Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Attacks CS432 - Security in Computing

Published byErick Turner Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Attacks CS432 - Security in Computing"— Presentation transcript:

1 Network Attacks CS432 - Security in Computing
Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University

2 References Security in Computing, 4th Ed. Chapter 7 (pgs )

3 Section Overview Anatomy of an Attack Denial of Service Attacks
Packet Sniffing Service Attacks Spoofing Attacks

4 Why are Networks Vulnerable?
Reliance on shared resources System Complexity Unknown perimeter Many points of attack Attacker anonymity Multiple paths to hosts

5 Anatomy of an Attack Footprinting Scanning Enumeration Gaining Access
Denial of Service Escalating Privilege Pilfering Covering Tracks Creating Back Doors Source: Hacking Exposed: Network Security: Secrets and Solutions, by S. McClure, J. Scambray, and G. Kurtz

6 Denial of Service Attacks
ICMP Redirects SYN Flooding Smurf Attacks Service Bombing FTP Finger Mail Bombing Service Bugs Ping o’ Death WinNuke Teardrop Distributed DoS Targets may be Upstream

7 Server never gets ACKs to its SYN
SYN Flood Attack SYN(C, ISNc) SYN(C, ISNc) SYN(C, ISNc) SYN(C, ISNc) SYN(S, ISNs) ACK(C, ISNc) SYN(S, ISNs) ACK(C, ISNc) Client SYN(S, ISNs) ACK(C, ISNc) SYN(S, ISNs) ACK(C, ISNc) Server Server never gets ACKs to its SYN Half Open Connections

8 IP Address Spoofing Replace actual source address in IP packets
Prevent packets from being traced back Exploit IP address-based trust relationships

9 Smurf Attacks 10.1.1.0/24 Network Attacker Ping 10.1.1.255 172.21.0.35
Spoof source: /24 Network

10 Distributed DoS Attacks
Intruder Master Master Master Z Z Z Z Z Z Z Z Victim Source: Results of the Distributed Intruder Tools Workshop

11 Impersonation Attacks
Social Engineering Cracked Passwords Stolen Passwords Sniffed Phishing Berkeley R-Commands

12 Packet Sniffing Promiscuous mode Capture account passwords Read email
See every packet as it crossed the network Transparent Capture account passwords Read Analyze network traffic

13 Network Hubs vs. Switches
Everyone can see traffic Virtual circuit between pair

14 Switch Attacks MAC Flooding – switch will act like hub ARP Spoofing
Who is ? I am (1:2:3:7:8:9)

15 Wireless Networking Bandwidth (shared) Modes
802.11b – 11Mbps 802.11g – 54Mbps 802.11n – 600Mbps (coming soon!) Modes Ad Hoc (Hosts talk directly to each other) Infrastructure (uses Access Points) Identified by Set Server ID (SSID) names

16 Infrastructure Model Internet

17 SSID Broadcasts SSID: Cisco SSID: belkin54g SSID: linksys

18 Default SSIDs

19 Wireless Network Access Control
Only allow known systems to connect Every wireless NIC has a unique address Known as the MAC address Assigned by vendor BSSID: MAC address of Access Point Access Control List MAC Spoofing?

20 Wardriving

21 High Power Mode 450ft = 40 houses, 4 streets

22 Low Power Mode 150ft = 6 Houses, 1 street

23 WEP Authentication Request to Connect Challenge Plaintext  Plaintext
Access Granted WEP Key WEP Key

24 WEP Frame Message CRC Keystream = RC4 (IV, ) IV ID Ciphertext

25 WEP Attacks Initial connection sniffing IV Reuse
Look for IV collisions Some APs reset IV to 0 each time system is (re)initialized IV Dictionary Attacks Injection attacks with known plaintext Wi-fi Protected Access / i

26 IV Reuse Occurrences 1% after 582 encrypted frames
Jesse R. Walker IEEE P Wireless LANS: Unsafe at any key size

27 Replay Attacks ARP Request ARP Request

28 FMS Attack Scott Fluhrer, Itsik Mantin, Adi Shamir
RC4 Matrix Initialization Weakness If a key is weak, keystream will contain some portions of key more than other combinations Statistical Analysis to find

29 Temporal Key Integrity Protocol
TA TSC Base Key Hash() Message CRC Keystream = RC4 (IV,PK) Ciphertext Dictionary Attacks?

30 Token-based Login Race Attack
scott Password: 4 2 3 5 6 Login: Guesses last number and enters it before Scott can finish. scott Password: 4 2 3 5 6 9

31 Resource Sharing May not need account to access files Microsoft Shares
Guest Shares Accounts NFS Exports Samba

32 Service Exploits Banner Grabbing/Vulnerability Scanners
Stack/Buffer Overflow Backdoors File Transfer Programs Anonymous FTP TFTP FTP Bounces

33 Trusted Hosts increase threat!!!
FTP Bounces PORT address, port Upload Commands File RETR file Attacker Anonymous FTP Server with upload area Target Host Trusted Hosts increase threat!!!

34 CGI / Server Side Includes
Extends capabilities of web server External programs loaded by server Form processing Dynamically created pages Runs with same access as web server Susceptible to bugs and access exploits User script dangers

35 DNS Spoofing DNS/ARP Cache Poisoning Pharming
Trust-based access to other machines Berkeley R Commands Remote File systems (NFS/SMB) Web Site Phishing DNSSEC

36 Man in the Middle Attack
Buy New CD

37 Source Routing Attacks
DoS Trusted Host Address set to Trusted Host (IP Spoofing) Trusted Host Source routed connection request R R R R Attacker R R R R Source routed response Trusted Host

38 Session Hijacking Destination Host User Host Attacker Attacker watches live sessions to record sequence numbers Attacker DoS’s User Host and IP spoofs packets to Destination using User Host’s sequence numbers Destination continues session as if nothing happened

39 TCP Sequence Guessing Attacker DoS’s Trusted Host
Attacker attempts to connect to target many times and records sequence numbers Trusted Host Target Attacker calculates sequence numbers which will be assigned for next connection. Router Attacker spoofs address of trusted host and uses calculated sequence numbers (router passes trusted internal address Target runs command from spoofed trusted host Attacker

Download ppt "Network Attacks CS432 - Security in Computing"

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Network Vulnerabilities and Attacks Dr. John Abraham UTPA.

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.

Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Network Security Network Attacks and Mitigation 張晃崚 CCIE #13673, CCSI #31340 區域銷售事業處 副處長 麟瑞科技.

Network Security Network Attacks and Mitigation 張晃崚 CCIE #13673, CCSI #31340 區域銷售事業處 副處長 麟瑞科技.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.

Network-Based Denial of Service Attacks Trends, Descriptions, and How to Protect Your Network Craig A. Huegen Cisco Systems, Inc. NANOG 12 Interprovider.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

Similar presentations

Ads by Google