, and the program does the rest. Autopwn basically does all the work for you. The first test I wanted to run was to pit the ever popular BackTrack 4 R2 Fast-Track “Autopwn” program against NSM and see what would happen.Īutopwn is a great program for new users to try their hand at penetration testing. Today, I finally set everything up and ran some tests. Do not attempt anything found in these articles on any network or computer system without written permission from the owners. Doing so could get you into trouble and you may end up in jail.įor quite a while now, I wanted to write some articles about NSM. This article is for informational use only. The NSM machine will be connected to the target machine via a mirrored port ( DualComm’s DCSW-1005PT) so all the incoming attacks can be monitored in realtime. This will be the first in a series of articles analyzing attacks used against networks and what can be done to catch them.įor this part of the series I will be using three machines – a target machine, an attacker system and a third computer running the Network Security Monitoring (NSM) Security Onion Live CD. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |