Presentation is loading. Please wait.

Presentation is loading. Please wait.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Similar presentations


Presentation on theme: "Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of."— Presentation transcript:

1 Denial of Service & Session Hijacking

2  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of spam  Perform account lockout of valid users  Considered an unsophisticated attack  BOTs (zombies) and BOTnets  “Botnet of 1,000 bots has larger bandwidth than the Internet connection of most corporate networks.”  Oct 20, 2002: 9 of 13 DNS Root servers disabled for 1 hour  DoS Tools  Ping of Death: packets are too large for reassembly  Ping Flood: too many pings to handle the traffic  Land attack: source IP matches target IP

3  Use master/slave configuration  Phase 1: intrusion: infect systems to be zombies  Phase 2: attack: trigger slaves to attack  DDos Tools  Trinoo, Tribal Flood Network (TFN), TFN2K, Stacheldraht  Controlling Bots  Usually done by IRC connections due to unencrypted and long connection times   

4  Smurf attack: send much ICMP Echo (ping) to broadcast IP address with spoofed source address of victim   Fraggle attack: use large amounts of UDP traffic instead of ICMP  Preventing Smurf and Fraggle Attacks   Teardrop attack: send overlapping or over-sized payloads to the target machine   SYN Flood: flood victim with TCP connection requests and then don’t finish 3 way handshake 

5  SYN Cookies: don’t allocate resources until 3 way handshake is complete  RST Cookies: victim responds with incorrect SYN  ACK so attacker has to respond with notice of error  Micro Blocks: allocate smaller memory space for connection record  Stack Tweaking: modify the TCP/IP stack

6  Send ICMP echo packets of more than the 65,536 bytes allowed by the IP protocol  Causes system to freeze, crash, or reboot  Operating systems after 1997 are patched to prevent this

7  Network-Ingress filter  Rate-Limiting network Traffic (traffic shaping)  Intrusion Detection Systems  Automated Network-Tracing Tools  Host & Network Auditing Tools  DoS Scanning Tools  SARA (Security Auditor’s Research Assistant)  RID  Zombie Zapper

8  Hacker gains control of authenticated session  Made possible by sequence number projecting  SN range from 1 to 4,294,967,295  Incremented by 128,000 / second + 64,000 for each connection

9  Methods of hijacking  Session fixation: attacker sets user’s session to one know to him; (I set your session ID to one I know)  Session sidejacking: attacker sniffs traffic to steal the session cookie  Cross-site scripting: attacker tricks user’s computer to run code that captures the session cookie  Active vs Passive Hijacking  Active: attacker takes over the session  Passive: attacker watches/records all traffic (sniffing)  Relies on Sequence Prediction

10  Tools  Hunt  Dangers of hijacking  Easy to perform  Few countermeasures  Information gathering is successful  Preventing hijacking  Encryption: IPSec, SSH, HTTPS, VPNs  Minimize remote access  Strong Authentication  Educated users  Variety of usernames and passwords


Download ppt "Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of."

Similar presentations


Ads by Google