1. Anatomy of attacks Buffer Overflow attacks & Rootkits

2. Warning Do not use hacking tools unless you are sure you have sysadmin’s permission. Company policy  fired/suspended Illegal  Go to Jail Honor Code Just because you have a set of master- keys does NOT give you permission to drive anyone’s car!

3. Prep for class Log into a Linux VM Download the Embry-Riddle demos Demos only, not real hacks Open a tty in Linux for the rootkit demos.

4. Gift of fire? To get access to the world through the Internet we trade increased exposure of ourselves. The trade is not optional Improved user experience requires Personal knowledge Apple iPhone: Siri?

5. Buffer Overflow Work through the Embry-Riddle tutorial “Stacks”—normal returns & data on stack “Spock”—Buffer overflow with altered data “Smasher”—Buffer overflow with altered return address “Stackguard”—using a “canary” to sniff an attack RSA notesnotes Questions How do these get into the users’ system?

6. Root Kits Work through LinuxFocus NotesNotes Story of the Sony rootkit problemproblem

7. Rootkit details Definition trojan and backdoor Example: Linux Root kit trojanned commands Promiscuous mode is dangerous DEMO: Use ifconfig to check promiscuous (su) Linux tty ifconfig –a ; ifconfig eth1 promisc And use ifconfig eth1 –promisc to undo Try tcpdump –i any to view traffic (tutorial)tutorial Can use checksum to detect altered commands if clean backups are available

8. Rootkit Questions Class exercise: Search Google for current “rootkit” info How do rootkits get installed? How can you detect them? How can you remove them?

9. Root kit summary Review main points in notes If the system is compromised the cracker can use trojanned commands and backdoors to hide It is nearly impossible to use a rooted system to clean itself Boot off CD with toolkit

10. Script Kiddies Metasploit Demo videoDemo video

11. More? IT466 Information Assurance and Security (IAS) Discusses this in depth With discussions of ethics And “sandbox” exercises