Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Slides:

Advertisements

Similar presentations

MASK. Agenda Introduction –IRC prelude –What is IRC? –How does IRC work? Architecture –Client/Server –IRC commands –3 major types of communication on.

Advertisements

WARNING ! The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. *

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 

Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

Web server security Dr Jim Briggs WEBP security1.

Lesson 19: Configuring Windows Firewall

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

DDos Distributed Denial of Service Attacks by Mark Schuchter.

COEN 252: Computer Forensics Router Investigation.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Introduction to Honeypot, Botnet, and Security Measurement

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

CIS 450 – Network Security Chapter 16 – Covering the Tracks.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.

1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.

--Harish Reddy Vemula Distributed Denial of Service.

Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.

Rootkits, Backdoors, and Trojans ECE 4112 – Lab 5 Summary – Spring 2006 Group 9 Greg Sheridan Terry Harvey Group 10 Matthew Bowman Laura Silaghi Michael.

Chapter 9 Intruders.

DoS/DDoS attack and defense

Role Of Network IDS in Network Perimeter Defense.

Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

1 Web Technologies Website Publishing/Going Live! Copyright © Texas Education Agency, All rights reserved.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Chapter 9 Intruders.

Chapter 5 Electronic Commerce | Security Threats - Solution

Port Knocking Benjamin DiYanni.

Backdoor Attacks.

Chapter 5 Electronic Commerce | Security Threats - Solution

NET 311 Information Security

Chapter 9 Intruders.

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

Crisis and Aftermath Morris worm.

Presentation transcript:

Internet Relay Chat Chandrea Dungy Derek Garrett #29

What is it Allows multiple users to chat with each other (chat rooms). Beneficial for companies by avoiding fees through long distance and conference calls via telephone. Negative since IRC consumes bandwidth, uses CPU cycles slowing down computer activity, and host incurs cost of IRC activity from rogue users.

Protocol Client/Server model Server establishes a socket for communications per client’s request Server maintains server-to-server communications in an IRC network. Clients can gain information about other servers and clients within IRC Network using queries.

How Intruders Use IRC Frequently use IRC to share compromised passwords, warez, exploitable information, exploit tools, pornography and vulnerabilities associated with certain sites. Favorite targets of IRC intruders are high-bandwidth Internet connections and high-speed systems with large disk space and plenty of memory.

Intruder Precautions and Techniques Consistently check for signs they are being monitored. Consistently check if system administrator is on-line. Gain more privileges by exploiting a vulnerability through a previously installed backdoor. Remove their presence from log files. Create a hidden directory just below root file system. Download their tools to a hidden directory Install Trojan binaries or runtime modules to hide presence and processes they are running.

Intruder Activity Almost impossible to detect intruders once they have gone through precautions and techniques. Sets up an invitation only channel for other intruders. Obtain copy of password file to be cracked off-line. Cracked passwords and logins traded in the intruder community.

Escape Plans if Detected Bailing out of the network. Trick DNS server in caching bogus hostname or address to make it more difficult to trace activity. Remove evidence of activity, install a network sniffer, Trojan important system binary files and leave quietly. Create a new account in case vulnerability is removed. Trojan the login process so it will allow intruder to login the next time.

How to Detect IRC Activity Check for evidence of IRC activity Monitor network traffic

Evidence of IRC Activity Look for suspicious hidden directories below root directory. Look for IRC files Eggdrop, mIRC, Pirch, Virc for Windows Homer and Ircle for Mac’s IRC support files that list servers, clients, and channels. Look for tool named datapipe.c Look for pornography

Monitor Network Traffic Analyze network traffic, searching for patterns similar to IRC traffic. IRC server is sending packers from a particular point to all channel clients. Network analyzer must keep track of packet header information regarding the source & destination address, port number and packet type.

Monitor Network Traffic Look at the content of each packet to match data against set of user defined strings. NICK – client’s nickname USER – user name PASS – password JOIN – joining a channel OPER – regular user wants to become channel operator PRIVMSG – private message

Recent trends of IRC Intruders using private channels. Using encryption as additional precautions. Eliminates any hope for successful packet content analysis strategies

The IRC Lab Denial of Service Attack using diemIRC Use mIRC scripting to create a backdoor

diemIRC Listens to port 6667 (used by IRC) for incoming connections. Crashes the victims mIRC session according to chosen exploit.

DoS Attacks Often more annoying than technically eloquent Most likely used by a “script kiddie” but more advanced attackers may use them as part of a large scale attack. Close unused ports, use a firewall, and update software for protection.

IRC backdoors Remote access tool IRC client acts as the backdoor client get a limited access to an infected system and modify, upload, download and run files Some IRC backdoors have additional functionalities that allow a hacker to perform malicious actions in IRC channels and in some cases can allow an attacker to completely take over an IRC channel