Introduction to Information Security

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
SYSTEM ADMINISTRATION Chapter 19
Network Attacks Mark Shtern.
Week 5: Internet Protocol Continue to discuss Ethernet and ARP –MTU –Ethernet and ARP packet format IP: Internet Protocol –Datagram format –IPv4 addressing.
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
Chapter 5 The Network Layer.
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
ITIS 6167/8167: Network and Information Security Weichao Wang.
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
ICMP: Ping and Trace CCNA 1 version 3.0 Rick Graziani Spring 2005.
COEN 252: Computer Forensics Router Investigation.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
CS 356 Systems Security Spring Dr. Indrajit Ray
1 ICMP : Internet Control Message Protocol Computer Network System Sirak Kaewjamnong.
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Internet Control Message Protocol ICMP author -- J. Postel, September The purpose.
1 Overview Midterm Solution Lab 5 Questions Lab Trouble Shooting Techniques.
IIT Indore © Neminath Hubballi
Introduction to InfoSec – Recitation 09 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net)
Exploring the Packet Delivery Process Chapter
1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.
21.1 Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Examining TCP/IP.
Address Resolution Protocol(ARP) By:Protogenius. Overview Introduction When ARP is used? Types of ARP message ARP Message Format Example use of ARP ARP.
Chapter 4 TCP/IP Overview Connecting People To Information.
Introduction to InfoSec – Recitation 11 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
Basic IP Protocol Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
Chapter 23: ARP, ICMP, DHCP CS332, IS333 Spring 2014.
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
1 Introduction to TCP/IP. 2 OSI and Protocol Stack OSI: Open Systems Interconnect OSI ModelTCP/IP HierarchyProtocols 7 th Application Layer 6 th Presentation.
Tracking Rejected Traffic.  When creating Cisco router access lists, one of the greatest downfalls of the log keyword is that it only records matches.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
1 Connectivity with ARP and RARP. 2 There needs to be a mapping between the layer 2 and layer 3 addresses (i.e. IP to Ethernet). Mapping should be dynamic.
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
Presentation on ip spoofing BY
1 Address Resolution Protocol (ARP). 2 Overview 3 Need for Address Translation Note: –The Internet is based on IP addresses –Local area networks use.
Network and System Security Risk Assessment
An Introduction To ARP Spoofing & Other Attacks
IP: Addressing, ARP, Routing
Port Scanning James Tate II
Networks Fall 2009.
Exploiting Layer 2 By Balwant Rathore.
Introduction to TCP/IP
Address Resolution Protocol (ARP)
CS 280: Summary: A day in the life of a web request
Course Review 2015 Computer networks 赵振刚
or call for office visit,
LAN Vulnerabilities.
Outline Basics of network security Definitions Sample attacks
Error and Control Messages in the Internet Protocol
Address Resolution Protocol (ARP)
ICMP – Using Ping and Trace
Troubleshooting IP Communications
Byungchul Park ICMP & ICMPv DPNM Lab. Byungchul Park
ICMP – Using Ping and Trace
ITL Simple Diagnostic Tools
Outline Basics of network security Definitions Sample attacks
Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP)
Networking Essentials For Firewall-1 Administrators
Synthesis A day in the life of a web request
Session 20 INST 346 Technologies, Infrastructure and Architecture
Internet Control Message Protocol
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

Introduction to Information Security Networking Continued

Attack types ARP poisoning recap Smurf attacks Ping Reflection Today Attack types ARP poisoning recap Smurf attacks Ping Reflection MAC flooding DNS Amplification TCP/IP Hijacking

Communication compromise types

Communication denial types

ARP in a Nutshell ARP = Address Resolution Protocol A bridge between IP and Ethernet, which helps make a local network “work” Most important functionality – translate IP addresses to MAC addresses so we can actually send packets! Two major messages – ARP request – “Who is at 192.168.1.1?” ARP reply – “192.168.1.1 is at A1:B2:C3:D4:E5:F6”

ARP Poisoning To avoid making an ARP request before sending every IP packet, each host has a local cache. Another trick to avoid excessive ARP requests, is that every host will send a broadcast ARP reply when it comes online / every interval, to let everyone know its MAC address (known as “Gratuitous ARP”) Most implementations are state-less by design, and will happily store ARP replies even if they didn’t issue a request (for reasons stated above) Result – everyone on the local network can impersonate any other host, by sending a malicious ARP reply in their name.

ARP Poisoning Attack scenario – Diagram Copyright: http://gm.kochar.com/post/WEB-SPOOFING.aspx

Smurf Attack We want to DoS a host, but we’re not fast enough… So we’ll get everyone else to join!

Ping Reflection Basic concept – send a ping request to open ip addresses, but put the target’s IP address in the source of the packet. Result - everyone will send a reply to the target, effectively DDoSing it. Doesn’t increase throughput, but harder to stop via f/w.

Communication Information Leaks Let’s assume TCP SYN / ICMP Echo requests are monitored / blocked but you still want to know if a host is up, and/or what are the network elements between you and the target (traceroute) ARP Ping – Send an ARP request for a host on the same subnet(can even use broadcast) If you get a reply – that host is alive TCP Port Scan – Instead of using a SYN packet, use a TCP data packet, and listen for an RST packet

IP-TTL

Ping / Traceroute Using Different Protocols DNS Traceroute – DNS Requests are almost always permitted since they are so vital Contents are rarely checked Playing with TTL = traceroute! UDP traceroute – You already found out that the host will send you an ICMP Port Unreachable message when you send a UDP datagram to a certain closed port But you want to find all the elements in the way Solution – send and resend the packet, each time with different IP TTL You will get ICMP errors from many intermediate hosts TCP traceroute – Same as UDP, and can use SYN on an known open port, arbitrary data packet on a known open port, or data on a known closed port Basically – most services could be used for traceroute / ping given the right scenario

DNS Amplification (almost like Reflection) Request is small (eg. What are the records for google.com?) Response is large (containing result of answer) (up to x100). That’s why its called amplification

No more sniffing… It used to be easy to sniff traffic on the local network All traffic went to everyone behind the same router on a HUB based network Now – switches galore! We still need to sniff traffic… Enter MAC Flooding

Switches 101 Switches know where to route packets by learning which MAC addresses are connected to which port This is done by seeing which source MACs appear on which ports, and storing this information in a fast look- up table (CAM) This table has to be very fast, so it must be limited in size. This is not an issue, since It is highly unlikely to run more than a few 100’s / 1000’s of hosts on the same layer-2 network due to other reasons.

MAC Flooding We’re on a network, but that network uses switches, so we can’t sniff anything interesting… Or can we? What happens if we send out packets with different source MAC addresses? Will the switch refuse to learn new addresses? No! it will just fail-over to operating like a hub – a ‘dumb’ repeater

TCP Hijacking via Man-On-The-Side Example commands: send spam email on behalf of victim IP address

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.