Jump to content

Recommended Posts

Antipova Anna
Posted (edited)

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

This article is about Kaspersky Endpoint Security for Windows (KES for Windows)

Testing Network Threat Protection (NTP, Network Attack Blocker or NAB) may appear tricky, as it is finely tuned to specific attacks only. During past years many detections were modified or removed to prevent major false detections. It is necessary to understand that NTP is not intended to prevent the following types of attacks:

  • DoS
  • Information Disclosure (port scanning)

There are different solutions on the market to deal with that. Our NTP mostly prevents network vulnerabilities exploits, which are far more dangerous, as they may allow remote code execution. For example, DoS inside the network is less probable. And if it is happening, then it indicates grater issues.

There are multiple approaches to test it. The list contains various 3rd party methods.

  1. Metasploit module ms08_067_netapi will be detected as Intrusion.Win.MS08-67.exploit.*

  2. Metasploit modules ms17_010_eternalblue and ms17_010_psexec will be detected as Intrusion.Win.MS17-010.*

  3. Emulate RDP Brutforce attack using hydra utility which will be detected as Bruteforce.Generic.Rdp.*. Here is a syntax example: 

    hydra -v -f -L rockyou.txt -P rockyou.txt rdp://192.168.0.1
Edited by Antipova Anna
  • Like 1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...