Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.

Published byGeorge Gervase Simpson Modified over 9 years ago

Similar presentations

Presentation on theme: "Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu."— Presentation transcript:

1 Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu

2  People use inexpensive broadband routers to create internal network in their homes.  Routers could be attacked from inside the home network and be used to mount sophisticated pharming attacks. ◦ All those attack need is a browser which run JavaScript and Java Applets. ◦ Possible damage: denial of service, malware infection, or identity theft among other things

3  people have assumed that the internal network is safe from outside attackers since home routers are usually configured by default to reject all incoming connection requests.  However, a malicious web page has the disastrous ability to manipulate its visitors’ home routers, changing its set-tings to enable spread of malware, target phishing attacks, or starve the visitor from critical security updates.

4  People install anti-virus software but an informal survey found that 50% of home users use a broadband router with default or no password.  a web-based automated method to detect routers on a victim’s internal net-work and then change the router settings using JavaScript-generated host scans and HTTP requests.

5  First step: detect the IP address of the host computer that access the malicious webpage. ◦ Many people ignore any warnings about a signed Applet and approve it without reading the prompt  Second step: detect the IP address of the router. ◦ An assumption is most off-the-shelf routers are pre-configured to be the lowest address in the range they serve. ◦ Or, host scan can be used--appending script tag tell the browser to load a script from a given URL.

6

7 ◦ Host scan  If the URL is the address of a host the returning error will be fail (the root HTML page is not valid JavaScript).  If the URL is not a host address returning error will be time out. ◦ Attempt to access each host IP using a list of common or default passwords. If one IP is accessed, that is the IP of the router.  Third step: Reconfigure the router ◦ Profiling the router: determine its type and make (what image it servers). ◦ Web-based router configuration still accept HTML GET(use query string to manipulate its setting)

8 ◦ Compromise the DNS configuration

9 ◦ Uploading compromised firmware.

10 ◦ Damage: Pharming, malware distribution, blocking virus definition updates, advertising vulnerable hosts  New attack ◦ Spam their address every where. (draw unwitting victims to infect their own networks). ◦ Hard to shut down (no single source).

11  Securing the end host (tightening the JRE security policy – make no difference between a failure to load a script file and a failure to parse a script file),  Securing routers (using password other than the default one)  ISP-level DNS filtering (all DNS traffic should be controlled by the ISP itself).

12  Unauthorized change of preferred DNS servers on home routers was shown to be a very elusive attack.  Manufacturers of home routers should be blamed by distributing their products with poorly secure default settings.

Download ppt "Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu."

Similar presentations

JavaScript Breaks Free Zulfikar Ramzan Symantec Security Response Joint w/ Markus Jakobsson, Sid Stamm (Indiana Univ)

JavaScript Breaks Free Zulfikar Ramzan Symantec Security Response Joint w/ Markus Jakobsson, Sid Stamm (Indiana Univ)
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.

Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.

Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.
S. Stamm, Z. Ramzan, and M. Jakobsson Presented by Anh Le.

S. Stamm, Z. Ramzan, and M. Jakobsson Presented by Anh Le.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.

IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.
Threats To A Computer Network

Threats To A Computer Network
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
COMPUTER TERMS PART 2. NETWORK When you have two or more computers connected to each other, you have a network. The purpose of a network is to enable.

COMPUTER TERMS PART 2. NETWORK When you have two or more computers connected to each other, you have a network. The purpose of a network is to enable.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Similar presentations

Ads by Google