SlideShare ist ein Scribd-Unternehmen logo

Router forensics

Als PPTX, PDF herunterladen
T
Taruna Chauhan

a presentation on router forensics,and some basics of router

Ingenieurwesen
1 von 22
TARUNA SINGH 1208213035
AGENDA  Introduction  Overview of Routers  Router Attack Topology  Common Router Attacks  Performing Forensics  Incidence Investigation  Accessing the Router  Documentation  What are the “BAD GUYS” doing  What are the “GOOD GUYS” doing  Why do we need to protect Router Resources  Why do we need outer Forensics
INTRODUCTION It is the application of proven scientific methods and techniques in order to recover data from routers in case of an intruder attack and apply forensics( law enforcement, documentation of the incidence) .
WHAT IS ROUTER? A computer that specializes in sending packets over the data network. They are responsible for interconnecting n/w by selecting the best path for a packet to travel to their destinations.
HOW DOES ROUTER WORK Routers forward data packets from one router to another using various routing protocols and routing table, to choose the optimum path. The routing table may contain various fields.
COMMUNICATION WITH ROUTERS  Through local cable  Through modem  Through terminal emulation software
ROUTER COMPONENTS  ROM  POST  IOS  RAM  Flash memory  NVRAM
PORTS ON ROUTER  LAN Ports  WAN Ports  Administrative ports -Console ports -Auxiliary ports
MODES OF ROUTER  Setup Mode  User Mode  Privileged Mode  Global Configuration Mode  Interface Mode
ROUTER ATTACK TOPOLOGY Reconnaissance Scanning and enumeration Gaining access Escalation of privilege Maintaining access Covering tracks and placing backdoors
COMMON ROUTER ATTACKS Denial of Service Attacks Packet Mistreating Attacks Routing Table Poisoning Hit and Run Attacks Persistent Attacks
PERFORMING FORENSICS Collection Examination Analysis Reporting
GATHER VOLATILE ROUTER DATA Connect to console port for this need cable and laptop with terminal emulation software. Record System Time and determine who is logged on Save the router configuration. Review the routing table to detect malicious static routes modified by attacker. View the ARP cache for evidence for IP or MAC spoofing
INCIDENCE INVESTIGATION Direct compromise: via physical access, listening services, password guessing by TFTP, console access Routing table manipulations: by modifying routing protocols( RIP, IGRP), review routing table with “show IP route” Theft of Information: via access control and network topology DoS: resource and bandwidth consumption reduces functionality and n/w bandwidth
Contd... FOR RECOVERY: Eliminate listening services Upgrade of software Access restriction Authentication Change all passwords Avoid password reuse Remove static routing entries
ACCESSING THE ROUTER DO  Access the router through the console  Record your entire console session  Run show commands  Record the actual time and the router’s time  Record the volatile information DON’T  REBOOT THE ROUTER  Access the router through the network  Run configuration commands  Rely only on persistent information
DOCUMENTATION  Chain of Custody: to prove the integrity of the evidence  Case reports: employee remediation, employee termination ,civil proceedings, criminal prosecution, case Summary, bookmarks  Incident response: it is the effort of an organisation to define and document the nature and scope of a computer security incident.
WHAT THE “BAD GUYS” ARE DOING Internet Router Protocol Attack Suite (IRPAS): A suite of tools designed to abuse inherent design insecurity in routers and routing protocols –Tools: ass, igrp, hsrp VIPPR: Can be used to establish MITM for compromised routers UltimaRatio: Working exploit tool for use against 1000, 1600/1700 and 2600 series routers Research
WHAT THE GOOD GUYS ARE DOING Router Audit Tool (RAT): Written in Perl, highly customizable, Passive tool to analyze a Cisco router, Scores the overall security of your router, Support for Unix and Windows systems Books, white papers on securing routers Employ strong authentication: encrypted traffic mgmt, two phase authentication, centralised authentication source.
WHY WE NEED TO PROTECT ROUTER RESOURCES Often the “heart” of the network Gaining a lot more attention from attackers Few procedures on hardening routers Routers are much slower to get upgraded to solve security bugs Few people monitor their configurations regularly Few security measures in place There are millions of them
NEED FOR ROUTER FORENSICS Operational Troubleshooting Log Monitoring Data Recovery Data Acquisition Due Diligence/Regulatory compliance
Router forensics

