Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shambhu Upadhyaya Computer Science & Eng. University at Buffalo Buffalo, New York 14260 ATTACK TOOLS & SECURITY POLICIES Shambhu Upadhyaya 1.

Published byRoland Holmes Modified over 8 years ago

Similar presentations

Presentation on theme: "Shambhu Upadhyaya Computer Science & Eng. University at Buffalo Buffalo, New York 14260 ATTACK TOOLS & SECURITY POLICIES Shambhu Upadhyaya 1."— Presentation transcript:

1 Shambhu Upadhyaya Computer Science & Eng. University at Buffalo Buffalo, New York 14260 ATTACK TOOLS & SECURITY POLICIES Shambhu Upadhyaya 1

2 Part III  Ad hoc networks and security  Sensor networks and security  Security tools  Mesh networks and security  Long Term Evolution (LTE)  Advanced Metering Infrastructure (AMI)  Internet of Things (IoT) Shambhu Upadhyaya 2

3 Shambhu Upadhyaya 3 Wireless Security Tools

4 Shambhu Upadhyaya 4 Popular Attack Tools  Tools  NetStumbler  Kismet  Airsnort  Airjack  These tools may not work against WPA or RSN  Purpose is to “know the enemy”

5 Shambhu Upadhyaya 5 Attacker Goals  One of the main issues to understand is the goal of the attacker  Snooping for gaining information  Disruption of service (DoS)  Network traffic modification  Masquerading  Some may do availability attack (DoS)  Some may do confidentiality attack (identity theft)

6 Shambhu Upadhyaya 6 Attack Process Reconnaissance Planning Collection Analysis Execution

7 Shambhu Upadhyaya 7 Reconnaissance  Finding the victim  Actively searching till an easy target is identified  Looking at publicly available databases or maps of access points  Targeted attack  Finding a specific target requires tools such as war driving  Tools  NetStumbler  Kismet

8 Simpler Reconnaissance  Hand held devices with notifications to connect to wireless Internet  iPhone, BlackBerry  “Security expert converts popular music/movie player and browsing device into a penetration testing, hacking tool”  http://www.darkreading.com/security/attacks/showA rticle.jhtml?articleID=219100135  Can be used for ARP spoofing, Sniffing (using popular tools like NMAP)

9 Shambhu Upadhyaya 9 NetStumbler  One of the most popular war driving software  Works only under MS Windows  Intuitive UI  Easy to install and operate  Ability to connect with several types of GPS receivers  Also available as MiniStumbler, which can run on Pocket PCs

10 Shambhu Upadhyaya 10 NetStumbler  It displays most of the needed info. in one screen broken into two panes  Left pane provides shortcuts for displaying the networks  Right pane displays all the networks  See Figure 16.2 of Edney’s book

11 Shambhu Upadhyaya 11 Kismet  Passive tool for war driving  Runs under Linux and OpenBSD  Includes all the functionality of NetStumbler along with basic traffic analysis functionality  Can display strings of characters it sees in the traffic on unprotected networks  Good for finding passwords, etc.

12 Shambhu Upadhyaya 12 Kismet  Saves the info it collects in series of text files  These files contains list of all information about a network, raw packet dumps, and captured WEP traffic  Use may violate State and/or federal laws by intercepting communications

13 Shambhu Upadhyaya 13 Kismet  The main window of Kismet is shown in Figure 16.4 of Edney and Arbaugh

14 Shambhu Upadhyaya 14 Planning  For a Open Network  Using Kismet one can capture the network traffic which can be analyzed using tools like Wireshark (http://www.wireshark.org/)http://www.wireshark.org/  Using such tools one can determine the MAC addresses of valid clients  For Protected Networks  First WEP keys have to be cracked  Dwepdump  Dwepcrack

15 Shambhu Upadhyaya 15 Collection  It is simple to collect enough packets using dwepdump to recover a WEP key  The most difficult part is determining the size of the key (40 bits or 104 bits)  Good to start with the assumption of 40 bits

16 Shambhu Upadhyaya 16 Collection  Collect enough packets using Dwepdump  Purpose is to recover a WEP key  Dwepdump must run until you collect at least 60 weak IVs

17 Shambhu Upadhyaya 17 Analysis  After collecting enough information one can analyze it using tools like dwepcrack  Sometimes you may have to go back and collect more packets (because the approach is probabilistic)  Each weak IV for the first key byte provides a hint as to the first key byte with a 5% probability  Having around 80 weak IVs guarantees success

18 Shambhu Upadhyaya 18 Other Tools of Interest  Airsnort  Offers additional features like parallel cracking  Works consistently in the background to crack WEP keys  Allows capture over multiple networks  Airjack  Provides features like carrying out DoS, determining ESSID for closed networks, establishing man in the middle attacks, setting MAC addresses of wireless cards, etc.

19 Other Kinds of Attack  Solar Winds  Has proprietary tools for all kinds of attacks  SNMP Password Cracker  SNMP: Simple Net Management Protocol  Used in network management systems to monitor network-attached devices  A brute force attack on this basically gives control to the attacker on all the network- attached devices

20 Contd…  Router Password Attack  This wireless Tool lets you change the password of the router and then configure it to your liking  TCP connection reset program  Resetting TCP connections by setting the RST flag  DDOS  Various tools on the Internet to allow  Smurf attack – issue a large no. of ICMP requests from victim’s spoofed IP, then get flooded with replies  Ping of Death – sending large (> 65,535 bytes) malformed ping request from victim’s spoofed IP (also called long ICMP)  Syn Flood – send large no. of connection requests but do not reply to the syn-ack, resulting in half-open connections

21 Shambhu Upadhyaya 21 Popular Attacks  Man-in-the-middle attack  ARP Spoofing  Used to learn MAC address for a given IP address  ARP packets have no integrity protection, so, anyone can respond with incorrect information  This poisons the ARP cache of the requestor  Until the cache entry times out, the client uses an improper MAC address for the given IP address  DOS attacks  WPA Cryptographic DOS attacks  Because Michael provides only 20 bit protection against message modification attacks

22 Shambhu Upadhyaya 22 References  Jon Edney and William Arbaugh, Real 802.11 Security, Addison-Wesley, 2004  Maximum Wireless Security By Cyrus Peikari, Seth Fogie, Sams Publishing, 2003 Maximum Wireless Security  http://sectools.org/crackers.html http://sectools.org/crackers.html  http://www.solarwinds.com/ http://www.solarwinds.com/

Download ppt "Shambhu Upadhyaya Computer Science & Eng. University at Buffalo Buffalo, New York 14260 ATTACK TOOLS & SECURITY POLICIES Shambhu Upadhyaya 1."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Overview How to crack WEP and WPA

Overview How to crack WEP and WPA
Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
Network Vulnerabilities and Attacks Dr. John Abraham UTPA.

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.
Wireless Cracking By: Christopher Zacky.

Wireless Cracking By: Christopher Zacky.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Similar presentations

Ads by Google