Presentation is loading. Please wait.

Presentation is loading. Please wait.

Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM.

Published byClaire Brooks Modified over 8 years ago

Similar presentations

Presentation on theme: "Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM."— Presentation transcript:

1 Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM Conference on Computer and Communications Security 2006 Presented By : Ramanarayanan Ramani

2 Scenario Attacker 1.Compromise 2.Embed Malicious Code in Webpage 3.Clients Access Webpage and execute malicious code Clients are the Puppets – they can be controlled till they have the webpage open in the browser.

3 Puppetnet vs Botnet  Not heavily dependent on the exploitation of specific implementation flaws  The attacker does not have complete control over the actions of the participating nodes  Participation in puppetnets is more dynamic

4 Overview  Attack Scenarios using Puppetnet  Analysis of attack scenarios  Defense against Puppetnets  Paper Review  Suggestions

5 DDoS (Distributed Denial of Service)

6 DDoS  Sample Code : setTimeout(pingVictim,1000); Function pingVictim() { var image1 = getElementById(‘img1’); image1.src = “www.victim.com/badurl.jpg”;www.victim.com/badurl.jpg setTimeout(pingVictim,1000); }

7 Worm Propagation

8  Embed Worm Code in the Webpage  Perform scanning and try to propagate the worm code  If outbound from server blocked – it can propagate using webpage  Client behind NAT/Firewall can propagate in the secure network

9 Reconnaissance probes

10  Problem : Browsers refuse access to the contents of an inline frame, unless the source of the frame is in the same domain with the parent page  “Sandwich” the probe request between two requests to the malicious Web site Use onLoad,onError event handlers to sandwich request

11 Protocols other than HTTP  Limitation of Puppetnets : Bound to use HTTP as part of browser Solution :  Tunnel SMTP/IRC/FTP..  Protocol messages wrapped around the HTTP message GET /index.html HTTP/1.1 Host: www.example.com:25 HELO mydomain.com … (For SMTP)

12 Exploiting cookie authenticated services Constraints :  The inline frame needs to be able to post cookies; this works on Firefox, but not IE  Have knowledge about the structure and content of the form to be posted, as well as the target URL  Able to instruct browsers to automatically post such forms (Supported by all browsers)

13 Distributed malicious computations  Can be done through Javascript, Active-X or Java applets  ActiveX : Produces ‘Accept’ or ‘Deny’ box  Applets : Instantiate JVM – but can be placed in hidden frames  Script : Slower but can be hidden  Example : MD5 computation  Javascript : 380 checksums/sec  Applet : 434K checksums/sec  1,000-node puppetnet can crack an MD5 hash as fast as a 128-node cluster

14 Analysis - DDoS

15

16 Two types of attacks: A simple attack aiming to maximize SYN packets (maxSYN) One aiming to maximize the ingress bandwidth consumed (maxURL)

17 Analysis - DDoS * Estimate for a 1000-node puppetnet

18 Analysis – Worm Propagation CodeRed Worm CodeRed attacks IIS server (Web Server) A vulnerable population of 360,000 and a server scanning rate of 358 scans/min Browsers performing 36 scans/min

19 Analysis – Worm Propagation CodeRed Worm

20

21 Analysis - Reconnaissance probes

22

23 Defense  Disabling Javascript  Careful implementation of existing defenses  Filtering using attack signatures  Client-side behavioral controls  Server-side controls and puppetnet tracing  Server-directed client-side controls

24 Advantages  Simple and very effective to attack  Light-weight compared to botnet  Uses HTTP which makes detection difficult

25 Disadvantages  No complete control over client  Tough to compromise web servers (not explained how to do it in the paper)  View Source Command on HTML page will reveal puppetnet code

26 Suggestions  Look into hiding code using encoding or embed code into objects like Flash  Use puppetnet to create botnet in the client machine  Provide ideas to compromise the web server

27 ?Questions?

Download ppt "Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM."

Similar presentations

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.

Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.
1 The World Wide Web Architectural Overview Static Web Documents Dynamic Web Documents HTTP – The HyperText Transfer Protocol Performance Enhancements.

1 The World Wide Web Architectural Overview Static Web Documents Dynamic Web Documents HTTP – The HyperText Transfer Protocol Performance Enhancements.
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Lam Vin The, Spiros Antonatos and Kostas G. Anagnostakis Adapted by Gary Bramwell.

Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Lam Vin The, Spiros Antonatos and Kostas G. Anagnostakis Adapted by Gary Bramwell.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
------ An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
 What I hate about you things people often do that hurt their Web site’s chances with search engines.

 What I hate about you things people often do that hurt their Web site’s chances with search engines.
Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:
Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,

Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,
FORESEC Academy FORESEC Academy Security Essentials (II)

FORESEC Academy FORESEC Academy Security Essentials (II)
1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.

1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel 434920317 1.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Similar presentations

Ads by Google