IENA - Distributed Security Scheme to prevent Network Service Exploitation

The fundamental objective is stopping and so identifying, the attacks even before they might bring about damage to the system; for that reason a good project has to operate at the source of the attack. Both IDS and IPS act during the attack, so sometimes they are ineffective. The instrument that will be designed must have the purpose of identifying any attack before it comes out. To make this sort of “magic prevention” possible, let’s imagine we have to attack a system by taking on the attacker’s point of view.

How is it possible to attack a system if we know nothing about it? The first step lies in coming into possession of the information; there are many techniques to get information: ripe registers, footprinting techniques, EDGAR research, searching on POC, MX record analysis; but now and for ever they will have to know how many and what services have been set up in the operative machine.

Thanks to this knowledge, we can state that a port mapping has a crucial importance for any attacker (social engineering permitting); why don’t we make use of this knowledge? Let’s imagine we have just carried out a port scanning on a machine and we have intercepted the port 12345 (a typical door of the famous troyan NetBus); for us that is a victory because we are sure that the machine has already been violated by NetBus, so we will ingenuously make a connection on that port to take possession of the system. Let’s try to picture the attacker’s expression when he has just realised that the port 12345 is not the NetBus door but it is a trap called IENA!

We have just discovered what IENA is: a trap into which any attacker will fall for only this reason: to attack a machine, knowing what services it provides is necessary but not sufficient. Creating an instrument based on this scam to take the attackers in is our objective; that instrument must be designed with simple but effective technologies; it must be within everyone’s reach because it will be easy to install and user-friendly; it will have to be as independent from the platform as possible and it will have a very high sensitivity level (identifying every single connection even if it might result as a permitted one, because the instrument sensitivity will be set expressly on every specific network).