Attack Profiles - PowerPoint PPT Presentation

About This Presentation
Title:

Attack Profiles

Description:

TCP/IP Connection Hijacking ... the stream to be hijacked to his address and the ... Layer-2 Connection Hijacking. Exploits fact the IP broadcasts ARP requests ... – PowerPoint PPT presentation

Number of Views:22
Avg rating:3.0/5.0
Slides: 20
Provided by: Dic972
Category:

less

Transcript and Presenter's Notes

Title: Attack Profiles


1
Attack Profiles
  • CS-480b
  • Dick Steflik

2
Attack Categories
  • Denial-of-Service
  • Exploitation Attacks
  • Information Gathering Attacks
  • Disinformation Attacks

3
Denial of Service Attacks
  • Ping of Death
  • Teardrop
  • UDP Floods
  • SYN Floods
  • Land Attack
  • Smurf Attack
  • Fraggle Attack
  • e-Main Bombs
  • Malformed Message Attacks

4
Ping of Death
  • ICMP Echo request packet that is bigger than
    largest allowable
  • TCP/IP specification says max should be 65 Kbytes
  • Hackers goal is to crash the stack by exceeding
    the max size of the I/O buffer
  • Defense - stack must be hardened (all current
    popular stack implementations take care of this)

5
Teardrop
  • IP implementations that trust fragmentation
    information in the headers of fragmented IP
    packets
  • if offsets have overlapping offsets many
    implementations will crash
  • Defenses
  • apply latest patches
  • configure firewalls to reassemble fragments
    rather than forwarding (for end point to
    reassemble)

6
UDP Floods
  • Forge a connection to a host running chargen and
    have it send useless chargen data to the echo
    server on another
  • makes the 2 services so busy that the host may
    crash or be too busy to respond to normal traffic
  • Defense configure only services that are
    absolutely necessary (chargen and echo have no
    business running on a production server)

7
SYN Floods
  • The goal here is to use up all of the target
    hosts resources (memory and processes) thereby
    making it unable to process legitimate traffic
  • each time a user sends a SYN the host accepts and
    allocates a process and memory
  • this gets done over and over until things just
    get used up
  • Defense A firewall that can recognize the
    characteristics of a SYN attack and start
    rejecting packets

8
Land Attack
  • Hardened stack inplementations have made this
    obsolete
  • send a special SYN packet with source and
    destination address set to the targeted machines
    IP address, causes recipient to acknowledge to
    its own address, connection is left open until OS
    times it out
  • Defense
  • latest patches
  • configure firewalls to reject inbound packets
    with internal addresses as the source address

9
Smurf Attack
  • Flood a host with ICMP Echo Requests that have
    the destination address set to the subnet
    broadcast address
  • Defense
  • turn off broadcast addressing feature
  • configure firewall to drop incoming pings

10
Fraggle Attacks
  • A Smurf attack using UDP echo messages rather
    than ICMP echo requests
  • Defense have firewall filter out incoming UDP
    echo requests

11
E-mail Bombs
  • Goal is to use up the mail servers bandwidth,
    thus denying mail to all users
  • repeatedly send large e-mail message to same user
    over and over
  • Defense configure mail server to delete
    excessive and/or duplicate e-mails from the server

12
Malformed Message Attacks
  • Send malformed messages
  • excessively large URLs to web servers
  • send random data to RPC services to try crashing
  • try buffer overflows by malforming protocol
    fields
  • Defense keep up to date with vulnerability
    reports and patched from vendors for OEM products

13
Exploitation Attacks
  • TCP/IP Connection Hijacking
  • Layer-2 Connection Hihacking
  • Password Guessing
  • Trojan Horses
  • Buffer Overflows

14
TCP/IP Connection Hijacking
  • TCP uses pseudo random number sequences to
    generate to order TCP packets so they can be
    reassembled reliably
  • if hacker can predict the next correct sequence
    number he can send a fixed up packed that will
    cause the stream to be hijacked to his address
    and the valid packets will end up getting dropped
  • Defense use a stack with an uncompromised pseudo
    random number generator (OpenBSD or Linux)
  • use a redirector to reconstruct a stream (redir)

15
Layer-2 Connection Hijacking
  • Exploits fact the IP broadcasts ARP requests
  • Extreemly rare, because it requires layer2
    access, except in ISP colocation situations where
    your machine may be located on same switch as
    many other machines.
  • Use hubs rather than switches or have ISP use
    layer-3 routers rather than layer-2 switches

16
Password Guessing
  • Use strong passwords
  • dont expose exploitable services like telnet,
    NetBIOS or NFS
  • use lockout policies for handling multiple
    unsuccessful login attempts

17
Trojan Horses
  • Some other exploit installs a program on your
    computer that opens a back door into the system
  • could open up pcAnywhere or VNC to give remote
    user full access to your machine
  • usually installed from a e-mail attachment

18
Information Gathering Attacks
  • Address Scanning
  • Port Scanning
  • Inverse Mapping
  • Slow Scanning
  • Architecture Probes
  • DNS Zone Transfers
  • Finger
  • LDAP
  • SNMP

19
Disinformation Attacks
  • DNS Cache Pollution
  • Registrar Usurpation
  • Forged E-mail
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Attack Profiles" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!