The next step in network attack is to understand the various types of brute-force attacks. A brute-force attack is a trial-and-error method used to obtain information from the victim, for example, trying to find organizational servers, user directories, and crack passwords.
Brute-force attacks usually will not produce non-standard loads on the network, and the way they are discovered is usually by IDS systems or when there is a suspicion that someone is trying to hack into the network. In this recipe, we will learn how to identify typical brute-force attacks.
When you suspect a brute-force on the network, follow these steps to locate it.
Brute-force attacks are trial and error attacks that send requests to the destination, hoping that some of them will be answered. Since most of these requests will be denied (if you've configured your servers properly), a large amount of Not Found messages, forbidden messages, and other error codes can be some of the syndromes for such an attack.
For discovering HTTP error codes, configure the display filter http.response.code >= 400
. The same applies to SIP and any protocol that uses HTTP-like codes. To find known scanners, you can simply use the Edit | Find packet feature and look for common scanner names. In the following screenshot, you can see an example for Nmap, which is one of the common ones. We chose the string nmap.org (1) in Packet bytes (2).
Another important issue is brute force attack, that is, when the attacker tries to guess the password in order to break into a server.
In the following screenshot, you'll see what happens when an attacker tries to break into a well-protected FTP server.
anonymous
(1), a password chosen by the attacker (2), login is, of course, approved (3), and the attacker gets in (4).3.137.217.177