Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Published byMaximillian Butler Modified over 9 years ago

Similar presentations

Presentation on theme: "Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008."— Presentation transcript:

1 Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008

2 Why do Hackers Attack ?  Because they can A large fraction of hacker attacks have been pranks  Financial Gain  Espionage  Venting anger at a company or organization  Terrorism

3 Types of Hacker Attacks AActive Attacks –D–Denial of Service –B–Breaking into a site Intelligence Gathering Resource Usage Deception  Passive Attacks –Sniffing Passwords Network Traffic Sensitive Information –Information Gathering

4 Modes of Hacker Attacks  Over the Internet  Over LAN  Locally  Offline  Theft  Deception

5 Spoofing Definition: An attacker alters his identity so that someone thinks he is some one else –Email, User ID, IP Address, … –Attacker exploits trust relation between user and networked machines to gain access to machines

6 Types of Spoofing IIP Spoofing EEmail Spoofing WWeb Spoofing

7 IP Spoofing – Flying-Blind Attack Definition: Attacker uses IP address of another computer to acquire information or gain access Replies sent back to 10.10.20.30 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 Attacker changes his own IP address to spoofed address Attacker can send messages to a machine masquerading as spoofed machine Attacker can not receive messages from that machine

8 IP Spoofing – Source Routing Definition: Attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies Spoofed Address 10.10.20.30 Attacker intercepts packets as they go to 10.10.20.30 Attacker 10.10.50.50 From Address: 10.10.20.30 To Address: 10.10.5.5 Replies sent back to 10.10.20.30 John 10.10.5.5 The path, a packet may take can vary over time To ensure that he stays in the loop the attacker uses source routing to ensure that the packet passes through certain nodes on the network

9 E-mail Spoofing Definition:  Attacker sends messages masquerading as some one else  What can be the repercussions?

10 Types of Email Spoofing  Create an account with similar email address  Modify a mail client Attacker can put in any return address he wants to in the mail he sends  Telnet to port 25 Most mail servers use port 25 for SMTP (Simple Mail Transfer Protocol). Attacker logs on to this port and composes a message for the user.

11 Web Spoofing  Basic –Attacker registers a web address matching an entity e.g. voteforbush.com, getproducts.com.  Man-in-the-Middle Attack –Attacker acts as a proxy between the web server and the client –Attacker has to compromise the router or a node through which the relevant traffic flows Contd.

12  URL Rewriting –Attacker redirects web traffic to another site that is controlled by the attacker –Attacker writes his own web site address before the legitimate link  Tracking State –When a user logs on to a site a persistent authentication is maintained –This authentication can be stolen for masquerading as the user Web Spoofing

13 Session Hijacking Definition:  Process of taking over an existing active session Modus Operandi: 1. User makes a connection to the server by authenticating using his user ID and password. 2. After the users authenticate, they have access to the server as long as the session lasts. 3. Hacker takes the user offline by denial of service 4. Hacker gains access to the user by impersonating the user

14 Session Hijacking Bob telnets to Server Bob authenticates to Server Hi! I am BobDie! Bob Attacker Attacker can –monitor the session –periodically inject commands into session –launch passive and active attacks from the session

15 Denial of Service Attack (DOS) Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it.

16 Types of DOS Attacks  Crashing the system or network Send the victim data or packets which will cause system to crash or reboot.  Exhausting the resources by flooding the system or network with information Since all resources are exhausted others are denied access to the resources  Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks

17 Buffer Overflow Attacks  This attack takes advantage of the way in which information is stored by computer programs  An attacker tries to store more information on the stack than the size of the buffer  Programs which do not do not have a rigorous memory check in the code are vulnerable to this attack

18 Password Attacks  A hacker can exploit a weak passwords & uncontrolled network modems easily  Steps –Hacker gets the phone number of a company –Hacker runs war dialer program –Hacker now needs a user id and password to enter company network

19 Password Security Client Server Compare Password Hashed Password Stored Password Hash Function Hashed Password Allow/Deny Access  Password hashed and stored –Salt added to randomize password & stored on system  Password attacks launched to crack encrypted password Salt

20 Thank You

Download ppt "Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing emails are designed.

Hacker’s tricks for online users to reveal their sensitive information such as credit card, bank account, and social security. Phishing s are designed.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Computer Security MIS 604 – IT Solutions to Business Problems Spring 2002 Hackers.

Computer Security MIS 604 – IT Solutions to Business Problems Spring 2002 Hackers.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Similar presentations

Ads by Google