Hands-On Ethical Hacking and Network Security
Download
Report
Transcript Hands-On Ethical Hacking and Network Security
Network & Computer Attacks
(Part 2)
February 11, 2010
MIS 4600 – MBA 5880 - © Abdou Illia
Objectives
Understand the types of network attacks and how the
occur
Denial of Service attacks (DoS)
SYN Flood DoS
Distributed DoS attacks
Ping of Death attacks
Buffer Overflow attacks
Identify physical security attacks and vulnerabilities
2
Denial of Service (DoS)
Attempt to make a computer resources unavailable to
legitimate users
Intel Pentium 4 540 (3 Ghz)
512 MB SDRAM
2 x 100 GB SATA HDD
16x CD Drive
Gateway 3-button mouse
Gateway 108 keyboard
SVGA graphic card
NetworkNetwork
Attacker’sHome
Home
Legitimate user
Legitimate user
HTTP requests
Workstation
Stream of HTTP requests
Workstation
Internet
Router
Hub
Workstation
Web Server
HTTP requests
All workstations use IP spoofing
to send HTTP requests to the
web server.
Legitimate user
Workstation
Workstation
Legitimate user
3
What resources the web server would use to respond to each of the HTTP requests it receives?
What could be the consequences of the web server being invaded by too much requests from the
attacker?
TCP opening and DoS
Server
1
SYN
SYN/ACK
ACK
Waiting for request
from Computer 1
2
SYN
SYN/ACK
ACK
Waiting for request
from Computer 2
3
SYN
SYN/ACK
ACK
Waiting for request
from Computer 3
.
.
.
...
.
For each TCP connection request, server has to:
Respond to the request
Set resources aside in order respond to each data request
4
SYN Flood DoS
Attacker sends a series of TCP SYN opening requests
For each SYN, the target has to
Send back a SYN/ACK segment, and
set aside memory, and other resources to respond
When overwhelmed, target slows down or even crash
SYN takes advantage of client/server workload
asymmetry
SYN
SYN
SYN
SYN
SYN
Attacker
5
Victim
Web Server configuration
6
Total Length (16 bits)
Flags
Fragment Offset (13 bits)
Ping of Death attacks
Take advantage of
Fact that TCP/IP allows large packets to be fragmented
Some network applications & operating systems’ inability to handle
packets larger than 65536 bytes
Attacker sends IP packets that are larger than 65,536
bytes through IP fragmentation.
Ping of death attacks are rare today as most operating
systems have been fixed to prevent this type of attack
from occurring.
List of OS that were vulnerable:
http://insecure.org/sploits/ping-o-death.html
Fix
Add checks in the reassembly process or in firewall to protect hosts with
bug not fixed
Check: Sum of Total Length fields for fragmented IP is < 65536 bytes
7
Fragment offset: identify which fragment this packet is attached to. Flags: indicates whether packet could be
fragmented or not
Distributed DoS (DDoS)
Attack
Attacker hacks into multiple clients and plants handler
programs and Zombie programs on them
Attacker sends attack commands to Handlers and Zombie
programs which execute the attacks
First appeared in 2000 with Mafiaboy attack against cnn.com,
ebay.com, etrade.com, yahoo.com, etc.
Attack
Command
DoS Messages
Computer with
Zombie
Server
8
Attack
Command
Handler
DoS Messages Computer with
Zombie
Attack
Command
Attacker
Buffer Overflow Attack
Occurs when ill-written programs allow data destined to a
memory buffer to overwrite instructions in adjacent
memory register that contains instructions.
If the data contains malware, the malware could run and
creates a DoS
Example of input data: ABCDEF LET JOHN IN WITHOUT
PASSWORD
Buffer
1
2
3
Instructions
4
5
6
Print
Run Program
Accept input
Buffer
1
A
2
B
3
C
Instructions
4
D
5
E
6
F
LET JOHN IN WITHOUT PASSWORD
Run Program
9
Accept input
Addressing Physical Security
Protecting a network also requires physical
security
Inside attacks are more likely than attacks
from outside the company
10
Keyloggers
Used to capture keystrokes on a computer
Hardware
Software
Software
Behaves like Trojan programs
Hardware
Easy to install
Goes between the keyboard and the CPU
KeyKatcher and KeyGhost
11
Keyloggers (continued)
Protection
Software-based
Antivirus
Hardware-based
Random visual tests
12
Behind Locked Doors
Lock up your servers
Average person can pick deadbolt locks in
less than five minutes
After only a week or two of practice
Experienced hackers can pick deadbolt locks
in under 30 seconds
Rotary locks are harder to pick
Keep a log of who enters and leaves the
room
Security cards can be used instead of keys
for better security
13
Summary Questions
Describe SYN flooding.
What is a Zombie program?
Explain how Ping of Death attack occurs?
Explain difference between DoS and DDoS.
Do DoS attacks primarily attempt to
jeopardize confidentiality, integrity, or
availability?
What is a Buffer Overflow attack?
What is a hardware keylogger?
14