0% found this document useful (0 votes)

683 views

Protocol Flaws

The document discusses various protocol flaws and impersonation attacks that can compromise the confidentiality and integrity of messages. It describes different types of impersonation attacks such as by guessing passwords, eavesdropping, circumventing authentication, exploiting lack of authentication, and exploiting trusted authentication. It also covers spoofing attacks like masquerading, session hijacking, and man-in-the-middle attacks. Common threats to message confidentiality and integrity are also outlined such as eavesdropping, misdelivery, exposure, traffic analysis, and message fabrication. Web site attacks like buffer overflows, dot-dot attacks, and exploiting application errors are also summarized.

Uploaded by

nehzzagarwal

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

683 views

Protocol Flaws

Uploaded by

nehzzagarwal

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 11

PROTOCOL FLAWS

PROTOCOL FLAWS:
DESIGN FLAWS
- PROPOSED INTERNET PROTOCOLS POSTED FOR PUBLIC SCRUTINY
- DOES NOT PREVENT PROTOCOL DESIGN FLAWS
IMPLEMENTAION FLAWS

TYPES OF ATTACKS
IMPERSONATION

IMPERSONATION = ATTACKER FOILS AUTHENTICATION AND ASSUMES IDENTITY OF A

VALID ENTITY IN A COMMUNICATION

IMPERSONATION ATTACK MAY BE EASIER THAN WIRETAPPING

TYPES OF IMPERSONATION ATTACKS (IA):

IA BY GUESSING
IA BY EAVESDROPPING/WIRETAPING
IA BY CIRCUMVENTING AUTHENTICATION
IA BY USING LACK OF AUTHENTICATION
IA BY EXPLOITING WELL-KNOWN AUTHENTICATION
IA BY EXPLOITING TRUSTED AUTHENTICATION
IMPERSONATION ATTACKS BY GUESSING

WAYS OF GUESSING:
COMMON WORD/DICTIONARY ATTACKS
GUESSING DEFAULT ID-PASSWORD PAIRS
E.G., GUEST-GUEST / GUEST-NULL / ADMIN-PASSWORD
GUESSING WEAK PASSWORDS
GUESSING CAN BE HELPED BY SOCIAL ENGG
E.G., GUESS WHICH ACCOUNT MIGHT BE DEAD/DORMANT
READ IN A COLLEGE NEWSPAPER ONLINE THAT PROF. RAMAMOORTHY IS ON SABBATICAL
=> GUESSSES THAT HIS ACCT IS DROMANT

SOCIAL ENGG: CALL TO HELP DESK TO RESET PASSWORD TO ONE GIVEN BY ATTACKER

IMPERSONATION ATTACKS BY EAVESDROPPING/WIRETAPING

USER-TO-HOST OR HOST-TO-HOST AUTHENTICATION MUST NOT TRANSMIT PASSWORD IN

THE CLEAR
INSTEAD, E.G., TRANSFER HASH OF A PASSWORD
CORRECT PROTOCOLS NEEDED
IMPERSONATION ATTACKS BY CIRCUMVENTING AUTHENTICATION

WEAK/FLAWED AUTHENTICATION ALLOWS BYPASSING IT

„CLASSIC” OS FLAW:
BUFFER OVERFLOW CAUSED BYPASSING PASSWORD COMPARISON
CONSIDERED IT CORRECT AUTHENTICATION!
CRACKERS ROUTINELY SCAN NETWORKS FOR OSS WITH WEAK/FLAWED AUTHENTICATION
SHARE THIS KNOWLEDGE WITH EACH OTHER

IMPERSONATION ATTACKS BY USING LACK OF AUTHENTICATION

LACK OF AUTHORIZATION BY DESIGN

EXAMPLE: UNIX FACILITATES HOST-TO-HOST CONNECTION BY USERS ALREADY
AUTHORIZED ON THEIR PRIMARY HOST
.RHOSTS - LIST OF TRUSTED HOSTS
.RLOGIN - LIST OF TRUSTED USERS ALLOWED ACCESS W/O AUTHENTICATION