Empfohlen

Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail InvestigationDr Raghu Khimani
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Email Forensics
Email ForensicsEmail Forensics
Email ForensicsGol D Roger
 

Empfohlen

Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail InvestigationDr Raghu Khimani
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Email Forensics
Email ForensicsEmail Forensics
Email ForensicsGol D Roger
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsRamesh Ogania
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsN.Jagadish Kumar
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and InvestigationNeha Raju k
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2Manu Mathew Cherian
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics pptRoshiniVijayakumar1
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network ForensicsSavvius, Inc
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 
Arduino Forensics
Arduino ForensicsArduino Forensics
Arduino ForensicsSteve Watson
 
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014Takeda Pharmaceuticals
 

Weitere ähnliche Inhalte

Was ist angesagt?

Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsN.Jagadish Kumar
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and InvestigationNeha Raju k
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics OverviewYansi Keim
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network ForensicsSavvius, Inc
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber securityKAMALI PRIYA P
 

Was ist angesagt? (20)

Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection tools
 
Incident response process
Incident response processIncident response process
Incident response process
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigation
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
Security policies
Security policiesSecurity policies
Security policies
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network Forensics
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber Forensics
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
 

Andere mochten auch

Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014Takeda Pharmaceuticals
 
Digital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDigital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDeep Shankar Yadav
 
Evolution of Routing Techniques
Evolution of Routing TechniquesEvolution of Routing Techniques
Evolution of Routing TechniquesTusharadri Sarkar
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
Hardware Hacking in schools (ACEC2014)
Hardware Hacking in schools (ACEC2014)Hardware Hacking in schools (ACEC2014)
Hardware Hacking in schools (ACEC2014)Dan Bowen
 
amrapali builders @@ hardware hacking and robotics using the raspberry pi.pdf
amrapali builders @@ hardware hacking and robotics using the raspberry pi.pdfamrapali builders @@ hardware hacking and robotics using the raspberry pi.pdf
amrapali builders @@ hardware hacking and robotics using the raspberry pi.pdfamrapalibuildersreviews
 
Intro to Hardware Firmware Hacking
Intro to Hardware Firmware HackingIntro to Hardware Firmware Hacking
Intro to Hardware Firmware HackingAndrew Freeborn
 
Hardware Hacking caso práctico Ingeniería Inversa Smartcards
Hardware Hacking caso práctico Ingeniería Inversa SmartcardsHardware Hacking caso práctico Ingeniería Inversa Smartcards
Hardware Hacking caso práctico Ingeniería Inversa SmartcardsAndres Lozano
 
BSides DFW2016-Hack Mode Enabled
BSides DFW2016-Hack Mode EnabledBSides DFW2016-Hack Mode Enabled
BSides DFW2016-Hack Mode Enabledpricemcdonald
 
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKINGA BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKINGSilvio Cesare
 
Coders need to learn hardware hacking NOW
Coders need to learn hardware hacking NOWCoders need to learn hardware hacking NOW
Coders need to learn hardware hacking NOWMatt Biddulph
 
JTAG Interface (Intro)
JTAG Interface (Intro)JTAG Interface (Intro)
JTAG Interface (Intro)Nitesh Bhatia
 
Hardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootHardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootYashin Mehaboobe
 

Andere mochten auch (20)

Arduino Forensics
Arduino ForensicsArduino Forensics
Arduino Forensics
 
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
Hacker's and painters Hardware Hacking 101 - 10th Oct 2014
 
Digital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker ContainersDigital Forensics and Incident Response (DFIR) using Docker Containers
Digital Forensics and Incident Response (DFIR) using Docker Containers
 
Evolution of Routing Techniques
Evolution of Routing TechniquesEvolution of Routing Techniques
Evolution of Routing Techniques
 
Client Side Exploits using PDF
Client Side Exploits using PDFClient Side Exploits using PDF
Client Side Exploits using PDF
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013
 
Hardware Hacking in schools (ACEC2014)
Hardware Hacking in schools (ACEC2014)Hardware Hacking in schools (ACEC2014)
Hardware Hacking in schools (ACEC2014)
 
Playful
PlayfulPlayful
Playful
 
amrapali builders @@ hardware hacking and robotics using the raspberry pi.pdf
amrapali builders @@ hardware hacking and robotics using the raspberry pi.pdfamrapali builders @@ hardware hacking and robotics using the raspberry pi.pdf
amrapali builders @@ hardware hacking and robotics using the raspberry pi.pdf
 
