Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Published byJudith Atkins Modified over 8 years ago

Similar presentations

Presentation on theme: "1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when."— Presentation transcript:

1 1 CHAPTER 3 CLASSES OF ATTACK

2 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when availability to resource is intentionally blocked or degraded Degrading processes, storage capability, destroying files or shutting down parts of the system or processes Degrading processes, storage capability, destroying files or shutting down parts of the system or processes Degrading the processes by reduces the performance through overload the target system Degrading the processes by reduces the performance through overload the target system

3 3 Denial of Service (DoS) Degrading processes can also directed at a network application such as FTP, Simple Mail Transfer Protocol (SMTP) or network service IP (Internet Protocol) or Internet Control Message Protocol (ICMP) Degrading processes can also directed at a network application such as FTP, Simple Mail Transfer Protocol (SMTP) or network service IP (Internet Protocol) or Internet Control Message Protocol (ICMP) Example attacks that degrade processes are snork and chargen Example attacks that degrade processes are snork and chargen Both affect Windows NT except if have Service Pack 4 and higher Both affect Windows NT except if have Service Pack 4 and higher

4 4 Denial of Service (DoS) Snork Snork –send spoofed Remote Procedure Control (RPC) datagrams to the User Datagram Protocol (UDP) destination port 135 –Giving appearance as an attacked RPC server –RPC server sent bad data to another RPC server, then replies with reject packet –Creating a loop that is not broken until a packet is dropped –Waste processor resources and network bandwith

5 5 Denial of Service (DoS) Chargen Chargen –Functions against Windows NT systems that have the Simple TCP/IP Services –Flood of UDP datagrams is sent from a spoofed source IP address to port 19 (chargen port) to the subnet broadcast adress –Affected Windows NT systems respond to each broadcast –Creating a flood of UDP datagrams on the network

6 6 Denial of Service (DoS) Smurf Smurf –Performs a network level attack against the target host –Using a router (smurf amplifier) spoofing the source IP address, generates a large amount of ICMP echo traffic –Host that received respond back with an echo reply –Degraded network service availability

7 7 Denial of Service (DoS) SYN (synchronization) SYN (synchronization) –Accomplished by sending Transmission Control Protocol (TCP) connection requests faster than a system can process them Storage Capability (Degrading) Storage Capability (Degrading) –Use all storage resources –Example The Love Letter Worm –UNIX also not exempted –Destroying Files »Bat, exe, com, dll and sys

8 8 Denial of Service (DoS) Storage Capability (Degrading) Storage Capability (Degrading) –Shutdown System »Ping of death sending ICMP echo packet of just over 65535 bytes »Default packet size 64 bytes –Latest Distributed Denial of Service (DDoS)

9 9 Information Leakage Gather info from target as much as possible Gather info from target as much as possible Use finger or DNS to get info on layout of network Use finger or DNS to get info on layout of network DNS, determine system names and locations DNS, determine system names and locations Advertising type of search engine or FTP server used, help determine the type of Web server being used Advertising type of search engine or FTP server used, help determine the type of Web server being used Occur in SMTP through application banner, SNMP (Simple Network Management Protocol) Occur in SMTP through application banner, SNMP (Simple Network Management Protocol)

10 10 File Creation, Reading, Modification, Removal Capability exist in NFS ( Network File System) in statd Capability exist in NFS ( Network File System) in statd Never validate info that received from the remote lockd Never validate info that received from the remote lockd Statd and lockd is used by NFS to maintain crash and recovery functions for file locking Statd and lockd is used by NFS to maintain crash and recovery functions for file locking

11 11 Misinformation Log files cannot be trusted Log files cannot be trusted

12 12 Special File/ Database Access Access registry for NT can take over the system, can attack NT that used SP1 and SP 2 Access registry for NT can take over the system, can attack NT that used SP1 and SP 2 DB use standard security, need to put password for all users account DB use standard security, need to put password for all users account

13 13 How To Secure Against These Classes of Attacks Using commercial scanning software such as Internet Security System, Internet Scanner, Nessus Security Scanner Using commercial scanning software such as Internet Security System, Internet Scanner, Nessus Security Scanner –Scan purpose only, you still need to fix the problem Intrusion Detection System (IDS) such as Network Flight Recorder (NFR) Intrusion Detection System (IDS) such as Network Flight Recorder (NFR) –Purpose to detect / alert of any attacks –Cannot prevent or patch it –Need to find the patches or report to organization that responsible to create patches

14 14 How To Secure Against These Classes of Attacks Denial of Service (DoS) Denial of Service (DoS) –Windows NT close port 139 (NetBIOS Session Service) that vulnerable to Winnuke at router / firewall –Cisco Routers, to prevent SYN flood, can be prevent by utilizing features in Internetwork Operating System (IOS)11.3 and higher »Has feature TCP intercept

15 15 How To Secure Against These Classes of Attacks Denial of Service (DoS) Denial of Service (DoS) –Smurf »Disable IP-directed broadcast at each routers »If possible, configure OS not to respond to ICMP packets sent to IP broadcast addresses –DDoS »Block default ports that used by DDoS tools –Traffic flood »Need to contact ISP to prevent it

16 16 How To Secure Against These Classes of Attacks Information Leakage Information Leakage –Hide banner, version number, OS etc, that could give attacker any info –Changing finger print of your OS File Creation, Reading, Modification, Removal File Creation, Reading, Modification, Removal –Apply all precautions available including patching known vulnerabilities

17 17 How To Secure Against These Classes of Attacks Misinformation Misinformation –Use Tripwire and keep your system logs on a protected server to prevent them from being tampered with –Tripwire creates a database of all files in your systems and then compares the integrity of them the next time Tripwire is run –LogCheck is useful for verifying you immediately by e-mail of problems and security violations that appear in your log

18 18 How To Secure Against These Classes of Attacks Special File / Database Access Special File / Database Access –Protecting by blocking port 135 (Location Service), 137 (NetBIOS Name Service), 138 NetBIOS Datagram Service), 139 (NetBIOS Session Service) at boundary router so attacker cannot gain access from internet –To protect from inside ensure the winreg key is set in the proper location to limit who has access to the Registries remotely

19 19 End Of Chapter 3

Download ppt "1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when."

Similar presentations

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
CCNA 1 v3.1 Module 11 Review.

CCNA 1 v3.1 Module 11 Review.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Similar presentations

Ads by Google