• Title/Summary/Keyword: stepping stones attack

Search Result 5, Processing Time 0.023 seconds

Stepping Stones Attack Simulator for TCP Connection Traceback Test

  • Choi, Byeong-cheol;Seo, Dong-Il;Sohn, Sung-Won;Lee, Sang-Ho
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2003.10a
    • /
    • pp.2112-2115
    • /
    • 2003
  • In this paper, we describe a SSAS (stepping stones attack simulator) that is automatic tool for testing and evaluation in TCP connection traceback system. The SSAS can pass multiple hosts that are included with hacker, middle-path hosts and victim’s system. And SSAS can also attack through commands to exploit the victim’s system. Usually, hackers do not expose their real attack positions through compromising the middle-path hosts like stepping-stones. Namely, hackers perform the stepping stones attacks in Internet. The SSAS can be utilized by developments and tests of the various countermeasure techniques of hacking. Specially, in this paper, it is used to test the performance of TCP connection traceback system.

  • PDF

A New Intruder Traceback Mechanism based on System Process Structure (시스템 프로세스 구조에 기반을 둔 침입자 추적 메커니즘)

  • 강형우;김강산;홍순좌
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.233-239
    • /
    • 2004
  • In this paper, we describe a defense mechanism to cope with stepping stones attacks in high-speed networks. (Stepping stones Attacker launches attacks not from their own computer but from intermediary hosts that they previously compromised.) We aim at tracing origin hacker system, which attack target system via stepping stones. There are two kind of traceback technology ; IP packet traceback, or connection traceback. We are concerned with connection traceback in this paper. We propose a new host-based traceback. The purpose of this paper is that distinguish between origin hacker system and stepping stones by using process structure of OS(Operating System).

  • PDF

Design an Algorithm Matching TCP Connection Pairs for Intruder Traceback (침입자 역추적을 위한 TCP 연결 매칭 알고리즘 설계)

  • Kang Hyung-Woo;Hong Soon-Jwa;Lee Dong-Hoon
    • The KIPS Transactions:PartC
    • /
    • v.13C no.1 s.104
    • /
    • pp.11-18
    • /
    • 2006
  • In the field of network defense, a lot of researches are directed toward locating the source of network attacks. When an intruder launches attack not from their own computer but from intermediate hosts that they previously compromised, and these intermediate hosts are called stepping-stones. There we two kinds of traceback technologies : IP packet traceback and connection traceback. We focused on connection traceback in this paper This paper classifies process structures of detoured attack type in stepping stone, designs an algorithm for traceback agent, and implements the traceback system based on the agent

A Study on the Active Traceback Scheme Respond ing to a Security Incident (침해사고 대응을 위한 능동적 역추적 기법에 관한 연구)

  • Park Myung Chan;Park Young Shin;Choi Yong Rak
    • Journal of the Korea Society of Computer and Information
    • /
    • v.10 no.1 s.33
    • /
    • pp.27-34
    • /
    • 2005
  • Current security reinforcement systems are Passive defense system that only blocks filter to all traffic from the attacker. So, Those are weak re-attack and Stepping Stones attack because active response about attacker is lacking. Also, present techniques of traceback need much time and manpower by log information collection and trace through the personal inspection and active response is lacking. In this paper, We propose technique for TCP connection traceback that can apply in present internet and trace to inserted marking on IP header to correspond re-attack and Stepping Stones attack. Therefore, Proposed technique is unnecessary correction of existing network component and can reduce size of marked information and overhead of resources.

  • PDF

A Brute-force Technique for the Stepping Stone Self-Diagnosis of Interactive Services on Linux Servers (리눅스 서버에서 인터렉티브 서비스 Stepping Stone 자가진단을 위한 brute-force 기법)

  • Kang, Koo-Hong
    • Journal of the Korea Society of Computer and Information
    • /
    • v.20 no.5
    • /
    • pp.41-51
    • /
    • 2015
  • In order to hide their identities, intruders on the Internet often attack targets indirectly by staging their attacks through intermediate hosts known as stepping stones. In this paper, we propose a brute-force technique to detect the stepping stone behavior on a Linux server where some shell processes remotely logged into using interactive services are trying to connect other hosts using the same interactive services such as Telnet, Secure Shell, and rlogin. The proposed scheme can provide an absolute solution even for the encrypted connections using SSH because it traces the system calls of all processes concerned with the interactive service daemon and their child processes. We also implement the proposed technique on a CentOS 6.5 x86_64 environment by the ptrace system call and a simple shell script using strace utility. Finally the experimental results show that the proposed scheme works perfectly under test scenarios.