ATTACKER WHO GAINED PROPER ID I1 ON ONE HOST H1, CAN ACCESS ALL HOSTS THAT
TRUST H1
LACK OF AUTHORIZATION DUE TO ADMINISTRATIVE DECISION
E.G., A BANK MAY GIVE ACCESS TO PUBLIC INFORMATION TO ANYBODY UNDER GUEST-NO
LOGIN ACCOUNT-PASWORD PAIR
„GUEST” ACCOUNT CAN BE A FOOTHOLD FOR ATTACKER
ATTACKER WILL TRY TO EXPAND GUEST PRIVILEGES TO EXPLOIT THE SYSTEM

IMPERSONATION ATTACKS BY EXPLOITING WELL-KNOWN AUTHENTICATION

EXAMPLE: A COMPUTER MANUFACTURER PLANNED TO USE SAME LOGIN-PASSWORD PAIR FOR

MAINTENANCE ACCOUNT FOR ANY OF ITS COMPUTERS ALL OVER THE WORLD
SYSTEM/NETWORK ADMINS OFTEN LEAVE DEFAULT PASSWORD UNCHANGED
EXAMPLE: „COMMUNITY STRING” DEAFULT PASSWORD IN SNMP PROTOCOL (FOR REMOTE
MGMT OF NETWORK DEVICES)
SOME VENDORS STILL SHIP COMPUTERS WITH ONE SYS ADMIN ACCOUNT INSTALLED WITH
A DEFAULT PASSWORD

IMPERSONATION ATTACKS BY EXPLOITING TRUSTED AUTHENTICATION

IDENTIFICATION DELEGATED TO TRUSTED SOURCE
E.G., ON UNIX WITH .RHOSTS/.RLOGIN (SEE 4A ABOVE)
EACH DELEGATION IS A POTENTIAL SECURITY HOLE!
CAN YOU REALLY TRUST THE „TRUSTED” SOURCE?

SPOOFING

SPOOFING — ATTACKER (OR ATTACKER’S AGENT) PRETENDS TO BE A VALID ENTITY

WITHOUT FOILING AUTHENTICATION
SPOOF - TO DECEIVE. [...]
SPOOFING DOESNT EQUALIZE TO IMPERSONATION
IMPERSONATION — ATTACKER FOILS AUTHENTICATION AND ASSUMES IDENTITY OF A
VALID ENTITY

THREE TYPES OF SPOOFING:

MASQUERADING
SESSION HIJACKING
MAN-IN-THE MIDDLE (MITM)

MASQUERADING

= A HOST PRETENDS TO BE ANOTHER

REALLY: ATTACKER SETS UP THE HOST (HOST IS ATTACKER’S AGENT)

MASQUERADING - EXAMPLE 1:

REAL WEB SITE: BLUE-BANK.COM FOR BLUE BANK CORP.

SIMILAR TYPICAL MASQUERADES:
XYZ.ORG AND XYZ.NET MASQUERADE AS XYZ.COM
10PHT.COM MASQUERADES AS LOPHT.COM
CITICAR.COM MASQUERADES AS CITYCAR.COM

MASQUERADING - EXAMPLE 2:
ATTACKER EXPLOITS WEB SERVER FLAW – MODIFIES WEB PAGES
MAKES NO VISIBLE CHANGES BUT „STEALS” CUSTOMERS
E.G., BOOKS-R-US WEB SITE COULD BE CHANGED IN A SNEAKY WAY:
PROCESSING OF BROWSING CUSTOMERS REMAINS UNCHANGED
BUT PROCESSING OF ORDERING CUSTOMERS MODIFIED:
(SOME) ORDERS SENT TO COMPETING BOOKS DEPOT
ONLY „SOME” TO MASK THE MASQUERADE

