S. Stamm, Z. Ramzan, and M. Jakobsson Presented by Anh Le.

Slides:

Advertisements

Similar presentations

JavaScript Breaks Free Zulfikar Ramzan Symantec Security Response Joint w/ Markus Jakobsson, Sid Stamm (Indiana Univ)

Advertisements

A look into Bullet Proof Hosting November DefCamp 5 Silviu Sofronie – Head of Forensics

/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.

SCADA Security, DNS Phishing

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

By Hiranmayi Pai Neeraj Jain

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.

Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.

System and Network Security Practices COEN 351 E-Commerce Security.

How’s My Network (HMN)? A Java approach to Home Network Measurement Alan Ritacco, Craig Wills, and Mark Claypool Computer Science Department Worcester.

Phishing – Read Behind The Lines Veljko Pejović

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

hotEx RADIUS Manager Installation

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Bullet-Proofing Your Wireless Router By Steve Janss.

Configuring Linksys Wireless Ethernet Bridge Prof. Valencia Community College.

Viruses, Phishing and Pharming Megan, Matt, Rishi.

Technical Training: DIR-615

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

Website Hardening HUIT IT Security | Sep

Basic Network Training. Cable/DSL Modem The modem is the first link in the chain It is usually provided by the ISP and often has a coax cable connector.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

Introduction to Honeypot, Botnet, and Security Measurement

Attacks on Computer Systems

Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.

Invasive Browser Sniffing and Countermeasures Markus Jakobsson & Sid Stamm.

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

Connecting Networks © 2004 Cisco Systems, Inc. All rights reserved. Exploring How IP Address Protocols Work INTRO v2.0—4-1.

Introduction to the Internet Introduction to the Internet CSCI 101 Rouda - Week Three Outline for this week: What is the internet History and How it Works.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

DNS POISONING + CENSORSHIP LAB DUSTIN VANDENBERG, VIPUL AGARWAL, LIANG ZHAO 1.

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories Mona Gandhi Markus Jakobsson Jacob Ratkiewicz Indiana University at Bloomington Presented.

IBM Rational Application Security Group (aka Watchfire) Web Based Man In the Middle Attack © 2009 IBM Corporation 1 Active Man in the Middle Attacks The.

Honeypot and Intrusion Detection System

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

URL Obscuring COEN 252 Computer Forensics  Thomas Schwarz, S.J

CIS 450 – Network Security Chapter 3 – Information Gathering.

OMash: Enabling Secure Web Mashups via Object Abstractions Steven Crites, Francis Hsu, Hao Chen UC Davis.

Ben Actis.  NECCDC  Layout  Prep  Actual game day.

Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.

Drive-by pharming is an interesting type of networking attack that combines multiple networking vulnerabilities and average user laziness to create an.

DNS as a Gatekeeper: Creating Lightweight Capabilities for Server Defense Curtis Taylor Craig Shue

IP BROS Presentation by: Amen Ahmed. Mario and Luigi are here to help us find our way through the internet. Mario will act as our browser and Luigi will.

Behind Enemy Lines Administrative Web Application Attacks Rafael Dominguez Vega 12 th of March 2009.

URL Obscuring COEN 252 Computer Forensics  Thomas Schwarz, S.J

Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.

Lab 11 Overview Windows Server Last Labs Lab 12  Cisco Firewall.

Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.

CENTRAL SECURED PROXY NETWORK Zachary Craig Eastern Kentucky University Dept. of Technology, NET.

Retina Network Security Scanner

Phishing & Pharming Methods and Safeguards Baber Aslam and Lei Wu.

Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

IBM Rational Application Security Group (aka Watchfire) Web Based Man In the Middle Attack © 2009 IBM Corporation 1 Active Man in the Middle Attacks The.

MASS-ANALYZING A CHUNK OF THE INTERNET: THE ROMANIAN IT LANDSCAPE GEORGE-ALEXANDRU ANDREI.

SECURE LAB: CREATING A CISCO 3550 VLSM NETWORK

High performance recursive DNS solution

Tor Good + Evil.

Welcome To : Group 1 VC Presentation

Man-in-the-Middle Attacks

Linksys Router Technical Support Number

Li Yang, Carson Woods (University of Tennessee at Chattanooga

A Web-based Integrated Console for Controlling a Set of Networks

Active Man in the Middle Attacks

IS 4506 Configuring the FTP Service

Presentation transcript:

S. Stamm, Z. Ramzan, and M. Jakobsson Presented by Anh Le

Authors Sid Stamm - Indiana University - Google Intern Dr. Zulfikar Ramzan - Technical Director of Symantec Security Prof. Markus Jacobsson - Indiana University - Principal Scientist at Palo Alto RC Anh Le - UC Irvine

Outline 1. Introduction 2. Preliminaries and Previous Work 3. Drive-By Pharming 4. Demo 5. New Attacks and Recent Events 6. Conclusion and Discussion Anh Le - UC Irvine

1. Introduction  Motivation: Total control of home broadband routers ○ Phishing (by changing DNS setting) ○ Botnets (by changing firmware)  How: Attacker sets up an “evil” webpage Victim visits the evil webpage Victim’s home router is compromised No physical proximity required  Enablers: JavaScript-enabled web browsers Default password management of the routers Anh Le - UC Irvine

2a. Preliminaries  DNS: Domain Name System What’s IP of yahoo.com? yahoo.com’s IP is Client DNS server (home router) Anh Le - UC Irvine

2a. Preliminaries (cont.)  Phishing: A type of social engineering attack to obtain access credentials  Pharming: An attack aiming to redirect a website's traffic to another bogus website Anh Le - UC Irvine

2b. Previous Work Internet Detecting … … Your internal subnet is /24! 1.Internal Net Discovery [Kindermann 2003] Java Applet 2.Host Scanning [Grossman 2006, SPI Labs 2006] Java Script Fingerprint router using default password and image name Detecting … … You have a Linksys router, and its IP is ! Anh Le - UC Irvine

Outline 1. Introduction 2. Preliminaries and Previous Work 3. Drive-By Pharming 4. Demo 5. New Attacks and Recent Events 6. Conclusion and Discussion Anh Le - UC Irvine

3. Drive-By Pharming Internet DNS Setting Changed! Anh Le - UC Irvine

3. Drive-By Pharming  How is it possible? HTTP Get Configuration Off-site script inclusion How about password-protected? <script apply.cgi?dns=evil.com”> Anh Le - UC Irvine

3. Drive-By Pharming (cont.)  Assumptions : 1. JavaScript-Enabled Web Browser 2. Default Password Management  Vulnerable Routers : Netgear WGR614 D-Link DI-524 Linksys WRT54G Cisco 806, 826, … … Anh Le - UC Irvine

3. Drive-By Pharming (cont.)  Verizon [Modem + Router] MI424-WR  admin:admin Anh Le - UC Irvine

4. Demo Anh Le - UC Irvine

Outline 1. Introduction 2. Preliminaries and Previous Work 3. Drive-By Pharming 4. Demo 5. New Attacks and Recent Events 6. Conclusion and Discussion Anh Le - UC Irvine

5. New Attacks and Recent Events  New Attacks: Growing Zombies/Botnets ○ By installing evil firmware Viral Spread ○ Router auto-recruits routers  Recent Events: Kaminsky DNS Vulnerability (July 2008) ○ cache poisoning attacks on any nameserver! Router Botnets (March 2009!) Anh Le - UC Irvine

5. Conclusion and Discussion  Routers with default password management are easily compromised  Browsers as conduits of attacks to internal network  Army of router botnets Anh Le - UC Irvine