Mind Map

IDS/Firewall Evasion Counter-measures

Managing and preventing an evasion technique is a great challenge. There are so many
techniques to make it difficult for an attacker to evade detection. These defensive and
monitoring techniques ensure the detection system to protect the network and
have more control over traffic. Some of these techniques are basic troubleshooting and
monitoring, whereas some techniques are focused on proper configuration of IPS/IDS
and firewalls. Initially, observe and troubleshoot the firewall by
 Port scanning
 Banner grabbing
 Fire-walking
 IP address spoofing
 Source routing
 Bypassing firewall using IP in URL
 Attempt a fragmentation attack
 Troubleshooting behavior using proxy servers
 Troubleshooting behavior using ICMP tunneling
Shutting down the unused ports, ports that are associated with known attacks in an
effective step to prevent evasion. Perform in-depth analysis, resetting the malicious
session, updating patches, IDS deployment, fragmented packet normalization,
increasing TTL expiry, blocking TTL expired packet, reassembly of the packet at IDS,
hardening the security and correctly enforcement of policies are effective step of
preventing these attacks.

Page 383 of 503

Lab 12-1: Configuring Honeypot on Windows Server 2016
Machines:
 Windows Server 2016 (VM)
 Windows 7 (VM)
Software used:
 HoneyBots (https://www.atomicsoftwaresolutions.com)

Procedure:
1. Open HoneyBot Application
2. Set parameters or leave it to default

Figure 12-10. HoneyBot Application

3. Select Adapters

Page 384 of 503