Presentation is loading. Please wait.

Presentation is loading. Please wait.

COEN 250 Security Threats. Network Based Exploits Phases of an Attack Reconnaissance Scanning Gaining Access Expanding Access Covering Tracks.

Published byPhilomena Kelley Modified over 8 years ago

Similar presentations

Presentation on theme: "COEN 250 Security Threats. Network Based Exploits Phases of an Attack Reconnaissance Scanning Gaining Access Expanding Access Covering Tracks."— Presentation transcript:

1 COEN 250 Security Threats

2 Network Based Exploits Phases of an Attack Reconnaissance Scanning Gaining Access Expanding Access Covering Tracks

3 Reconnaissance Social Engineering  “I cannot access my email. What do I do?”  Dumpster Diving (especially useful when people move) Search the Web  Sam Spade (www.samspade.org/ssw/), CyberKit, NetScanTools,...www.samspade.org/ssw/  Search Engine  Usenet postings  Whois

4 Reconnaissance Databases To research.com,.net, and.org domain names:InterNIC whois feature: www.internic.net/whois.html allwhois, network soultions,... www.internic.net/whois.html ARIN: American Registry for Interent Numbers (www.arin.net/whoiis/arin-whois.html)www.arin.net/whoiis/arin-whois.html RIPE (Europe) www.ripe.netwww.ripe.net APNIC (Asia Pacific) www.apnic.net

5 Reconnaissance: Scanning Once we have a target, we need to get to know it better. Methods: War Dialing (to find out modem access) Network Mapping Vulnerability Scanning War Driving

6 Scanning: War Dialing Purpose: Find a modem connection. Many users in a company install remote PC software such as PCAnywhere without setting the software up correctly. War Dialer finds these numbers by going through a range of phone numbers listening for a modem. Demon Dialer tries a brute force password attack on a found connection. Typically: war dialing will find an unsecured connection.

7 Scanning: Network Mapping Ping: ping is implemented using the Internet Control Message Protocol (ICMP) Echo Request. A receiving station answers back to the sender. Used by system administrators to check status of machines and connections.

8 Scanning: Network Mapping Traceroute: Pings a system with ICMP echo requests with varying life spans (= # of hops allowed). A system that receives a package with expired numbers of hops sends an error message back to sender. Traceroute uses this to find the route to a given system. Useful for System Administration

9 Scanning: Network Mapping Cheops: Network Scanner (UNIX based) (Uses traceroute and other tools to map a network.) Cheops et Co. are the reason that firewalls intercept pings.

10 Reconnaissance: Port Scans Applications on a system use ports to listen for network traffic or send it out. 2 16 ports available, some for known services such as http (80), ftp,... Port scans send various type of IP packages to target on different ports. Reaction tells them whether the port is open (an application listens).

11 Reconnaissance: Nmap Uses different types of packets to check for open ports. Can tell from the reaction what OS is running, including patch levels. Can run in stealth mode, in which it is not detected by many firewalls.

12 Reconnaissance: Webserver Information Leakage Most webservers leak information:  HTTP answers Identify webserver  URLs Have forms peculiar to certain webservers:  Extensions:  ASP pages: Probably IIS  “http://search.barnesandnoble.com/booksearch/results.asp?WRD=Oxford+history&z=y&cds2Pid=9481”  “htm”: Probably windows  Format of query string  Cookies

13 Reconnaissance: Webserver Information Leakage Most webservers leak information:  Error Messages Identify webserver technology by name and version number. Sometimes send debug information to browser. Can be provoked by changing query strings or asking for non-existing resources.  Sometimes, possible to get a message from the database engine.

14 Reconnaissance Prevention Firewalls can make it very difficult to scan from the outside.  Drop scan packets. Patched OS do not have idiosyncratic behavior that allows OS determination. IDS can detect internal scans and warn against them.

15 Gaining Access Gain access using application and OS attacks. Gain access using network attack.

16 Gaining Access through Apps and OS Buffer Overflow Attacks  Stack  Heap Dynamic Memory Attacks Format Vulnerabilities Integer Overflow … Password Attacks Web Application Attacks Trends:  Modularized super-tools  The Metasploit Project The Metasploit Project multiple attacks multiple payloads easily updated

17 Gaining Access: Web Application Attacks The URL not only contains the web address of a site, but also input: http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF- 8&q=web+application+attack A poorly written webpage allows the viewer to input data in an uncontrolled fashion. If the webpage contains SQL, the user might execute SQL commands.

18 Gaining Access through Network Attacks:Sniffing Sniffer: Gathers traffic from a LAN. Examples: Snort www.snort.org, Sniffit reptile.rug.ac.be/~coder/sniffit/sniffit.htmlwww.snort.org To gain access to packages, use spoofed ARP (Address Resolution Protocol) to reroute traffic.

19 Gaining Access: Session Hijacking IP Address Spoofing: Send out IP packages with false IP addresses. If an attacker sits on a link through which traffic between two sites flows, the attacker can inject spoofed packages to “hijack the session”. Attacker inserts commands into the connection. Details omitted.

20 Exploiting and Maintaining Access After successful intrusion, an attacker should: Use other tools to gain root or administrator privileges. Erase traces (e.g. change log entries). Take measures to maintain access. Erase security holes so that no-one else can gain illicit access and do something stupid to wake up the sys. ad.

21 Maintaining Access: Trojans A program with an additional, evil payload.  Running MS Word also reinstalls a backdoor.  ps does not display the installed sniffer.

22 Maintaining Access: Backdoors Bypass normal security measures. Example: netcat Install netcat on victim with the GAPING_SECURITY_HOLE option. C:\ nc -1 –p 12345 –e cmd.sh In the future: connect to port 12345 and start typing commands.

23 Maintaining Access: Backdoors BO2K (Back Orifice 2000) runs in stealth mode (you cannot discover it by looking at the processes tab in the TASK MANAGER. Otherwise, it is a remote control program like pcAnyWhere, that allows accessing a computer over the net.

24 Maintaining Access: Backdoors RootKit: A backdoor built as a Trojan of system executables such as ipconfig. Kernel-Level RootKit: Changes the OS, not only system executables.

25 Covering Tracks: Altering logs. Create difficult to find files and directories. Covert Channels through Networks:  Loki uses ICMP messages as the carrier.  Use WWW traffic.  Use unused fields in TCP/IP headers.

26 Hacker Damage Releasing Information Releasing Software  By circumventing copying protection.  Through IP theft Consuming Unused(?) Resources Discover and Document Vulnerabilities Compromise Systems and Increase their Vulnerabilities Website Vandalism

27 Hacking Profile Shift to for-profit motiv Shift to underground economy

Download ppt "COEN 250 Security Threats. Network Based Exploits Phases of an Attack Reconnaissance Scanning Gaining Access Expanding Access Covering Tracks."

Similar presentations

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Forces that Have Brought the world to it’s knees over the centuries.

Forces that Have Brought the world to it’s knees over the centuries.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Port Scanning.

Port Scanning.
Ana Chanaba Robert Huylo

Ana Chanaba Robert Huylo
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Network Security Kevin Diep. Outline The five phrases of network penetration How to prevent exploitations and network vulnerability Ethical issues behind.

Network Security Kevin Diep. Outline The five phrases of network penetration How to prevent exploitations and network vulnerability Ethical issues behind.

Similar presentations

Ads by Google