Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Slides:

Advertisements

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.

Computer Security and Penetration Testing

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

TCP/IP Basics A review for firewall configuration.

Lance West.  Just what is a Denial of Service (DoS) attack, and just how can it be used to attack a network.  A DoS attack involves exploiting operating.

Lecture 15 Denial of Service Attacks

Chapter 9 Phase 3: Denial-of-Service Attacks. Fig 9.1 Denial-of-Service attack categories.

Denial of Service attacks. Types of DoS attacks Bandwidth consumption attackers have more bandwidth than victim, e.g T3 (45Mpbs) attacks T1 (1.544 Mbps).

DENIAL OF SERVICE ATTACK

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

OSI Model Routing Connection-oriented/Connectionless Network Services.

ITIS 6167/8167: Network Security Weichao Wang. 2 Contents ICMP protocol and attacks UDP protocol and attacks TCP protocol and attacks.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Computer Security and Penetration Testing

Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.

Overview Network communications exposes one to many different types of risks: No protection of the privacy, integrity, or authenticity of messages Traffic.

Chapter 6: Packet Filtering

CIS 450 – Network Security Chapter 3 – Information Gathering.

EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.

1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch

Lecture 20 Hacking. Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.

Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

Denial of Service Attacks

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.

1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security  IP address spoofing: Sending a message with a false IP address (Figure 3-17)  Gives.

Hands-On Ethical Hacking and Network Defense

DoS/DDoS attack and defense

Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.

Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.

Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified

DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.

Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.

Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.

Computer Network Security Dr. X. OSI stack… again.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

DDoS Attacks on Financial Institutions Presentation

or call for office visit,

Domain 4 – Communication and Network Security

Error and Control Messages in the Internet Protocol

TCP/IP Internetworking

TCP/IP Internetworking

ITIS 6167/8167: Network Security

Intro to Denial of Serice Attacks

Firewalls (March 2, 2016) © Abdou Illia – Spring 2016.

Firewalls Purpose of a Firewall Characteristic of a firewall

Presentation transcript:

Attack Profiles CS-480b Dick Steflik

Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks

Denial of Service Attacks Ping of Death Teardrop UDP Floods SYN Floods Land Attack Smurf Attack Fraggle Attack e-Main Bombs Malformed Message Attacks

Ping of Death ICMP Echo request packet that is bigger than largest allowable TCP/IP specification says max should be 65 Kbytes Hacker’s goal is to crash the stack by exceeding the max size of the I/O buffer Defense - stack must be hardened (all current popular stack implementations take care of this)

Teardrop IP implementations that trust fragmentation information in the headers of fragmented IP packets if offsets have overlapping offsets many implementations will crash Defenses: apply latest patches configure firewalls to reassemble fragments rather than forwarding (for end point to reassemble)

UDP Floods Forge a connection to a host running chargen and have it send useless chargen data to the echo server on another makes the 2 services so busy that the host may crash or be too busy to respond to normal traffic Defense: configure only services that are absolutely necessary (chargen and echo have no business running on a production server)

SYN Floods The goal here is to use up all of the target host’s resources (memory and processes) thereby making it unable to process legitimate traffic each time a user sends a SYN the host accepts and allocates a process and memory this gets done over and over until things just get used up Defense: A firewall that can recognize the characteristics of a SYN attack and start rejecting packets

Land Attack Hardened stack inplementations have made this obsolete send a special SYN packet with source and destination address set to the targeted machines IP address, causes recipient to acknowledge to its own address, connection is left open until OS times it out Defense latest patches configure firewalls to reject inbound packets with internal addresses as the source address

Smurf Attack Flood a host with ICMP Echo Requests that have the destination address set to the subnet broadcast address Defense turn off broadcast addressing feature configure firewall to drop incoming pings

Fraggle Attacks A Smurf attack using UDP echo messages rather than ICMP echo requests Defense: have firewall filter out incoming UDP echo requests

Bombs Goal is to use up the mail servers bandwidth, thus denying mail to all users repeatedly send large message to same user over and over Defense: configure mail server to delete excessive and/or duplicate s from the server

Malformed Message Attacks Send malformed messages excessively large URLs to web servers send random data to RPC services to try crashing try buffer overflows by malforming protocol fields Defense: keep up to date with vulnerability reports and patched from vendors for OEM products

Exploitation Attacks TCP/IP Connection Hijacking Layer-2 Connection Hihacking Password Guessing Trojan Horses Buffer Overflows

TCP/IP Connection Hijacking TCP uses pseudo random number sequences to generate to order TCP packets so they can be reassembled reliably if hacker can predict the next correct sequence number he can send a fixed up packed that will cause the stream to be hijacked to his address and the valid packets will end up getting dropped Defense: use a stack with an uncompromised pseudo random number generator (OpenBSD or Linux) use a redirector to reconstruct a stream (redir)

Layer-2 Connection Hijacking Exploits fact the IP broadcasts ARP requests Extreemly rare, because it requires layer2 access, except in ISP colocation situations where your machine may be located on same switch as many other machines. Use hubs rather than switches or have ISP use layer-3 routers rather than layer-2 switches

Password Guessing Use strong passwords don’t expose exploitable services like telnet, NetBIOS or NFS use lockout policies for handling multiple unsuccessful login attempts

Trojan Horses Some other exploit installs a program on your computer that opens a back door into the system could open up pcAnywhere or VNC to give remote user full access to your machine usually installed from a attachment

Information Gathering Attacks Address Scanning Port Scanning Inverse Mapping Slow Scanning Architecture Probes DNS Zone Transfers Finger LDAP SNMP

Disinformation Attacks DNS Cache Pollution Registrar Usurpation Forged