DoS on Competitor Web Site.  Phoenix has a “referral” from “Mr. Dobbs” ◦ Dobbs has threatened his girlfriend in the past ◦ Dobbs sent a “client” to Phoenix.

Slides:



Advertisements
Similar presentations
Web Hosting. The purpose of this Startup Guide is to familiarize you with Own Web Now's Web Hosting. Own Web Now offers two web hosting platforms, one.
Advertisements

Thank you to IT Training at Indiana University Computer Malware.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Spyware and Adware Rick Carback 9/18/2005
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Cyber X-Force-SMS alert system for threats.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Web server security Dr Jim Briggs WEBP security1.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
LEARN THE QUICK AND EASY WAY! VISUAL QUICKSTART GUIDE HTML and CSS 8th Edition Chapter 21: Publishing Your Pages on the Web.
Quiz Review.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Norman SecureSurf Protect your users when surfing the Internet.
APA of Isfahan University of Technology In the name of God.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Hacker Zombie Computer Reflectors Target.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
Internet Security facilities for secure communication.
BY OLIVIA WILSON AND BRITTANY MCDONALD Up Your Shields with Shields Up!
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
Lecture # 6 Forms, Widgets and Event Handling. Today Questions: From notes/reading/life? Share Personal Web Page (if not too personal) 1.Introduce: How.
Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Security+ Guide to Network Security Fundamentals, Fourth Edition
Security at NCAR David Mitchell February 20th, 2007.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Topic 5: Basic Security.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Computer Security By Duncan Hall.
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.
IT Ess I v.4x Chapter 1 Cisco Discovery Semester 1 Chapter 8 JEOPADY Q&A by SMBender, Template by K. Martin.
Information Systems Design and Development Security Risks Computing Science.
Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.
Matt Jennings.  What is DDoS?  Recent DDoS attacks  History of DDoS  Prevention Techniques.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
1 Web Technologies Website Publishing/Going Live! Copyright © Texas Education Agency, All rights reserved.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Network security Vlasov Illia
FIREWALL configuration in linux
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
Configuring Internet-related services
FIREWALL.
6. Application Software Security
Presentation transcript:

DoS on Competitor Web Site

 Phoenix has a “referral” from “Mr. Dobbs” ◦ Dobbs has threatened his girlfriend in the past ◦ Dobbs sent a “client” to Phoenix with a reminder about his girlfriend  Client ◦ Works for a computer parts company ◦ $9B annual revenues ◦ Asking that a whistleblower organization’s web site ( be down/inaccessible for a single day  Organization intends to splash damaging information on a specific day (day before the earnings statement release)  Client does not wish to have the company’s stock prices fall just prior to the earnings release

 Recon ◦ Shows the site to be amateurish ◦ Google search indicates that HS students were allowed to get experience in designing and putting up the website  Phoenix hopes for poor design, maintenance/security and lower bandwidth

 Find an unprotected wireless network to perform the hack  Use an anonymizer  Make a DDoS attack using Freak88 DDoS tool  Test the DDoS tool in lab  Infect unprotected hosts with the Server.exe Trojan Horse  Take control of the infected hosts and launch the DDoS on the target site

 Download contains ◦ Clienttrinno.exe ◦ Server.exe ◦ Msbvm50.dll  Client controls the boxes which have the Trojan server running on them ◦ Servers will issue to pings ◦ These boxes are referred to as “zombies”  The more zombies in the field attacking the victim, the better for the attacker!

 Shift from phishing attacks to web based attacks ◦ filters are becoming more effective ◦ Web based attacks are more popular now because so much is being put into “business rich” web sites and browsers fail to handle such content  Their primary function is to render web pages  SQL injection  Cross site scripting  Inline frames  CSS  Ping attacks might be filtered ◦ Accomplish the same effect using a web based attack

 Attack #1: Test  Attack #2: The one that worked  Gain access to Pawn Web site  Lab test the hack  Modify the Pawn site

 Phoenix ◦ Sets up a victim machine ◦ Starts up Wireshark filtering ICMP traffic ◦ Fires up a server zombie on a machine ◦ Fires up the client software  Dialog box allows attacker to “stack” the IP’s and ports of the zombie machines  Indicates the IP of the victim  Buttons:  Connect, Disconnect, and “Takemout” ◦ Wireshark confirms ton of ICMP traffic

 Just to be sure… ◦ Phoenix attempts to ping the webpage at  Gets Timed Out results  It turns out that the students have set up a PIX firewall to prevent pings to the web server!

 Inline frames ◦ If small, but many, inline frames can be installed on a web page  Each frame can load the web page from a site  FORCE MULTIPLIER!  If you can constantly refresh each frame… better still

 The trick is now to find a web site with lots of bandwidth and lots of traffic  Social engineer the web design company ◦ Phoenix needs write access to the server  Modify the home page ◦ Add inline frames calling the target’s homepage  If 10 frames are added, every time a user brings up the unknowing accomplice’s page, 10 HTML “get” requests are issued against the victime  If you “refresh” the inline request every 5 seconds…

 Phoenix poses as a potential client ◦ Speaks with developers and requests a demonstration ◦ Representative shows Phoenix how quickly a page can be added  In doing so, the rep refers to a 3-ring binder for the information on sites (credentials, etc)  Phoenix notes the location of the binder  Phoenix bribes the cleaner to photocopy the contents of the 3-ring binder

<iframe src= width = 0 height=0> ◦ Refreshing every 5 seconds  Add a meta tag to the web page

 Phoenix downloads the Pawn’s web page ◦ Inserts the inline frames and the meta tag ◦ FTP’s the altered page to the Pawn’s server

 DDoS against the victim  How long? ◦ Depends…  If traffic is examined, requests for the page are coming from all over  If IP is changed, the requests are made for URL and not IP… no effect! ◦ Someone would have to examine the pawn’s HTML within their page to spot the inline frames  If reported to the pawn site, they might not notify the target that they were the unwitting accomplice  Once the pawn replaces the modified page with the original  Cached pages still might exist in browsers around the world…

 Phoenix could have inserted a source pointer to a Trojan instead of the target’s URL ◦ If the pointer is to a keylogger, the pawn site could be made to appear as if they are infecting computers around the world  What is the pawn company’s liability in this case?

 Prevent disclosure of information via passive means ◦ Configure DNS not to reveal information (via registrar) ◦ Configure web server settings ◦ Don’t “advertise” information about the site or developers that nobody requires  Even if removed from the web, historical pages might exist  NETCRAFT might reveal information regardless…

 ICMP ◦ Disable entry of Ping packets into the network from outside  If required, then script a “block” from IP’s in the event that pings exceed a given number in a time period  Might not be that effective in a DDoS attack…

 Blocking DDoS attacks via web ◦ Create customize stack  Costly (development and maintenance)  Reserved for highly secured environments ◦ Rate limiting  Bandwidth  Connection limits ◦ Black hole filtering  Send suspicious traffic to a nonexistent interface  These are all counter to the reason the company site is up in the first place…

 Review the web site hosting company’s policies and security statements  Your company should authorize all changes ◦ One time passwords, maintained by your company  Forces the developer to contact you for each modification

 Physical access to information ◦ Paper format? ◦ Put onto encrypted electronic format, and then on a locked down workstation, which is physically protected  Separation of duty  Principle of least privilege