Intro to Hardware Firmware Hacking
Intro to Hardware Firmware HackingIntro to Hardware Firmware Hacking
Intro to Hardware Firmware Hacking
 
Hardware Hacking caso práctico Ingeniería Inversa Smartcards
Hardware Hacking caso práctico Ingeniería Inversa SmartcardsHardware Hacking caso práctico Ingeniería Inversa Smartcards
Hardware Hacking caso práctico Ingeniería Inversa Smartcards
 
Hardware Hacking Primer
Hardware Hacking PrimerHardware Hacking Primer
Hardware Hacking Primer
 
BSides DFW2016-Hack Mode Enabled
BSides DFW2016-Hack Mode EnabledBSides DFW2016-Hack Mode Enabled
BSides DFW2016-Hack Mode Enabled
 
Hardware hacking
Hardware hackingHardware hacking
Hardware hacking
 
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKINGA BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
A BEGINNER’S JOURNEY INTO THE WORLD OF HARDWARE HACKING
 
Breaking Bad EACS Implementations
Breaking Bad EACS ImplementationsBreaking Bad EACS Implementations
Breaking Bad EACS Implementations
 
Coders need to learn hardware hacking NOW
Coders need to learn hardware hacking NOWCoders need to learn hardware hacking NOW
Coders need to learn hardware hacking NOW
 
JTAG Interface (Intro)
JTAG Interface (Intro)JTAG Interface (Intro)
JTAG Interface (Intro)
 
Hardware hacking 101
Hardware hacking 101Hardware hacking 101
Hardware hacking 101
 
Hardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootHardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to Root
 

Ähnlich wie Router forensics

network security / information security
network security / information securitynetwork security / information security
network security / information securityRohan Choudhari
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
IDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxIDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxaskaripayalo
 
Procuring the Anomaly Packets and Accountability Detection in the Network
Procuring the Anomaly Packets and Accountability Detection in the NetworkProcuring the Anomaly Packets and Accountability Detection in the Network
Procuring the Anomaly Packets and Accountability Detection in the NetworkIOSR Journals
 
Chapter 12
Chapter 12Chapter 12
Chapter 12cclay3
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfJessica Thompson
 
MANRS - Introduction to Internet Routing Security
MANRS - Introduction to Internet Routing SecurityMANRS - Introduction to Internet Routing Security
MANRS - Introduction to Internet Routing SecurityObika Gellineau
 
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Disha Bedi
 
IRJET - Digital Forensics Analysis for Network Related Data
IRJET - Digital Forensics Analysis for Network Related DataIRJET - Digital Forensics Analysis for Network Related Data
IRJET - Digital Forensics Analysis for Network Related DataIRJET Journal
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensicsAnpumathews
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...skpatel91
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...skpatel91
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection finalAkshay Bansal
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)Wail Hassan
 

Ähnlich wie Router forensics (20)

network security / information security
network security / information securitynetwork security / information security
network security / information security
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
 
IDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxIDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptx
 
Procuring the Anomaly Packets and Accountability Detection in the Network
Procuring the Anomaly Packets and Accountability Detection in the NetworkProcuring the Anomaly Packets and Accountability Detection in the Network
Procuring the Anomaly Packets and Accountability Detection in the Network
 
CCNA
CCNACCNA
CCNA
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
 
MANRS - Introduction to Internet Routing Security
MANRS - Introduction to Internet Routing SecurityMANRS - Introduction to Internet Routing Security
MANRS - Introduction to Internet Routing Security
 
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...
 
File000141
File000141File000141
File000141
 
CCNA FUNDAMENTAL
CCNA FUNDAMENTALCCNA FUNDAMENTAL
CCNA FUNDAMENTAL
 
IRJET - Digital Forensics Analysis for Network Related Data
IRJET - Digital Forensics Analysis for Network Related DataIRJET - Digital Forensics Analysis for Network Related Data
IRJET - Digital Forensics Analysis for Network Related Data
 
Introduction to cyber forensics
Introduction to cyber forensicsIntroduction to cyber forensics
Introduction to cyber forensics
 
Day4
Day4Day4
Day4
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection final
 
Module 7 (sniffers)
Module 7 (sniffers)Module 7 (sniffers)
Module 7 (sniffers)
 

