We are gonna try to disable services on Cassiopea.
The ICMP protocol is enabled in the AWS security groups to enable capture it.
From an on-premise machine, enable public IP address running indefinitely, sending:
ping -t ipOfCassiopea
- BRUTE FORCE ATTACK
Using Ubuntu, you can simply install it with the following command as it is available in the official repository:
apt install hydra
using the dictionary “rockyou.txt”, by sending the following command of penetration attempt, we will choose the protocol used to connect to the machine in EC2, so ssh:
hydra -l admin -P rockyou.txt ipCassiopea protocol
and the page of the Test Site is kept open in Cassiopeia
-
FAIL2BAN
- Let's install the fail2ban service on the Cassiopeia machine:
apt install fail2ban
on-premise monitoring is performed on /var/log/fail2ban.log.
-
CASE A (Fail2ban disabled)
- In my case I only managed to get some higher latency of reachability on the Cassiopeia machine, but I did not finish the DOWN of the service even if i had few protocols available on which to make substantial attempts.
-
CASE B (Fail2ban enabled)
- I was only able to perform simple monitoring as shown in the following photo, identifying and JAILING the address of origin:
