SSH Brute force & DoS Attack With Snort & Analyzing in Wireshark

SSH Brute force & DoS Attack With Snort & Analyzing in Wireshark

This article is for attacking on system, monitoring attack, and Analyse generated logs. In this article there is a scenario, in this scenario there are two machines. one machine is victim’s machine and second one is attacker’s machine. In between two among one firewall is there, this firewall will be installed on victim’s machine. Then attacker will attack on victim’s machine and at the same time using victim’s machine firewall monitor live attack and then Analyse log.

In this scenario Kali Linux operating system will install in victim’s machine and cyborg hawk operating system will install in attacker’s machine. Also Snort firewall will install in victim’s machine.

Then attacker will perform two attack on victim’s system. First attack is SSH attack and second attack is DOS attack.

In SSH attack attacker will gain access victim’s machine.

In DOS attack attacker will crash victim’s machine.

Victim machine

Attacker machine

What is SSH Attack?

The SSH attack are brute-force attack which is different time of attempts to authenticate the remote SSH server. The dictionary attack is the best example of brute-force attack.

In other type of brute-force attack is the combination of letters and numbers also try commonly used passwords.

A brute-force attack is trial-and-error iteration function which is used for obtain user password or PIN (Personal Identification Number).

In Brute-force attack many automated tools are available such as :

         1. Hydra3

         2. Cain & Able

         3. John the Ripper

Port Scanning

  • Port Scanning using Zenmap:
  • Port Scanning using Nmap:

Brute force

  • Dictionary for Attack:
  • Brute force using Hydra:

Gain Victim’s Remote Access

  • Gain Victim’s Remote Access using SSH:

Output

  • Kill Snort after Gaining Access:
  • Snort After killing Victim’s Machine:

Logs

  • Port Scanning Logs
    • Monitoring:
  • Analyse:
  • Brute Force Attack Logs
    • Monitoring:
  • Analyse:
  • Gaining Access Logs
    • Monitoring:
  • Analyse:

Introduction to DOS Attack

A DoS (Denial of Service) attack is an attack which is used for inaccessible or shut down the machine or network. Using DoS attack attacker will be flooding the target with traffic, and sending it information that also crash.

The Main Impact of the DoS attack disturb the user to accessing the computer or network resources.

  • Bandwidth attacks: Bandwidth attack is the overflows the network with heavy traffic using existing network resources.
  • Connectivity attacks: Connectivity attack is the overflows the system with too more number of connection requests are coming which consume all Operating system resources by this it make not accessible and non-responsive for the user requests.

DOS using HPING3

Output

  • After DOS Victim’s O.S.:
  • After DOS Victim’s Drive:
  • Kcore File:
  • SNORT logs generate after dos and logs size:

Logs

  • Monitoring:
  • Analyse:
SSH Brute force & DoS Attack With Snort & Analyzing in Wireshark

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top