Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Slides:



Advertisements
Similar presentations
Module X Session Hijacking
Advertisements

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Computer Security MIS 604 – IT Solutions to Business Problems Spring 2002 Hackers.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Network Attacks Mark Shtern.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to Security Computer Networks Computer Networks Term B10.
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Web server security Dr Jim Briggs WEBP security1.
Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.
COEN 252: Computer Forensics Router Investigation.
Computer Networks IGCSE ICT Section 4.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Copyright © Center for Systems Security and Information Assurance
Network Security Philadelphia UniversityAhmad Al-Ghoul Module 9 TCP/IP Layers and Vulnerabilities  MModified by :Ahmad Al Ghoul  PPhiladelphia.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Software Security Testing Vinay Srinivasan cell:
CIS 450 – Network Security Chapter 3 – Information Gathering.
CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch
Lecture 20 Hacking. Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack.
Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
CHAPTER 9 Sniffing.
CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Ingredients of Security
DoS/DDoS attack and defense
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Web Security Firewalls, Buffer overflows and proxy servers.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Network Security SUBMITTED BY:- HARENDRA KUMAR IT-3 RD YR. 1.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
Presentation on ip spoofing BY
Agenda Spoofing Types of Spoofing o IP Spoofing o URL spoofing o Referrer spoofing o Caller ID spoofing o Address Spoofing.
Network security Vlasov Illia
Web Spoofing.
Computer Security Hackers.
ETHICAL HACKING Presentation By: FATHIMA SHIMNA S3 ECE ROLL NO: 31 1.
Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH.
Hacking Terminologies
What Makes a Network Vulnerable?
Computer Security Hackers by
Computer Security Hackers.
Wireless Spoofing Attacks on Mobile Devices
Presentation transcript:

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008

Why do Hackers Attack ?  Because they can A large fraction of hacker attacks have been pranks  Financial Gain  Espionage  Venting anger at a company or organization  Terrorism

Types of Hacker Attacks AActive Attacks –D–Denial of Service –B–Breaking into a site Intelligence Gathering Resource Usage Deception  Passive Attacks –Sniffing Passwords Network Traffic Sensitive Information –Information Gathering

Modes of Hacker Attacks  Over the Internet  Over LAN  Locally  Offline  Theft  Deception

Spoofing Definition: An attacker alters his identity so that someone thinks he is some one else – , User ID, IP Address, … –Attacker exploits trust relation between user and networked machines to gain access to machines

Types of Spoofing IIP Spoofing E Spoofing WWeb Spoofing

IP Spoofing – Flying-Blind Attack Definition: Attacker uses IP address of another computer to acquire information or gain access Replies sent back to John From Address: To Address: Attacker changes his own IP address to spoofed address Attacker can send messages to a machine masquerading as spoofed machine Attacker can not receive messages from that machine

IP Spoofing – Source Routing Definition: Attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies Spoofed Address Attacker intercepts packets as they go to Attacker From Address: To Address: Replies sent back to John The path, a packet may take can vary over time To ensure that he stays in the loop the attacker uses source routing to ensure that the packet passes through certain nodes on the network

Spoofing Definition:  Attacker sends messages masquerading as some one else  What can be the repercussions?

Types of Spoofing  Create an account with similar address  Modify a mail client Attacker can put in any return address he wants to in the mail he sends  Telnet to port 25 Most mail servers use port 25 for SMTP (Simple Mail Transfer Protocol). Attacker logs on to this port and composes a message for the user.

Web Spoofing  Basic –Attacker registers a web address matching an entity e.g. voteforbush.com, getproducts.com.  Man-in-the-Middle Attack –Attacker acts as a proxy between the web server and the client –Attacker has to compromise the router or a node through which the relevant traffic flows Contd.

 URL Rewriting –Attacker redirects web traffic to another site that is controlled by the attacker –Attacker writes his own web site address before the legitimate link  Tracking State –When a user logs on to a site a persistent authentication is maintained –This authentication can be stolen for masquerading as the user Web Spoofing

Session Hijacking Definition:  Process of taking over an existing active session Modus Operandi: 1. User makes a connection to the server by authenticating using his user ID and password. 2. After the users authenticate, they have access to the server as long as the session lasts. 3. Hacker takes the user offline by denial of service 4. Hacker gains access to the user by impersonating the user

Session Hijacking Bob telnets to Server Bob authenticates to Server Hi! I am BobDie! Bob Attacker Attacker can –monitor the session –periodically inject commands into session –launch passive and active attacks from the session

Denial of Service Attack (DOS) Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it.

Types of DOS Attacks  Crashing the system or network Send the victim data or packets which will cause system to crash or reboot.  Exhausting the resources by flooding the system or network with information Since all resources are exhausted others are denied access to the resources  Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks

Buffer Overflow Attacks  This attack takes advantage of the way in which information is stored by computer programs  An attacker tries to store more information on the stack than the size of the buffer  Programs which do not do not have a rigorous memory check in the code are vulnerable to this attack

Password Attacks  A hacker can exploit a weak passwords & uncontrolled network modems easily  Steps –Hacker gets the phone number of a company –Hacker runs war dialer program –Hacker now needs a user id and password to enter company network

Password Security Client Server Compare Password Hashed Password Stored Password Hash Function Hashed Password Allow/Deny Access  Password hashed and stored –Salt added to randomize password & stored on system  Password attacks launched to crack encrypted password Salt

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.