The Setup

24.1.84.100

Firewall

10.0.0.1

Attacker

10.0.0.4

IDS

10.0.0.2

Defender

10.0.0.3

SSH port 22 only

SSH port 22 only

(1) Log into IDS

(2) Use IDS

(3) Attack

(4) Defend

IDS: user logins

mail server

DNS (if any)

web server

IDS systems

investigator CDROM

DO NOT ROOT IDS!!!

Attacker: Red CD w/attack tools

root available

used to attack Defender

Defender: Blue CD

defender tools

used to practice defense

root available

runs lots of services

Previous slide

Next slide

Back to first slide

View graphic version