Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.

Slides:



Advertisements
Similar presentations
IS 376 NOVEMBER 5, DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.
Advertisements

Thank you to IT Training at Indiana University Computer Malware.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Trojan Horse Program Presented by : Lori Agrawal.
Computer Viruses.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Threats To A Computer Network
Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Enterprise Network Security Accessing the WAN Lecture week 4.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
Attacks and Malicious Code Chapter 3. Learning Objectives Explain denial-of-service (DoS) attacks Explain and discuss ping-of-death attacks Identify major.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
Survey “Intrusion Detection: Systems and Models” “A Stateful Intrusion Detection System for World-Wide Web Servers”
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
 a crime committed on a computer network, esp. the Internet.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Computer Threats Cybercrimes are criminal acts conducted through the use of computers by cybercriminals. © 2009 Prentice-Hall, Inc. 1.
RUNNING HEADER, 14 PT., ALL CAPS, Line Spacing=1 line Trend Micro Confidential 1 Virus/ Trojans/ Worms etc and some Common issues.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Chapter 5 Protecting Your PC from Viruses Prepared by: Khurram N. Shamsi.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Linux Networking and Security
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Topic 5: Basic Security.
Malicious Software.
Understand Malware LESSON Security Fundamentals.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
Computer virus Done: Aaesha Mohammed ID: H
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.
COMPUTER VIRUSES ….! Presented by: BSCS-I Maheen Zofishan Saba Naz Numan Sheikh Javaria Munawar Aisha Fatima.
Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
Week-2 (Lecture-1) An electronic message sent from one computer to another. contains account i.e. How does.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
Chapter 40 Internet Security.
Operating Systems Services provided on internet
Chap 10 Malicious Software.
A Distributed DoS in Action
Chap 10 Malicious Software.
Crisis and Aftermath Morris worm.
Presentation transcript:

Exploits Dalia Solomon

Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow FTP Exploits FTP Exploits Ethereal Exploit Ethereal Exploit Worm Worm Virus Virus Password Cracker Password Cracker DNS Spoofing DNS Spoofing

Trojan Horse attacks A computer becomes vulnerable to this attack when the user downloads and installs a file onto their system. A computer becomes vulnerable to this attack when the user downloads and installs a file onto their system. This opens a port without the knowledge of the user. The open port gives the remote user access to ones computer This opens a port without the knowledge of the user. The open port gives the remote user access to ones computer

Trojan Horse - NetBus NetBus is a tool that allows a remote user to gain administrative privileges NetBus is a tool that allows a remote user to gain administrative privileges NetBus consists of two programs a server and a client. NetBus consists of two programs a server and a client.

NetBus Server To infect a computer, NetBus disguises itself as an ICQ executable file that a naive user install on their computer. To infect a computer, NetBus disguises itself as an ICQ executable file that a naive user install on their computer.

NetBus Server NetBus server – This application will open a backdoor on the target computer. This application can be configured to be either invisible or visible to the user. NetBus server – This application will open a backdoor on the target computer. This application can be configured to be either invisible or visible to the user.

NetBus Client NetBus - This application will connect to a computer that is running NetBus server. It allows the hacker to spy and take control of the infected computer. NetBus - This application will connect to a computer that is running NetBus server. It allows the hacker to spy and take control of the infected computer.

Smurf Attack A Smurf Attack occurs when a packet such as an ICMP echo frame (in this application) is sent to a group of machines. A Smurf Attack occurs when a packet such as an ICMP echo frame (in this application) is sent to a group of machines. The packet sent has the source address replaced by the target computer or network IP address. This causes a flurry of echo responses to be sent to the target machine, which can overflow the target computer. The packet sent has the source address replaced by the target computer or network IP address. This causes a flurry of echo responses to be sent to the target machine, which can overflow the target computer.

Smurf Attack Here we are attacking our computer Here we are attacking our computer

Port Scan This program allows the hacker to scan a target computer to detect open ports. This program allows the hacker to scan a target computer to detect open ports. This is primarily used to detect vulnerable applications using certain ports on the target computer. This is primarily used to detect vulnerable applications using certain ports on the target computer.

Port Scan

Buffer Overflow Buffer Overflow Buffer Overflow Most common form of exploitsMost common form of exploits Occurs when you put more data in the buffer than what it can holdOccurs when you put more data in the buffer than what it can hold Occurs if bounds are not checked by programOccurs if bounds are not checked by program Purpose of buffer overflow is to execute codes and gain special privilegesPurpose of buffer overflow is to execute codes and gain special privileges

Buffer Overflow

FTP Exploits This exploit shows how it is possible for somebody to get a shell (command prompt) from Serv-U FTP server. This exploit shows how it is possible for somebody to get a shell (command prompt) from Serv-U FTP server. This exploit causes a buffer overflow condition to occur in Serv-U FTP when it parses the MDTM command. This exploit causes a buffer overflow condition to occur in Serv-U FTP when it parses the MDTM command.

FTP Exploits The exploit required that the user have login access to a server. The exploit required that the user have login access to a server.

FTP Exploits This shows how the hacker gains shell access to the target machine. This shows how the hacker gains shell access to the target machine.

FTP Exploits

Here is a segment of the code that causes the buffer overflow. Here is a segment of the code that causes the buffer overflow.

