Presentation is loading. Please wait.

Presentation is loading. Please wait.

KULIAH III THREAT AND ATTACK (2) Aswin Suharsono KOM 15008 Keamanan Jaringan 2012/2013 KOM 15008 Keamanan Jaringan 2012/2013.

Published byLouisa Sharp Modified over 8 years ago

Similar presentations

Presentation on theme: "KULIAH III THREAT AND ATTACK (2) Aswin Suharsono KOM 15008 Keamanan Jaringan 2012/2013 KOM 15008 Keamanan Jaringan 2012/2013."— Presentation transcript:

1 KULIAH III THREAT AND ATTACK (2) Aswin Suharsono KOM 15008 Keamanan Jaringan 2012/2013 KOM 15008 Keamanan Jaringan 2012/2013

2 Overview Phase 3: Gaining Access Using Network Attacks – Sniffing – IP Address Spoofing – Session Hijacking – Netcat – DOS Phase 4: Maintain Access – Trojan – Backdoors Phase 5 Covering Tracks and Hiding

3 Sniffer Allows attacker to see everything sent across the network, including userIDs and passwords NIC placed in promiscuous mode Tcpdump http://www.tcpdump.orghttp://www.tcpdump.org Windump http://netgroup-serv.polito.it/windumphttp://netgroup-serv.polito.it/windump Snort http://www.snort.orghttp://www.snort.org Ethereal http://www.ethereal.comhttp://www.ethereal.com Sniffit http://reptile.rug.ac.be/~coder/sniffit/sniffit.html http://reptile.rug.ac.be/~coder/sniffit/sniffit.html Dsniff http://www.monkey.org/~dugsong/dsniffhttp://www.monkey.org/~dugsong/dsniff

4 Passive Sniffers Sniffers that passively wait for traffic to be sent to them Well suited for hub environment Snort Sniffit

5 Figure 8.2 A LAN implemented with a hub

6 Introduction Bad guys can sniff packets packet “sniffing”: – broadcast media (shared ethernet, wireless) – promiscuous network interface reads/records all packets (e.g., including passwords!) passing by A B C src:B dest:A payload  wireshark software used for end-of-chapter labs is a (free) packet-sniffer 1-6

7 Introduction Bad guys can use fake addresses IP spoofing: send packet with false source address A B C src:B dest:A payload 1-7 … lots more on security (throughout, Chapter 8)

8 Ethereal

9 Gunakan switch, jangan hub

10 IP Address Spoofing Changing or disguising the source IP address used by Nmap in decoy mode Used by Dsniff in dnsspoof attack – DNS response sent by Dsniff contains source address of the DNS server Used in denial-of-service attacks Used in undermining Unix r-commands Used with source routing attacks

11 Simple IP Address Spoofing Pros – Works well in hiding source of a packet flood or other denial-of- service attack Cons – Difficult for attacker to monitor response packets – Any response packet will be sent to spoofed IP address – Difficult to IP address spoof against any TCP-based service unless machines are on same LAN and ARP spoof is used

12 Figure 8.13 The TCP three-way handshake inhibits simple spoofing

13 Figure 8.14 Bob trusts Alice

14 Figure 8.15 Everyone trusts Alice, the administrator’s main management system

15 Session Hijacking Session Hijacking, Perpaduan antara Sniffing dan Spoofing Pengertian Session Sniff for session Rekam Gunakan untuk masuk Dengan mencuri Session milik orang lain, maka bisa masuk tanpa perlu login

16 Introduction target Denial of Service (DoS): attackers make resources (server, bandwidth) unavailable to legitimate traffic by overwhelming resource with bogus traffic 1. select target 2. break into hosts around the network (see botnet) 3. send packets to target from compromised hosts Bad guys: attack server, network infrastructure 1-16

17

18 SYN Flood Attacker sends continuous stream of SYN packets to target Target allocates memory on its connection queue to keep track of half-open connections Attacker does not complete 3-way handshake, filling up all slots on connection queue of target machine If target machine has a very large connection queue, attacker can alternatively send sufficient amount of SYN packets to consume target machine’s entire network bandwidth

19 Smurf Attacks Aka directed broadcast attacks Smurf attacks rely on an ICMP directed broadcast to create a flood of traffic on a victim Attacker uses a spoofed source address of victim Smurf attack is a DOS that consumes network bandwidth of victim Smurf amplifier is a network that responds to directed broadcast messages

20 4. Maintaining Access

21 Trojan Horses Software program containing a concealed malicious capability but appears to be benign, useful, or attractive to users

22 Backdoor Software that allows an attacker to access a machine using an alternative entry method Installed by attackers after a machine has been compromised May Permit attacker to access a computer without needing to provide account names and passwords Used in movie “War Games” Can be sshd listening to a port other than 22 Can be setup using Netcat

23 Netcat as a Backdoor A popular backdoor tool Netcat must be compiled with “GAPING_SECURITY_HOLE” option On victim machine, run Netcat in listener mode with –e flag to execute a specific program such as a command shell On attacker’s machine run Netcat in client mode to connect to backdoor on victim

24 Traditional RootKits A suite of tools that allow an attacker to maintain root-level access via a backdoor and hiding evidence of a system compromise More powerful than application-level Trojan horse backdoors(eg. BO2K, Netcat) since the latter run as separate programs which are easily detectable a more insidious form of Trojan horse backdoor than application-level counterparts since existing critical system components are replaced to let attacker have backdoor access and hide

25 Kernel-Level RootKits More sinister, devious, and nasty than traditional RootKits Operating system kernel replaced by a Trojan horse kernel that appears to be well-behaved but in actuality is rotten to the core Critical system files such as ls, ps, du, ifconfig left unmodified Trojanized kernel can intercept system calls and run another application chosen by atttacker – Execution request to run /bin/login is mapped to /bin/backdoorlogin – Tripwire only checks unaltered system files If the kernel cannot be trusted, nothing on the system can be trusted

26 5. Covering Tracks

27 Hiding Evidence by Altering Event Logs Attackers like to remove evidence from logs associated with attacker’s gaining access, elevating privileges,and installing RootKits and backdoors – Login records – Stopped and restarted services – File access/update times

28 Covert Channels Communication channels that disguises data while it moves across the network to avoid detection Require a client and server Can be used to remotely control a machine and to secretly transfer files or applications

29 Figure 11.5 A covert channel between a client and a server

30 Tunneling Carrying one protocol inside another protocol – Eg. Tunneling AppleTalk traffic over IP Any communications protocol can be used to transmit another protocol – SSH protocol used to carry telnet, FTP, or X-Windows session Used by covert channels – Loki – Reverse WWW Shell

31 Terima Kasih

Download ppt "KULIAH III THREAT AND ATTACK (2) Aswin Suharsono KOM 15008 Keamanan Jaringan 2012/2013 KOM 15008 Keamanan Jaringan 2012/2013."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Network Vulnerabilities and Attacks Dr. John Abraham UTPA.

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.
Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.

Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.

1 Eastern Michigan University Asad Khailany, Eastern Michigan University Dmitri Bagatelia, Eastern Michigan University Wafa Khorsheed, Eastern Michigan.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
 In MHP 105, same time as our class  Reading list is online  Sample midterm is online o Try to solve it before the next class.

 In MHP 105, same time as our class  Reading list is online  Sample midterm is online o Try to solve it before the next class.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Lecture 3 Introduction 1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit.

Lecture 3 Introduction 1-1 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge  end systems, access networks, links 1.3 Network core  circuit.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Similar presentations

Ads by Google