ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:

Slides:

Advertisements

Similar presentations

SOCIAL WEB MEDIA privacy and data mining part 2 4/12/2010.

Advertisements

Nick Feamster CS 6262 Spring 2009

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

An Introduction of Botnet Detection – Part 2 Guofei Gu, Wenke Lee (Georiga Tech)

Protecting Browsers from Cross-Origin CSS Attacks Lin-Shung Huang, Zack Weinberg Carnegie Mellon University Chris Evans Google Collin Jackson Carnegie.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

Ben Livshits and Weidong Cui Microsoft Research Redmond, WA.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Detecting Fraudulent Clicks From BotNets 2.0 Adam Barth Joint work with Dan Boneh, Andrew Bortz, Collin Jackson, John Mitchell, Weidong Shao, and Elizabeth.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Lam Vin The, Spiros Antonatos and Kostas G. Anagnostakis Adapted by Gary Bramwell.

DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.

Browser Exploitation Framework (BeEF) Lab

ASP Cookies Y.-H. Chen International College Ming-Chuan University Fall, 2004.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Introduction to Application Penetration Testing

FORESEC Academy FORESEC Academy Security Essentials (II)

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Origins, Cookies and Security – Oh My! John Kemp, Nokia Mobile Solutions.

Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.

BotNet Detection Techniques By Shreyas Sali

CSCI 6962: Server-side Design and Programming Secure Web Programming.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Networks and Security Monday, 10 th Week. Types of Attacks/Security Issues  Viruses  Worms  Macro Virus  Virus  Trojan Horse  Phishing 

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

IST 210 Web Application Security. IST 210 Introduction Security is a process of authenticating users and controlling what a user can see or do.

CSCI 6962: Server-side Design and Programming Web Services.

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

Client Side Vulnerabilities Aka, The Perils of HTTP Lesson 14.

Security+ Guide to Network Security Fundamentals, Fourth Edition

Srikar Nadipally. Outline Finding and Exploiting XSS Vulnerabilities Standard Reflected XSS Stored XSS DOM based XSS Prevention of XSS attack Reflect.

Foundations of Network and Computer Security J J ohn Black CSCI 6268/TLEN 5550, Spring 2013.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Protecting Browsers from DNS Rebinding Attacks Collin Jackson, Adam Barth, Andrew Bortz ACM CCS Systems Modeling & Simulation Lab. Kim.

1 Installing and Maintaining ISA Server Planning an ISA Server Deployment Understand the current network infrastructure. Review company security.

THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.

Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.

CP476 Internet Computing CGI1 Cookie –Cookie is a mechanism for a web server recall info of accessing of a client browser –A cookie is an object sent by.

Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.

Java for networking Module Introduction Data Communications Communication architecture Application.

Cross-site request forgery Collin Jackson CS 142 Winter 2009.

CSRF Attacks Daniel Chen 11/18/15. What is CSRF?  Cross Site Request Forgery (Sea-Surf)  AKA XSRF/ One Click / Sidejacking / Session Riding  Exploits.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,

SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.

Srinivas Balivada USC CSCE548 07/22/2016.  Cookies are generally set server-side using the ‘Set-Cookie’ HTTP header and sent to the client  In PHP to.

TMG Client Protection 6NPS – Session 7.

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.

World Wide Web policy.

Exploring DOM-Based Cross Site Attacks

Cross-Site Scripting Attack (XSS)

Cross Site Request Forgery (CSRF)

Presentation transcript:

ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter: Chen Chih-Ming

2 Outline Introduction Term Design and Analysis Defenses Related work Concluding remarks

3 Term Puppetnet code Infected Server Puppet client Victim

4 Introduction To coerce web browsers to participate in malicious activities Not heavily dependent on the exploitation of specific flaws Not control over participating nodes completely Dynamic, short live target Indirect attack

5 Design and Analysis DDoS Worm propagation Reconnaissance probes Protocol other than HTTP Exploiting cookie-authenticated Distributed malicious computations

6 DDoS Hidden frame JavaScript loop Embed object Cache Add GET Connect limit of browser Use different host name

7

8

9

10

11

12 Worm propagation Code Red Attack IIS server Infecting process Server Viewer Victim

13

14

15

16

17 Reconnaissance probes Timing attack

18

19

20

21 Protocol other than HTTP SMTP IRC Trigging botnet

22 Exploiting cookie- authenticated Web mail Send victim’s mail to attacker

23 Distributed malicious computations JavaScript or Applet Crack password

24 Defenses Disabling JavaScript Careful implementation of existing defenses Filtering using attack signatures Client-side behavioral controls Server-side controls and puppetnet tracing Server-directed client-side controls

25 Disabling JavaScript Most sites employ JavaScript Just enable trusted site Reduce one order magnitude, but not eliminate Not attractive

26 Careful implementation of existing defenses Connection rate limiter Reduce one order magnitude, but not eliminate Still insufficient

27 Filtering using attack signatures For spam is ok DDoS is hard to make Not like string matching Need additional HTML parser Obfuscation of HTML Too complex

28 Client-side behavioral controls DDoS Impose controls on foreign request from a web page Affect web viewing, not good enough Worm Impose limiting amount of objects from different site Can evading by dns

29

30

31 Server-side controls and puppetnet tracing Block referrer, but still waste band Find referrer to take down attacking Not effective

32 Server-directed client-side controls Embed access control token in header Restrict requests per session Need public key to verify Modify server & client

33

34 Related work Web security XSS X-flash attack, like puppetnets

35 Concluding remark New class of web-based attack None of the strategies were complete satisfying Only partial solution

36 End Bye~