Presentation is loading. Please wait.

Presentation is loading. Please wait.

Targeted Break-in, DoS, & Malware attacks (II) (February 23 2015) © Abdou Illia – Spring 2015.

Published byRandolf Andrews Modified over 8 years ago

Similar presentations

Presentation on theme: "Targeted Break-in, DoS, & Malware attacks (II) (February 23 2015) © Abdou Illia – Spring 2015."— Presentation transcript:

1 Targeted Break-in, DoS, & Malware attacks (II) (February 23 2015) © Abdou Illia – Spring 2015

2 2 Learning Objectives Discuss DoS attacks Discuss Malware attacks

3 Denial of Service Attacks

4 4 TCP opening and DoS For each TCP connection request (SYN), server has to: Respond to the request (SYN/ACK) Set resources aside in order respond to each data request........ SYN SYN/ACK ACK Waiting for request from Computer 1 1 SYN SYN/ACK ACK 2 SYN SYN/ACK ACK 3 Waiting for request from Computer 2 Waiting for request from Computer 3 Server......

5 5 Web Server configuration

6 6 Denial of Service (DoS) What resources the web server would use to respond to each of the HTTP requests it receives? What could be the consequences of the web server being invaded by too much requests from the attacker? Attacker’s Home Network

7 7 Denial of Service (DoS) Attack Attack that makes a computer’s resources unavailable to legitimate users Types of DoS attacks: Single-message DoS Flooding DoS Distributed DoS

8 8 Single-message DoS attacks First kind of DoS attacks to appear Exploit weakness in the coding of operating systems and network applications Three main single-message DoS: Ping-of-Death Teardrop LAND attack

9 9 Ping of Death attacks Take advantage of Fact that TCP/IP allows large packets to be fragmented Some network applications & operating systems’ inability to handle packets larger than 65536 bytes Attacker sends IP packets that are larger than 65,536 bytes through IP fragmentation. Ping of death attacks are rare today as most operating systems have been fixed to prevent this type of attack from occurring. Example of PoD code and vulnerable Operating Systems: http://insecure.org/sploits/ping-o-death.html Fix Add checks in the reassembly process or in firewall to protect hosts with bug not fixed Check: Sum of Total Length fields for fragmented IP is < 65536 bytes Total Length (16 bits)FlagsFragment Offset (13 bits) Fragment offset: identify which fragment this packet is attached to. Flags: indicates whether packet could be fragmented or not

10 10 Teardrop attacks Take advantage of IP fragmentation Attacker sends a pretend fragmented IP packet But Fragment Offset values are not consistent Earlier operating systems* and poorly coded network applications crash because Unable to reassemble the packet due to missing fragments Attacker Victim Frag 1Frag 2Frag 4 Pretend fragmented IP packet * Win 3.1, Win 95, Win NT, and Linux prior to 2.163 Total Length (16 bits)FlagsFragment Offset (13 bits)

11 11 LAND attacks First, appeared in 1997 Attacker uses IP spoofing with source and destination addresses referring to target itself. Back in time, OS and routers were not designed to deal with this kind of loopback Problem resurfaces recently with Windows XP and Windows 2003 Server

12 12 Summary Questions 1 Do DoS attacks primarily attempt to jeopardize confidentiality, integrity, or availability? Which of the following DoS attacks takes advantage of IP fragmentation? a) LAND attack b) Teardrop c) Ping of Death d) None of the above In which of the following DoS attacks the attacker makes use of IP spoofing? a) LAND attack b) Teardrop c) Ping of Death d) None of the above

13 13 Flooding DoS Attacks Flood a target with a series of messages in an attempt to make it crash Main types of flooding DoS attacks: Flooding with regular requests SYN flooding Smurf flooding Distributed DoS

14 14 Flooding with regular request Open cmd and type: ping /? Show the –l option Show the following video about using ping –l in a possible attempt to flood the allrecipes.com website. Youtube: How To DOS a Website Another Fooding attack DoS using Low Orbit Ion Cannon

