Presentation is loading. Please wait.

Presentation is loading. Please wait.

S. Stamm, Z. Ramzan, and M. Jakobsson Presented by Anh Le.

Published byGervase Douglas Modified over 9 years ago

Similar presentations

Presentation on theme: "S. Stamm, Z. Ramzan, and M. Jakobsson Presented by Anh Le."— Presentation transcript:

1 S. Stamm, Z. Ramzan, and M. Jakobsson Presented by Anh Le

2 Authors Sid Stamm - Indiana University - Google Intern Dr. Zulfikar Ramzan - Technical Director of Symantec Security Prof. Markus Jacobsson - Indiana University - Principal Scientist at Palo Alto RC Anh Le - UC Irvine - 2009

3 Outline 1. Introduction 2. Preliminaries and Previous Work 3. Drive-By Pharming 4. Demo 5. New Attacks and Recent Events 6. Conclusion and Discussion Anh Le - UC Irvine - 2009

4 1. Introduction  Motivation: Total control of home broadband routers ○ Phishing (by changing DNS setting) ○ Botnets (by changing firmware)  How: Attacker sets up an “evil” webpage Victim visits the evil webpage Victim’s home router is compromised No physical proximity required  Enablers: JavaScript-enabled web browsers Default password management of the routers Anh Le - UC Irvine - 2009

5 2a. Preliminaries  DNS: Domain Name System What’s IP of yahoo.com? yahoo.com’s IP is 206.190.60.37 Client DNS server (home router) Anh Le - UC Irvine - 2009

6 2a. Preliminaries (cont.)  Phishing: A type of social engineering attack to obtain access credentials  Pharming: An attack aiming to redirect a website's traffic to another bogus website Anh Le - UC Irvine - 2009

7 2b. Previous Work Internet Detecting … … Your internal subnet is10.0.0.0/24! 1.Internal Net Discovery [Kindermann 2003] Java Applet 2.Host Scanning [Grossman 2006, SPI Labs 2006] Java Script Fingerprint router using default password and image name Detecting … … You have a Linksys router, and its IP is 10.0.0.1! Anh Le - UC Irvine - 2009

8 Outline 1. Introduction 2. Preliminaries and Previous Work 3. Drive-By Pharming 4. Demo 5. New Attacks and Recent Events 6. Conclusion and Discussion Anh Le - UC Irvine - 2009

9 3. Drive-By Pharming Internet DNS Setting Changed! Anh Le - UC Irvine - 2009

10 3. Drive-By Pharming  How is it possible? HTTP Get Configuration Off-site script inclusion How about password-protected? http://10.0.0.1/apply.cgi?dns=new-dns-server.com <script src=“http://usr:pwd@10.0.0.1/ apply.cgi?dns=evil.com”> Anh Le - UC Irvine - 2009

11 3. Drive-By Pharming (cont.)  Assumptions : 1. JavaScript-Enabled Web Browser 2. Default Password Management  Vulnerable Routers : Netgear WGR614 D-Link DI-524 Linksys WRT54G Cisco 806, 826, … … Anh Le - UC Irvine - 2009

12 3. Drive-By Pharming (cont.)  Verizon [Modem + Router] MI424-WR  admin:admin Anh Le - UC Irvine - 2009

13 4. Demo Anh Le - UC Irvine - 2009

14 Outline 1. Introduction 2. Preliminaries and Previous Work 3. Drive-By Pharming 4. Demo 5. New Attacks and Recent Events 6. Conclusion and Discussion Anh Le - UC Irvine - 2009

15 5. New Attacks and Recent Events  New Attacks: Growing Zombies/Botnets ○ By installing evil firmware Viral Spread ○ Router auto-recruits routers  Recent Events: Kaminsky DNS Vulnerability (July 2008) ○ cache poisoning attacks on any nameserver! Router Botnets (March 2009!) Anh Le - UC Irvine - 2009

16 5. Conclusion and Discussion  Routers with default password management are easily compromised  Browsers as conduits of attacks to internal network  Army of router botnets Anh Le - UC Irvine - 2009

17

Download ppt "S. Stamm, Z. Ramzan, and M. Jakobsson Presented by Anh Le."

Similar presentations

JavaScript Breaks Free Zulfikar Ramzan Symantec Security Response Joint w/ Markus Jakobsson, Sid Stamm (Indiana Univ)

JavaScript Breaks Free Zulfikar Ramzan Symantec Security Response Joint w/ Markus Jakobsson, Sid Stamm (Indiana Univ)
A look into Bullet Proof Hosting November 2014 - DefCamp 5 Silviu Sofronie – Head of Forensics

A look into Bullet Proof Hosting November DefCamp 5 Silviu Sofronie – Head of Forensics
192.168.0.0/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.

/30 Host Name : R1 Serial 0/0/0.1.2 Host Name : R2 Router Lab 3 : 2 - Routers Connection DTE DCE.
SCADA Security, DNS Phishing

SCADA Security, DNS Phishing
Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
“All your layer are belong to us” Rogue 802.11 APs, DHCP/DNS Servers, and Fake Service Traps.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.

1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.
Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.

Configuring your Home Network Configuring your Home Network Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT, NSA-IAM.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
How’s My Network (HMN)? A Java approach to Home Network Measurement Alan Ritacco, Craig Wills, and Mark Claypool Computer Science Department Worcester.

How’s My Network (HMN)? A Java approach to Home Network Measurement Alan Ritacco, Craig Wills, and Mark Claypool Computer Science Department Worcester.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
hotEx RADIUS Manager Installation

hotEx RADIUS Manager Installation
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Bullet-Proofing Your Wireless Router By Steve Janss.

Bullet-Proofing Your Wireless Router By Steve Janss.
Configuring Linksys Wireless Ethernet Bridge Prof. Valencia Community College.

Configuring Linksys Wireless Ethernet Bridge Prof. Valencia Community College.
Viruses, Phishing and Pharming Megan, Matt, Rishi.

Viruses, Phishing and Pharming Megan, Matt, Rishi.
Technical Training: DIR-615

Technical Training: DIR-615

Similar presentations

Ads by Google