Carving digital attack tool traces out of packets can be fun. The network packet matrix is all around us we just have to want to see it. Here are a few of my notes:
Attack Tool Digital Signature
Cain& Abel
Cain and Abel only use arp packets to find another live host in LAN
Metasploit
Extensive SMB protocol scanning on the network.
Retina - "anonymous" user using the password "retina@example.org"
Nessus -contains the string nessus
Nmap - FIN probes, BOGUS flag probes in ICMP code field.
Ettercap - 0xe77e in IP version field.
A good reference list:
ATTACK OBJECTS by juniper
IPD Attack detection set.
https://services.netscreen.com/restricted/sigupdates/nsm-updates/HTML/index.html
No comments:
Post a Comment