SSH Brute force & DoS Attack With Snort & Analyzing in Wireshark

ssh brute force this article is for attacking on system, monitoring attack, and Analyse generated logs. In this article there is a scenario, in this scenario there are two machines. one machine is victim’s machine and second one is attacker’s machine. In between two among one firewall is there, this firewall will be installed on victim’s machine. The attacker will attack on victim’s machine and at the same time using victim’s machine firewall monitor live attack and then Analyse log.

In this scenario Kali Linux operating system will install in victim’s machine and cyborg hawk operating system will install in attacker’s machine. Also Snort firewall will install in victim’s machine.

Then attacker will perform two attack on victim’s system. First attack is SSH attack and second attack is DOS attack.

In SSH attack attacker will gain access victim’s machine.

In DOS attack attacker will crash victim’s machine.

Victim machine

Attacker machine

What is SSH Attack?

The SSH attack are brute-force attack which is different time of attempts to authenticate the remote SSH server. The dictionary attack is the best example of brute-force attack.

In other type of brute-force attack is the combination of letters and numbers also try commonly used passwords.

A brute-force attack is trial-and-error iteration function which is used for obtain user password or PIN (Personal Identification Number).

There are various automated tools are available in brute-force

         1. Hydra3

         2. Cain & Able

         3. John the Ripper

Port Scanning

Port Scanning using Zenmap:

Port Scanning using Nmap:

Brute force

Dictionary for Attack:

Brute force using Hydra:

Gain Victim’s Remote Access

Gain Victim’s Remote Access using SSH:

Output

Kill Snort after Gaining Access:

Snort After killing Victim’s Machine:

Logs

Port Scanning Logs

Monitoring:

Analyse: ssh brute force

Brute Force Attack Logs

Monitoring:

Analyse:

Gaining Access Logs

Monitoring:

  • Analyse:

Introduction to DOS Attack

A DoS (Denial of Service) attack is an attack which is used for inaccessible or shut down the machine or network. Attacker will be flooding the traffic and will crash our system using Dos attack

The Main Impact of the DoS attack disturb the user to accessing the computer or network resources.

Bandwidth attacks: Bandwidth attack is the overflows the network with heavy traffic using existing network resources.
Connectivity attacks: Connectivity attack is the overflows the system with too more number of connection requests are coming which consume all Operating system resources by this it make not accessible and non-responsive for the user requests.

DOS using HPING3

Output

  • After DOS Victim’s O.S.:
  • After DOS Victim’s Drive:
  • Kcore File:
  • SNORT logs generate after dos and logs size:

Logs

  • Monitoring:
  • Analyse: