Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks."— Presentation transcript:

1 Analysis of Attack By Matt Kennedy

2 Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks on TCP o Attacks on UDP

3 Access Attacks o Attempt to gain access to information that the attacker isn’t authorized to have o Types of Access Attacks o Eavesdropping o Interception o Spoofing o Password Guessing Attacks o Man-in-the-Middle Attacks

4 Eavesdropping o Process of listening in or overhearing parts of a conversation, this includes attackers listening in on your network traffic. o Passive attack o Example: co-worker may overhear your dinner plans because your speaker phone is set too loud o Active attack o Collecting data that passes between two systems on a network o Type of Eavesdropping: o Inspecting the dumpster, o Recycling bins, o File cabinets for something interesting

5 Interception o Active Process o Putting a computer system between the sender and receiver to capture information as it’s sent o Passive Process o Someone who routinely monitors network traffic o Covert operation o Intercept missions can occur for years without the intercept party knowing

6 Spoofing o Attempt by someone or something to masquerade as someone else o Types of Spoofing: o IP Spoofing o Remote machine acts as a node on the local network to find vulnerabilities with your servers, and installs a backdoor program or Trojan horse to gain control over network resources o Goal to make the data look like it came from a trusted host when it didn’t

7 Spoofing (cont.) o DNS Spoofing o DNS Server is given information about a name server that it thinks is legitimate, and can send users to websites other than the one they wanted to go to.

8 Password Guessing o When an account is attacked repeatedly o Accomplished by sending possible passwords to accounts in a systematic manner o Carried out to gain passwords for access or modification attack o Types of Password Guessing: o Brute Force Attack o Dictionary Attack

9 Brute Force and Dictionary Attacks o Brute Force o Attempt to guess a password until a successful guess, occurs over long period of time o Dictionary o Uses a dictionary of common words to attempt find a users password o Can be automated

10 Man-in-the-Middle o Involves placing a piece of software between a server and user that they are aware of o Software intercepts data and then send the information to the server as if nothing is wrong o Attacker can save the data or alter it before it reaches its destination

11 Modification and Repudiation Attacks o Involves the deletion, insertion, or alteration of information in an unauthorized manner that is intended to appear genuine to the user. o Attacks may be used for: o Planting information to set someone up o Change class grades o Alter credit card records o Types of Attacks o Replay Attacks o Back Door Attacks

12 Replay Attacks o Becoming quite common, and occurs when information is captured over a network o When logon and password information is sent over the network, attacker can capture it and replay it later o Also occurs for security certificates o Attacker can resubmit the certificate, hopes of being validated by the authentication system o Preventing that from happening is to have the certificate expire after you end your session

13 Back Door Attacks o Original term was referred to troubleshooting and developer hooks into the system, allowed programmers to examine operations inside the code o Other term refers to gaining access to a network and inserting a program that creates an entrance for an attacker o Back Orifice and NetBus are common tools to create a back door

14 Dos (Denial of Service) Attacks o Prevents access to resources by users that are authorized to use those resources o These attacks can deny access to information, applications, systems, or communications o A DoS attack occurs from a single system and targets a specific server or organization o Example of a DoS Attack is: o Bringing down a e-commerce website

15 DoS Attacks (cont.) o Common types of DoS attacks are: o TCP SYN Flood DoS Attacks o open as many TCP sessions as possible to flood the network and take it offline o Ping of Death o Crashes a system by sending ICMP (Internet Control Message Protocol) packets that are larger than the system can handle o Buffer Overflow o Attempts to put more data, which would be long input strings, into the buffer than it can hold o Code red, slapper and slammer are attacks that took advantage of buffer overflows

16 DDoS Attacks o DDoS (Distributed Denial of Service) is similar to a DoS attack, but amplifies the concepts by using multiple systems to conduct the attack against a specific organization o Attacks are controlled by a master computer o Attacker loads programs onto hundreds of normal computer users systems o When given a command, it triggers the affected systems and launches attack simultaneously on targeted network which could take it offline

17 DDoS Attack (cont.) o Systems infected and controlled are known as zombies o Most OSes are susceptible to these attacks o There is little one can do to prevent a DoS or DDoS attack

18 Attacks on TCP (Transmission Control Protocol) o Type of Attacks on TCP: o TCP SYN Flood Attack o TCP Sequence Number Attack o TCP Hijacking o Sniffing the Network

19 TCP SYN Flood Attack o Most common type, purpose is to deny service o Client continually sends SYN packets to the server and doesn’t respond to the servers SYN/ACK request, so the server will hold these sessions open waiting for the client to respond with the ACK packet in the sequence o This causes the server to fill up available connections and denies any requesting clients access

20 TCP Sequence Number Attack o Attacker takes control of one end of a TCP session, in order to kick off the attacked end of the network for the duration of the session o Attacker intercepts and responds with a sequence number similar to one that the user was given o Attack can hijack or disrupt a session and gains connection and data from the legitimate system o Only defense of this attack is knowing that it is occurring

21 TCP Hijacking o Also called active sniffing o Involves the attacker gaining access to a host in the network and disconnecting it o Attacker then inserts another machine with the same IP address, which will allow the attacker access to all information on the original system o UDP and TCP don’t check the validity of an IP address which is why this attack is possible o Attack requires sophisticated software and are harder to engineer than DoS attack which is why these attacks are rare.

22 Sniffing the Network o Network sniffer device that captures and displays network traffic o All computers have the ability to operate as sniffers o Using the NIC card, it can be placed into promiscuous mode which will then allow the NIC card to capture all information that it sees on the network o Programs available to sniff the network, common one is wireshark

23 UDP Attacks o Attacks either the maintenance protocol or a service in order to overload services and initiate a DoS situation o Type of attacks on UDP (User Datagram Protocol): o ICMP Attacks o Smurf Attacks o ICMP Tunneling

24 ICMP Attacks o Occurs by triggering a response from the ICMP protocol when it responds to a seemingly legitimate request o It overloads the server with more bytes than it can handle, with larger connections o sPing is a good example of this attack

25 Smurf Attacks o Uses IP spoofing and broadcasting to send a ping to a group of hosts on a network o When a host is pinged it sends back ICMP message traffic information indicating status to the originator o Once a broadcast is sent to the network, all hosts will answer back to the ping which results in an overload of the network and target system o Prevent this type attack to prohibit ICMP traffic on the router

26 ICMP Tunneling o ICMP can contain data about timing and routes and packets can be used to hold information that is different from the intended information o This allows ICMP packet to be used as a communications channel between two systems o That channel can be used to send Trojan horses and other malicious packets o Way to prevent this attack is deny ICMP traffic to your network

27 Questions???

Download ppt "Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks."

Similar presentations

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Types of Attacks, Hackers Motivations and Methods

Types of Attacks, Hackers Motivations and Methods
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Similar presentations

Ads by Google