15 15 SYN Flooding Attacker sends a series of TCP SYN opening requests For each SYN, the target has to Send back a SYN/ACK segment, and set aside memory, and other resources to respond When overwhelmed, target slows down or even crash SYN takes advantage of client/server workload asymmetry Attacker Victim SYN

16 16 Smurf Flooding DoS Attacker uses IP spoofing Attacker sends ping / echo messages to third party computers on behalf of the target All third party computers respond to target

17 17 Distributed DoS (DDoS) Attack Server DoS Messages Bots Link to how to deal with DDoS (by Cisco) Handler Attack Command Attack Command Attacker hacks into multiple clients and plants handler programs on them. Clients become bots or intermediaries Attacker sends attack commands to handlers which execute the attacks First appeared in 2000 with Mafiaboy attack against cnn.com, ebay.com, etrade.com, yahoo.com, etc. Attacker Attack Command

18 18 Distributed DoS (DDoS) Attack

19 19 Distributed DoS (DDoS) Attack

20 20 A DoS story: The Spamhaus was a victim of a DoS in 2013 The following video discusses how the attack was lauched and how it was stopped The Spamhaus attack video

21 21 Summary Questions 2 Describe SYN flooding. Describe Smurf flooding What is a DDoS attack? What is a Handler program?

22 Malware Attacks

23 23 Malware attacks Types of malware: Viruses Worms Trojan horses Logic bombs

24 24 Virus Code/Program (script, macro) that: a ttaches to files Spreads by user actions (floppy disk, flash drive, opening email attachment, IRC, FTP, etc), not by themselves. Symptoms: Annoying actions when the virus is executed: hog up memory, crash the system, drives are not accessible, antivirus disabled, etc. Performing destructive actions when they are executed: delete files, alter files, etc.

25 25 Viruses Could be Boot sector viruses: attach themselves to files in boot sector of HD File infector viruses: attach themselves to files (i.e. program files and user files) Polymorphic viruses: mutate with every infection (using encryption techniques), making them hard to locate Metamorphic viruses: rewrite themselves completely each time they are to infect new executables* Stealth: hides itself by intercepting disk access requests by antivirus programs. Request by antivirus OS Stealth The stealth returns an uninfected version of files to the anti-virus software, so that infected files seem "clean”. * metamorphic engine is needed

26 26 Worm Does not attach to files A self-replicating computer program that propagate across a system Uses a host computer’s resources and network connections to transfer a copy of itself to another computer Harms the host computer by consuming processing time and memory Harms the network by consuming the bandwidth Question: Distinguish between viruses and worms

27 27 Trojan horse A computer program That appears as a useful program like a game, a screen saver, etc. But, is really a program designed to damage or take control of the host computer When executed, a Trojan horse could Format disks Delete files Open TCP ports to allow a remote computer to take control of the host computer (Back Door) NetBus and SubSeven used to be attackers’ favorite programs for target remote control

28 28 Trojan horse NetBus Interface

29 29 Logic bomb Piece of malicious code intentionally inserted into a software system The bomb is set to run when a certain condition is met Passing of specified date/time Deletion of a specific record in a database Example: a programmer could insert a logic bomb that will function as follow: Scan the payroll records each day. If the programmer’s name is removed from payroll, then the logic bomb will destroy vital files weeks or months after the name removal.

30 30 Summary Questions 3 Distinguish between a virus and a worm What kind of malware is a malicious program that could allow an attacker to take control of a target computer? What kind of malware could harm a host computer by consuming processor time and random access memory?

Download ppt "Targeted Break-in, DoS, & Malware attacks (II) (February 23 2015) © Abdou Illia – Spring 2015."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Review For Exam 2 March 9, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Networking and Security: Connecting Computers and Keeping Them Safe from Hackers and Viruses Networking fundamentals Network architecture Network components.

1 Networking and Security: Connecting Computers and Keeping Them Safe from Hackers and Viruses Networking fundamentals Network architecture Network components.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
DENIAL OF SERVICE ATTACK

DENIAL OF SERVICE ATTACK
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Similar presentations

Ads by Google