stealth / advanced
Tools
High scanning techniques
Staged
packet spoofing denial of service attack
sniffers distributed
attack tools
Intruder sweepers www attacks
Knowledge
automated probes/scans
GUI
back doors
disabling audits network mgmt. diagnostics
hijacking
burglaries sessions
Attack exploiting known vulnerabilities
Sophistication
password cracking
self-replicating code
password guessing
Attackers
Low
Source: CERT 1980 1985 1990 1995 2000
Abstract ( A little reading for later)
Analysis of differences
Percentage
of Total
Vulnerable (MiTM, "Adequately Servers
Server Types Phishing etc) Secure" Sampled
Tiny
DNS/PowerDNS NA NA 2.22%
Other (or
Unknown) NA NA 15.67%
Reverse (In-
Addr.Arpa)
DNS is a
start.
Where do we
find Servers to
Test?
ISPs oblige
with zone
information
for most of
the rest
Random is not always Random
As Do the
Protocol
Differences
Differences in DNS information
also varies
1 Header 2 3 Question 4 5 Answer/etc
6 7 8 9 10
11 ID 12 13 QNAME 15 16 NAME
14
17 QR 25 26 QTYPE 27 28 TYPE
18 OPCODE 29 30 QCLASS 31 32 CLASS
19 AA
20 TC 33 34 35 36 TTL
21 RD 37 38 39 RDLENGTH
22 RA
23 Z
24 RCODE
40 QDCOUNT 41 42 43 RDATA
44
45 ANCOUNT 46 47 48
49 NSCOUNT 50 51
52 ARCOUNT 53 54
When things follow the Standards
Input layer
one neuron for each Input
Map for IP Options, Malware and Buffer overflow
conditions, etc
Output layer
These supply the output is it an attack, needs
further investigation or ok
What is a perceptron?
where:
expected value
Thank you!
Craig.Wright@bdo.com.au