Kürzlich hochgeladen

(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 

Kürzlich hochgeladen (20)

(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 

Router forensics

  • 2. AGENDA  Introduction  Overview of Routers  Router Attack Topology  Common Router Attacks  Performing Forensics  Incidence Investigation  Accessing the Router  Documentation  What are the “BAD GUYS” doing  What are the “GOOD GUYS” doing  Why do we need to protect Router Resources  Why do we need outer Forensics
  • 3. INTRODUCTION It is the application of proven scientific methods and techniques in order to recover data from routers in case of an intruder attack and apply forensics( law enforcement, documentation of the incidence) .
  • 4. WHAT IS ROUTER? A computer that specializes in sending packets over the data network. They are responsible for interconnecting n/w by selecting the best path for a packet to travel to their destinations.
  • 5. HOW DOES ROUTER WORK Routers forward data packets from one router to another using various routing protocols and routing table, to choose the optimum path. The routing table may contain various fields.
  • 6. COMMUNICATION WITH ROUTERS  Through local cable  Through modem  Through terminal emulation software
  • 7. ROUTER COMPONENTS  ROM  POST  IOS  RAM  Flash memory  NVRAM
  • 8. PORTS ON ROUTER  LAN Ports  WAN Ports  Administrative ports -Console ports -Auxiliary ports
  • 9. MODES OF ROUTER  Setup Mode  User Mode  Privileged Mode  Global Configuration Mode  Interface Mode
  • 10. ROUTER ATTACK TOPOLOGY Reconnaissance Scanning and enumeration Gaining access Escalation of privilege Maintaining access Covering tracks and placing backdoors
  • 11. COMMON ROUTER ATTACKS Denial of Service Attacks Packet Mistreating Attacks Routing Table Poisoning Hit and Run Attacks Persistent Attacks
  • 13. GATHER VOLATILE ROUTER DATA Connect to console port for this need cable and laptop with terminal emulation software. Record System Time and determine who is logged on Save the router configuration. Review the routing table to detect malicious static routes modified by attacker. View the ARP cache for evidence for IP or MAC spoofing
  • 14. INCIDENCE INVESTIGATION Direct compromise: via physical access, listening services, password guessing by TFTP, console access Routing table manipulations: by modifying routing protocols( RIP, IGRP), review routing table with “show IP route” Theft of Information: via access control and network topology DoS: resource and bandwidth consumption reduces functionality and n/w bandwidth
  • 15. Contd... FOR RECOVERY: Eliminate listening services Upgrade of software Access restriction Authentication Change all passwords Avoid password reuse Remove static routing entries
  • 16. ACCESSING THE ROUTER DO  Access the router through the console  Record your entire console session  Run show commands  Record the actual time and the router’s time  Record the volatile information DON’T  REBOOT THE ROUTER  Access the router through the network  Run configuration commands  Rely only on persistent information
  • 17. DOCUMENTATION  Chain of Custody: to prove the integrity of the evidence  Case reports: employee remediation, employee termination ,civil proceedings, criminal prosecution, case Summary, bookmarks  Incident response: it is the effort of an organisation to define and document the nature and scope of a computer security incident.
  • 18. WHAT THE “BAD GUYS” ARE DOING Internet Router Protocol Attack Suite (IRPAS): A suite of tools designed to abuse inherent design insecurity in routers and routing protocols –Tools: ass, igrp, hsrp VIPPR: Can be used to establish MITM for compromised routers UltimaRatio: Working exploit tool for use against 1000, 1600/1700 and 2600 series routers Research
  • 19. WHAT THE GOOD GUYS ARE DOING Router Audit Tool (RAT): Written in Perl, highly customizable, Passive tool to analyze a Cisco router, Scores the overall security of your router, Support for Unix and Windows systems Books, white papers on securing routers Employ strong authentication: encrypted traffic mgmt, two phase authentication, centralised authentication source.
  • 20. WHY WE NEED TO PROTECT ROUTER RESOURCES Often the “heart” of the network Gaining a lot more attention from attackers Few procedures on hardening routers Routers are much slower to get upgraded to solve security bugs Few people monitor their configurations regularly Few security measures in place There are millions of them
  • 21. NEED FOR ROUTER FORENSICS Operational Troubleshooting Log Monitoring Data Recovery Data Acquisition Due Diligence/Regulatory compliance