Ethereal Exploit Vulnerability exist in Ethereal. By sending carefully crafted packets to the sniffed wire or by convincing someone to load a malicious packet capture file into Ethereal a user can overflow a buffer and execute malicious code Vulnerability exist in Ethereal. By sending carefully crafted packets to the sniffed wire or by convincing someone to load a malicious packet capture file into Ethereal a user can overflow a buffer and execute malicious code The vulnerability exist in the following packets: BGP, EIGRP, IGAP, IRDA, ISUP, NetFlow, PGM, TCAP and UCP.The vulnerability exist in the following packets: BGP, EIGRP, IGAP, IRDA, ISUP, NetFlow, PGM, TCAP and UCP.

Ethereal - example Ethereal IGAP message Ethereal IGAP message This exploits a vulnerability in Ethereal when handling IGAP messagesThis exploits a vulnerability in Ethereal when handling IGAP messages Works on Ethereal to Ethereal Works on Ethereal to Ethereal Will either crash Ethereal or open a port that allows a user to gain root privilegesWill either crash Ethereal or open a port that allows a user to gain root privileges

Ethereal - example This code will create a malformed IGAP header that when sent, causes the Ethereal application to crash because of its vulnerability in handling IGAP packets. This code will create a malformed IGAP header that when sent, causes the Ethereal application to crash because of its vulnerability in handling IGAP packets.

Worm A worm is a program that makes copies of itself and causes major damage to the files, software, and data A worm is a program that makes copies of itself and causes major damage to the files, software, and data Method of replication include Method of replication include File sharingFile sharing

Worm - example W32/Bugbear-A W32/Bugbear-A Is a network worm that spreads by ing attachments of itselfIs a network worm that spreads by ing attachments of itself It creates a thread which attempts to terminate anti-virus and security programsIt creates a thread which attempts to terminate anti-virus and security programs The worm will log keystrokes and send this information when the user is connected onlineThe worm will log keystrokes and send this information when the user is connected online The worm will open port 80 on the infected computerThe worm will open port 80 on the infected computer

Worm - example

Worm - Example W32/MyDoom-A is a worm which spreads by . W32/MyDoom-A is a worm which spreads by . When the infected attachment is launched, the worm harvests addresses from address books and from files with the following extensions: WAB, TXT, HTM, SHT, PHP, ASP, DBX, TBB, ADB and PL. When the infected attachment is launched, the worm harvests addresses from address books and from files with the following extensions: WAB, TXT, HTM, SHT, PHP, ASP, DBX, TBB, ADB and PL.

Worm – Example (continue…) Attached files will have an extension of BAT, CMD, EXE, PIF, SCR or ZIP. Attached files will have an extension of BAT, CMD, EXE, PIF, SCR or ZIP.

Worm – Example (continue…) the worm will attempt a denial-of-service attack to sending numerous GET requests to the web server. the worm will attempt a denial-of-service attack to sending numerous GET requests to the web server. Drops a file named shimgapi.dll to the temp or system folder. This is a backdoor program loaded by the worm that allows outsiders to connect to TCP port Drops a file named shimgapi.dll to the temp or system folder. This is a backdoor program loaded by the worm that allows outsiders to connect to TCP port w32mydooma.html

Virus A virus is program that infect operating system and applications. A virus is program that infect operating system and applications. Replication methods Replication methods Application File (Word doc.)Application File (Word doc.) Hard drive or Boot record (boot disk)Hard drive or Boot record (boot disk) Scripts (batch file)Scripts (batch file)

Virus - example W97M/Marker Virus is a Word macro virus It collects user information from Word and sends the information through FTP It adds a log at the end of the virus body for every infected user. This log contains information for system time, date, users name and address

Virus - example When you open a document file it will display a message When you open a document file it will display a message Depending on the user’s response the user will get one of these messages Depending on the user’s response the user will get one of these messages

Password Cracker Some applications and web pages are vulnerable to remote password cracker tools. Some applications and web pages are vulnerable to remote password cracker tools. Application such as HTTP, FTP and telnet that don’t handle login properly and have small size password are vulnerable to brute force password cracker tools. Application such as HTTP, FTP and telnet that don’t handle login properly and have small size password are vulnerable to brute force password cracker tools.

Password - cracker Brutus is a remote password cracker tool, on an older Serv-U v 2.5 application it can crack a password by sequentially sending in all possible password combination Brutus is a remote password cracker tool, on an older Serv-U v 2.5 application it can crack a password by sequentially sending in all possible password combination

Password - cracker

DNS spoofing A DNS attack that involves intercepting and sending a fake DNS response to a user. A DNS attack that involves intercepting and sending a fake DNS response to a user. This attack forwards the user to a different address than where he wants to be. This attack forwards the user to a different address than where he wants to be.

DNS spoofing WinDNSSpoof WinDNSSpoof spoof DNS packetsspoof DNS packets

DNS Exploitation Tool Zodiac is a robust DNS protocol monitoring and spoofing program Zodiac is a robust DNS protocol monitoring and spoofing program Features: Features: Captures and decodes DNS packetsCaptures and decodes DNS packets DNS local spoofingDNS local spoofing DNS ID spoofing, exploiting a weakness within the DNS protocol itself.DNS ID spoofing, exploiting a weakness within the DNS protocol itself. Etc…Etc…

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.