Practical Tools for Attackers and Defenders

Abstract

A tool is usually developed for a specific purpose with respect to a specific task. For example, nmap is a security scanning tool to discover open host or network services. Network security tools provide methods to network attackers as well as network defenders to identify vulnerabilities and open network services. This chapter is composed of three major parts, discussing practical tools for both network attackers and defenders. In the first part, we discuss tools an attacker may use to launch an attack in real-time environment. In the second part, tools for network defenders to protect enterprise networks are covered. Such tools are used by network defenders to minimize occurrences of precursors of attacks. In the last part, we discuss an approach to develop a real-time network traffic monitoring and analysis tool. We include code for launching of attack, sniffing of traffic, and visualization them to distinguish attacks. The developed tool can detect attacks and mitigate the same in real time within a short time interval. Network attackers intentionally try to identify loopholes and open services and also gain related information for launching a successful attack. 6.1 Steps to Launch an Attack Attackers attempt to discover vulnerabilities and loopholes of target hosts or target networks before launching an attack. Attackers scan the network to discover open services and major loopholes of hosts or systems. This information is exploited to launch an attack using malicious code available on the Internet. It may first compromise a single host of the network and then exploit more loopholes to disrupt the entire network within a certain time interval, which may be short or long. Attackers usually use five major steps to launch an attack on a target host or target network. Each step is discussed below briefly. © Springer International Publishing AG 2017 M.H. Bhuyan et al., Network Traffic Anomaly Detection and Prevention, Computer Communications and Networks,