Matthew Sullivan Information Assurance Student Group March 8, 2010.

Slides:



Advertisements
Similar presentations
Ethical Hacking Module VII Sniffers.
Advertisements

Enabling Secure Internet Access with ISA Server
Man in the Middle Attack
Sockets and Services CS-480b Dick Steflik. Evaluating Socket Based Services How complex is the service? How might the service be abused? What information.
| facebook.com/infasgroup
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.
WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
Module 5: Configuring Access to Internal Resources.
Institute of Technology Sligo - Dept of Computing Layer 7 The Application Layer Chapter Review.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
COEN 252: Computer Forensics Router Investigation.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Man in the Middle attacks and ARP poisoning explained
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Course 201 – Administration, Content Inspection and SSL VPN
DNS POISONING + CENSORSHIP LAB DUSTIN VANDENBERG, VIPUL AGARWAL, LIANG ZHAO.
WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Semester 1 CHAPTER 15.
HOW ACCESS TO WWW Student Name : Hussein Alkhaldi.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Network Services Networking for Home & Small Business.
15 Semester 1 JEOPARDY IndirectnetworksupportDNSDNSNetworkApps.NetworkApps.MoreNetworkApps.Misc.Misc
HOW WEB SERVER WORKS? By- PUSHPENDU MONDAL RAJAT CHAUHAN RAHUL YADAV RANJIT MEENA RAHUL TYAGI.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.
CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.
Linux Networking and Security
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
Wireless Networking & Security Greg Stabler Spencer Smith.
CHAPTER 9 Sniffing.
Chapter 8 Phase3: Gaining Access Using Network Attacks
TCP/IP (Transmission Control Protocol / Internet Protocol)
SSL. Why Is Security Important ●Security is important on E-Commerce because it makes sure that your information gets from your computer to their server.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
Cisco – Chapter 15 Application Layer closest to you as an end-user, when you are interacting with software.
1 Internet Protocols To support the Internet and all its services, many protocols are necessary Some of the protocols that we will look at: –Internet Protocol.
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Application of the Internet 1998/12/09 KEIO University, JAPAN Mikiyo
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
MIS Week 9 Site:
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.
Why Does The Site Need an SSL Certification?. Security should always be a high concern for your website, but do you need an SSL certificate? A secure.
Secure HTTP (HTTPS) Pat Morin COMP 2405.
Setting and Upload Products
Data Virtualization Tutorial… SSL with CIS Web Data Sources
Data communication and Networks
Packet Sniffers Lecture 10 - NETW4006 NETW4006-Lecture09.
How to Check if a site's connection is secure ?
NSE4-5.4 Dumps
Advanced Penetration testing
Using SSL – Secure Socket Layer
Configuring Internet-related services
Firewalls Chapter 8.
Protocol Application TCP/IP Layer Model
Presentation transcript:

Matthew Sullivan Information Assurance Student Group March 8, 2010

 Intercepts traffic  Alters traffic  Does lots of scary things  Has powerful (and easy to use) filtering language that allows for custom scripting  Can be “unified” or “bridged”

Victim ComputerThe Interwebz Ettercap Unified Victim ComputerThe Interwebz Ettercap Bridged Network Card 1 Network Card 2 Network Card 1

 Ettercap has a powerful password sniffer, and can find and display passwords in following protocols:  TELNET, FTP, POP, IMAP, rlogin, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, Napster, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, SNMP, Half-Life, Quake 3, MSN, YMSG  Darn, that’s a LOT of protocols I can steal passwords from!

(show demo)

 Ettercap can intercept DNS requests, check against its own configuration, and reply back with an illegitimate IP  Fake response occurs before the real response can reach the target, so the victim computer ignores it  Can be done easily in “unified” mode, no bridging required

 So what does this look like? Victim: where is Ettercap: do I have a record for this? If so, reply with an illegitimate IP address Victim: I received an answer to my request for so all is well Legit DNS Server: I know this record, replying with legit IP Victim: I just got another response for my request, but it’s already been fulfilled, so I’m ignoring this response Victim ComputerLegit DNS Server Ettercap

 This attack is perfect for situations where bridging isn’t possible (perhaps the attacker doesn’t have physical access that high up in the network)  Isn’t foolproof though SSL-protected websites will present certificate errors If the line is fast enough, the legitimate DNS server can reply before Ettercap has had time to process and submit its own res

 So by now you know that Ettercap can search packets and modify their contents But that’s not all! It can drop packets too  For example, a filter can be set up to watch for DHCP REQUEST Perhaps from all computers Perhaps just from 00:1d:24:11:f4:3C  If it matches what we are looking for, we just drop the packet, and they never will receive an IP address to get onto the network

 Ettercap can sniff and modify SSL packets by sending an unsigned certificate to the victim.

 In an online study conducted among 409 participants, the researchers found that the majority of respondents would ignore warnings about an expired Secure Sockets Layer (SSL) certificate. The more tech-savvy the user, the more likely they would be to ignore it, the study found.  50 percent of Firefox 2 users polled who could identify the term "expired security certificate," 71 percent said they would ignore the warning.  Of the 59 percent of Firefox 2 users who understood the significance of a "domain mismatch" warning, 19 percent said they would ignore the hazard.  The Carnegie Mellon team conducted a second study, with 100 participants and under lab conditions. The participants were shown an invalid certificate warning when they navigated to a bank Web site. 69 percent of technologically savvy Firefox 2 users ignored an expired certificate warning from their bank.  * Taken from

 Last year, the certificate for WebCT was not renewed before its expiration  ITS was immediately inundated with calls and requests for support; employees walked users through how to ignore the certificate error  The certificate remained invalid for two days  Such problems train the average user to simply ignore these types of warnings “I’ve seen this before, and they just told me to click ignore last time.”

 What’s the take-away? It’s easy to sniff SSL with an invalid certificate People ignore SSL warnings Most will continue onwards anyway  Remember: if you encounter an invalid certificate, be careful and use your head!

 “SSH Downgrade Attack”  Some SSH2 servers are backwards- compatible with SSH1  These servers report their version as ssh-1.99

 Using a custom Ettercap filter, we intercept the server’s response: replace("SSH-1.99", "SSH-1.51")  Now the SSH client believes the server only supports SSH1 and establishes an SSH1 connection

 Ettercap sees the entire handshake and steals the login credentials  With some more custom scripting, Ettercap can even decrypt and dump the SSH1 connection data

Did I hear a “no” answer out there? Alright, let’s bring out the big guns…

 You’ve been using my Wi-Fi access point called “IASTATE”  Jeff has been busy ‘deauthing’ the real IASTATE access point, which makes your computer wander over to my AP instead  Have you logged in to Gmail, CyMail, WebCT, or Facebook since being here?

(show demo)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.