3 WARNING !The system is either busy or has been unstable. You can wait andSee if it becomes available again, or you can restart your computer.* Press any key to return to Windows and wait.* Press CTRL+ALT+DEL again to restart your computer. You willLose unsaved information in any programs that are running.Press any key to continue.
4 Carl the Happy Chatter Group 4 Presents: But not for long…. Carl MorrisAndrew SnyderKen NguyenDec User Attacks
5 User AttacksWhat is it?An attack mounted against an end user of the InternetGoals of an attackerObtain access to systemsEavesdrop on communicationsAggravate and annoy a household userCause damage!Anything to annoy an end user
6 Context of Discussion Not meant to apply to “computer geeks” Applies to average end userAttacks mounted easily by attackers with limited computer knowledge
7 Methods of choicePerformed a search for phrases such as “How to find Windows NT passwords,” “Hacking into Computers” & “Easy Hacking”Used our own past experiences (world & class)Our own interests
8 We decided... The Big Three: Denial of Service (DoS) Packet Sniffing Back Orifice 2000
9 What is DoS? Attacker consumes limited resources on victim’s machine CPU timememorybandwidth
10 DoSEasy DoS AttackPing FloodingPing of DeathWinNuke
11 Ping Flooding What is Ping Flooding? Sending huge amounts of ICMP Echo RequestsUsed legitimately to test your connection
12 Ping Flooding (cont.) Ping Flooding’s impact Ties up victim’s bandwidthForces dialup users to disconnectMay cause victim’s machine to crash
13 Ping Flooding (cont.) Ping Flooding is Hard! Need to know victim’s IP Easily obtained from ICQ, IRC, message forums, etc...Must type“ping destination_IP –t –l huge#”
14 Ping of Death What is Ping of Death? Carl receives a packet of illegal sizeCarl’s computer crashes
15 Ping of Death (cont.) Ping of Death is also very hard Must type “ping destination_IP –l 65550”
16 WinNuke What is WinNuke? Takes advantage of Window’s Out of Band (OOB) bugCarl receives a pointer that is invalidCarl’s computer crashes
18 Protect yourself Ping of Death & WinNuke Get patches for your appropriate OS to prevent overflow/pointer error
19 Protect yourself Ping Flooding Sets computer not to echo back, cuts by 50%Call your ISP, or set up your own firewallStop it before it start: Do not give out your IP!
20 What Is Packet Sniffing? Packet sniffing is eavesdropping on network traffic.It consists of capturing packets on the network and analyzing them to obtain information.
21 What Is in a Packet? Source and Destination (MAC) A packet can contain information ranging from web addresses to passwords.However, it is all in binary form, and requires a protocol analyzer to make sense of it all.
22 MACEach Ethernet card contains a 48-bit identifier – Media Access ControlThe first 24 bits identify the vendorThe last 24 bits identify the cardTo find out your MAC:Win9x – winipcfg.exeWinNT – ipconfig /allLinux – ifconfig
23 How Is Packet Sniffing Used? Packets are captured.-- Promiscuous modePackets are analyzed.-- Protocol analyzer(LanSleuth, Neptune, Ethereal)
24 Malicious Effects Websites Passwords Any unencrypted information sent over the network(Messages, Files)
25 Ease of Use Network Protocol Analyzers LanSleuth, Ethereal, Neptune, snoopEasy installation and configurationSome analyzers require administrative permissions
28 Preventions Encrypt all transfers SSL – Secure Socket Language SSH – Secure ShellVPN – Virtual Private Networks
29 Detections In theory – impossible In practice – possible sometimes Stand-alone packet sniffers don’t transfer packetsNon-standard generate traffic (DNS reverse lookups in order to find names associated with IP addresses)
30 Ping Method Send a request Nobody should respond Response --> Sniffer!
31 Packet Sniffing Re-visited Packets are “captured” on the networkThey are then analyzed- Passwords- Web sitesImpossible to stopDifficult to detect
32 Back Orifice 2000What is it?“The most powerful network administration tool available for the Microsoft environment”How is it used?An “administrator”creates a custom server fileinstalls this server on the target machineconnects to the target machineperform various functions
33 Back Orifice 2000 Malicious effects A malicious attacker can: Install the server on victim’s machineTake over computerLogging keystrokesRebootingViewingcached passwordsthe active screenetcEase of useIn the next few minutes, I will show you how to use BO2K
41 Prevention Measures Umgr32.Exe anyone ? 1) Antivirus 2) firewall 3) don’t trust anyone4) look for umgr32.Exe (or registry) on your computer5) Microsoft: get a clue
42 SummaryMany user attacks are so easy that even your mom could figure them outSome attacks can’t be protected against based on current network protocol and system architectureMicrosoft needs to tighten up security on their products
43 Conclusion Are you safe? That kid next door could be screwing with you right now.You could be a victim of user attacks and not even know it.Practice online safety measures.You are not invincible: Don’t take security for granted