Network Anti-Reconnaissance: Messing With Nmap Through Smoke And Mirrors

[Praetorian503]

Description: Reconnaissance on a network has been an attacker's game for far too long, where's the defense? Nmap routinely evades firewalls, traverses NATs, bypasses signature based NIDS, and gathers up the details of your highly vulnerable box serving Top Secret documents. Why make it so easy?

In this talk, we will explore how to prevent network reconnaissance by using honeyd to flood your network with low fidelity honeypots. We then discuss how this lets us constrain the problem of detecting reconnaissance such that a machine learning algorithm can be effectively applied. (No signatures!) We will also discuss some important additions to honeyd that we had to make along the way, and perform a live demonstration of our free software tool for doing all of the above: Nova.

Dan "AltF4" Petro: By day, Alt is a security researcher for DataSoft Corp, a small business in Scottsdale Arizona, where he focuses on developing open source tools for network security. He holds a M.S. in Information Assurance from Arizona State University where he studied network security and cryptographic protocols. By night, he is a rogue free software and privacy activist with a penchant for the dramatic. He is a lifelong hacker and regular member of the Phoenix 2600.

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.

Original Source:

Source: Network Anti-Reconnaissance: Messing With Nmap Through Smoke And Mirrors