PUCPR - Segurança da Tecnologia da Informação - ATIVIDADE SOMATIVA 2

Nícolas Teixeira

28 Jul 202302:20

Summary

TLDRIn this demonstration, Nicolas Teixeira Guerra Garcia from Team 42 presents an intrusion detection system using the Smart tool to detect denial-of-service (DoS) attacks, specifically SYN flood attacks. He explains how he configured alerts to monitor any IP address or port targeting his machine's IP, particularly on port 80. If more than 50 attacks occur within 10 seconds, the system triggers an alert. The demonstration shows the system's ability to detect these attacks and automatically log relevant events, offering a practical approach to real-time threat detection and response.

Takeaways

😀 The presenter is Nicolas Teixeira Guerra Garcia, representing Team 42, and discusses intrusion detection using the Smart tool.
😀 The activity involves detecting Denial of Service (DoS) attacks using the Smart tool.
😀 An alert was configured within the Smart tool to detect any IP address and port targeting the host machine's IP (homenet) and port 80.
😀 The alert detects potential DoS attacks, specifically SYN flood attacks (SYN or SYN-ACK types).
😀 The Smart tool is set to notify the user if more than 50 attacks occur within a 10-second window.
😀 The Smart tool runs continuously in the background, monitoring for these attacks on the machine.
😀 The presenter demonstrates how the system detects the attack once the configured threshold (50 attacks in 10 seconds) is met.
😀 The alert notification is shown when an attack is detected, indicating a DoS attack of the SYN type.
😀 The presenter uses a ping tool to simulate the attack, targeting port 80 on the machine.
😀 The Smart tool logs and records all attacks detected during the demonstration.
😀 Once the attack stops, the alerts cease, and the system continues monitoring for any future threats.

Q & A

What is the purpose of the demonstration in the script?
-The purpose of the demonstration is to show how the Smart tool can be used to detect Denial of Service (DoS) attacks, specifically SYN flood attacks.
Who is presenting the demonstration and which team do they represent?
-The presenter is Nicolas Teixeira Guerra Garcia, who represents team 42.
What type of attack is the Smart tool configured to detect?
-The Smart tool is configured to detect Denial of Service (DoS) attacks, specifically SYN flood attacks.
What is the specific configuration for detecting attacks in the Smart tool?
-The configuration monitors any IP address and port that targets the presenter's 'homenet' (home network), specifically targeting port 80 (HTTP) on his machine.
How does the alert system in the Smart tool work?
-The Smart tool triggers an alert when more than 50 attacks are detected within a 10-second period, notifying the user about the attack.
What attack threshold is set for triggering an alert in the Smart tool?
-The threshold is set to trigger an alert if more than 50 attacks occur within a 10-second period.
What action does the presenter take to simulate an attack during the demonstration?
-The presenter initiates a Denial of Service (DoS) attack using a tool, likely ping, targeting port 80 on the machine.
How does the Smart tool respond once the attack threshold is exceeded?
-Once the threshold is exceeded, the Smart tool generates an alert in the terminal, indicating that a SYN DoS attack has been detected.
What information does the alert provide after the attack is detected?
-The alert provides information about the attack type (SYN) and confirms that a DoS attack was detected on the machine.
What is the role of the 10-second period in the Smart tool's configuration?
-The 10-second period is used to measure the frequency of attacks. If more than 50 attacks occur in this short window, an alert is triggered.