Presentation is loading. Please wait.

Presentation is loading. Please wait.

Two Scary DoS Attacks AND Hacking American Express and Chase Manhattan Accounts HI-TEC July 24, 2013.

Published byConrad Richardson Modified over 8 years ago

Similar presentations

Presentation on theme: "Two Scary DoS Attacks AND Hacking American Express and Chase Manhattan Accounts HI-TEC July 24, 2013."— Presentation transcript:

1 Two Scary DoS Attacks AND Hacking American Express and Chase Manhattan Accounts HI-TEC July 24, 2013

2 Bio

3 Cookie Re-Use

4

5 SockStress

6 From 2008 Still not patched Attacks TCP by sending a small WINDOW size Causes sessions to hang up, consuming RAM Does not work on BackTrack/Kali Requires Slackware, works best on v. 10 Can render servers unbootable

7 SockStress Demo

8

9 IPv4 Exhaustion

10

11 One Year Left

12 IPv6 Exhaustion

13 Link-Local DoS IPv6 Router Advertisements

14 Old Attack (from 2011) Image from forumlane.org

15 IPv4: DHCP PULL process Client requests an IP Router provides one Host Router I need an IP Use this IP

16 IPv6: Router Advertisements PUSH process Router announces its presence Every client on the LAN creates an address and joins the network Host Router JOIN MY NETWORK Yes, SIR

17 Router Advertisement Packet

18 RA Flood (from 2011) flood_router6

19 Effects of flood_router6 Drives Windows to 100% CPU Also affects FreeBSD No effect on Mac OS X or Ubuntu Linux

20 The New RA Flood Image from guntech.com/

21 MORE IS BETTER Each RA now contains – 17 Route Information sections – 18 Prefix Information sections

22

23 Flood Does Not Work Alone Before the flood, you must send some normal RA packets This puts Windows into a vulnerable state

24 How to Perform this Attack For best results, use a gigabit Ethernet NIC on attacker and a gigabit switch Use thc-ipv6 2.1 on Linux Three Terminal windows: 1../fake_router6 eth1 a::/64 2../fake_router6 eth1 b::/64 3../flood_router26 eth1 Windows dies within 30 seconds

25 Effects of New RA Flood Win 8 & Server 2012 die (BSOD) Microsoft Surface RT dies (BSOD) Mac OS X dies Win 7 & Server 2008 R2, with the "IPv6 Readiness Update" freeze during attack iPad 3 slows and sometimes crashes Android phone slows and sometimes crashes Ubuntu Linux suffers no harm

26 Videos and Details

27 Mitigation Disable IPv6 Turn off Router Discovery with netsh Use a firewall to block rogue RAs Get a switch with RA Guard Microsoft's "IPv6 Readiness Update" provides some protection for Win 7 & Server 2008 R2 – Released Nov. 13, 2012 – KB 2750841 – But NOT for Win 8 or Server 2012!!

28 DEMO

29 More Info Slides, instructions for the attacks, and more at Samsclass.info

Download ppt "Two Scary DoS Attacks AND Hacking American Express and Chase Manhattan Accounts HI-TEC July 24, 2013."

Similar presentations

GHOST glibc gethostbyname() Vulnerability CVE-2015-0235 Johannes B. Ullrich, Ph.D. SANS Technology Institute https://isc.sans.edu.

GHOST glibc gethostbyname() Vulnerability CVE Johannes B. Ullrich, Ph.D. SANS Technology Institute
TCP-IP Primer David Cozens. Targets Have a basic understanding of Ethernet network technology Be aware of how this technology is applied on the 5000 series.

TCP-IP Primer David Cozens. Targets Have a basic understanding of Ethernet network technology Be aware of how this technology is applied on the 5000 series.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
SAVI IP Source Guard draft-baker-sava- implementation Fred Baker.

SAVI IP Source Guard draft-baker-sava- implementation Fred Baker.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Transparent Caching The art of caching network traffic without requiring user / browser side configuration.

Transparent Caching The art of caching network traffic without requiring user / browser side configuration.
Communication Protocols III Tenth Meeting. Connections in TCP A wants to send to B. What is the packet next move? A travels through hub and bridge to.

Communication Protocols III Tenth Meeting. Connections in TCP A wants to send to B. What is the packet next move? A travels through hub and bridge to.
1 쉽게 접근하자 DoS! Sookmyung Women’s Univ. 최서윤. 2 The DoS?! Sockstress DoS using LOIC Link Local DoS.

1 쉽게 접근하자 DoS! Sookmyung Women’s Univ. 최서윤. 2 The DoS?! Sockstress DoS using LOIC Link Local DoS.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Layer 2 Security – No Longer Ignored Security Possibilities at Layer 2 Allan Alton, BSc CISA CISSP NetAnalyst UBC October 18, 2007.

Layer 2 Security – No Longer Ignored Security Possibilities at Layer 2 Allan Alton, BSc CISA CISSP NetAnalyst UBC October 18, 2007.
1.  A protocol is a set of rules that governs the communications between computers on a network.  Functions of protocols:  Addressing  Data Packet.

1.  A protocol is a set of rules that governs the communications between computers on a network.  Functions of protocols:  Addressing  Data Packet.
A Model of IPv6 Internet Access Service via L2TPv2 Shin Miyakawa NTT Communications 2006/7/10 IETF66th.

A Model of IPv6 Internet Access Service via L2TPv2 Shin Miyakawa NTT Communications 2006/7/10 IETF66th.
Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala.

Is Apple’s iMac Operating System Secure under flooding Attacks? by aditya chintala.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Christopher Bednarz Justin Jones Prof. Xiang ECE 4986 Fall 2011 Department of Electrical and Computer Engineering University.

Christopher Bednarz Justin Jones Prof. Xiang ECE 4986 Fall Department of Electrical and Computer Engineering University.
TEW-812DRU Training. TEW-812DRU AC1750 Dual Band Wireless Router.

TEW-812DRU Training. TEW-812DRU AC1750 Dual Band Wireless Router.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
ARP Scenarios CIS 81 and CST 311 Rick Graziani Fall 2005.

ARP Scenarios CIS 81 and CST 311 Rick Graziani Fall 2005.

Similar presentations

Ads by Google