SESSION HIJACKING

ATTACKER INTERCEPTING & CARRYING ON A SESSION BEGUN BY A LEGITIMATE ENTITY

SESSION HIJACKING - EXAMPLE 1

BOOKS DEPOT WIRETAPS NETWORK AND INTERCEPTS PACKETS

AFTER BUYER FINDS A BOOK SHE WANTS AT BOOKS-R-US AND STARTS ORDERING IT,
THE ORDER IS TAKEN OVER BY BOOKS DEPOT

SESSION HIJACKING - EXAMPLE 2

SYSADMIN STARTS TELNET SESSION BY REMOTELY LOGGING IN TO HIS PRIVILEGED ACCT

ATTACKER USES HIJACKING UTILITY TO INTRUDE IN THE SESSION
CAN SEND HIS OWN COMMANDS BETWEEN ADMIN’S COMMANDS
SYSTEM TREATS COMMANDS AS COMING FROM SYSADMIN

MAN-IN-THE MIDDLE (MITM)

SIMILAR TO HIJACKING
DIFFERENCE: MITM PARTICIPATES IN A SESSION FROM ITS START
(SESSION HIJACKING OCCURS AFTER SESSION ESTABLISHED)

MITM – EXAMPLE: ALICE SENDS ENCRYPTED MSG TO BOB

CORRECT COMMUNICATION

ALICE REQUESTS KEY DISTRIBUTOR FOR KPUB-BOB

KEY DISTRIBUTOR SENDS KPUB-BOB TO ALICE
ALICE ENCRYPTS P: C = E (P, KPUB-BOB ) & SENDS C TO BOB
BOB RECEIVES C AND DECRYPTS IT: P = D (C, KPRIV-BOB )

MITM ATTACK

ALICE REQUESTS KEY DISTRIBUTOR FOR KPUB-BOB

MITM INTERCEPTS REQUEST & SENDS KPUB-MITM TO ALICE
ALICE ENCR. P: C = E (P, KPUB-MITM ) & SENDS C TO BOB
MITM INTERCEPTS C & DECRYPTS IT: P = D (C, KPRIV-MITM )
MITM REQUESTS KEY DISTRIBUTOR FOR KPUB-BOB
KEY DISTRIBUTOR SENDS KPUB-BOB TO MITM
MITM ENCR. P: C = E (P, KPUB-BOB ) & SENDS C TO BOB
BOB RECEIVES C AND DECRYPTS IT: P = D (C, KPRIV-BOB )

MESSAGE CONFIDENTIALITY THREATS

MESSAGE CONFIDENTIALITY THREATS INCLUDE:

EAVESDROPPING –
IMPERSONATION –

MISDELIVERY

MSG DELIVERED TO A WRONG PERSON DUE TO:

NETWORK FLAW
HUMAN ERROR
EMAIL ADDRESSES SHOULD NOT BE CRYPTIC
[email protected] BETTER THAN [email protected]
[email protected] BETTER THAN 10064,[email protected]

EXPOSURE

MSG CAN BE EXPOSED AT ANY MOMENT BETWEEN ITS CREATION AND DISPOSAL
SOME POINTS OF MSG EXPOSURE:
TEMPORARY BUFFERS
SWITCHES / ROUTERS / GATEWAYS / INTERMEDIATE HOSTS
WORKSPACES OF PROCESSES THAT BUILD / FORMAT / PRESENT MSG
(INCLUDING OS AND APP PGMS)
MANY WAYS OF MSG EXPOSURE:
PASSIVE WIRETAPPING
INTERCEPTION BY IMPERSONATOR AT SOURCE / IN TRANSIT / AT DESTINATION

TRAFFIC FLOW ANALYSIS

MERE EXISTENCE OF MSG (EVEN IF CONTENT UNKNOWN) CAN REVEAL STH IMPORTANT
E.G., HEAVY MSG TRAFFIC FORM ONE NODE IN A MILITARY NETWORK MIGHT INDICATE
IT’S HEADQUARTERS

MESSAGE INTEGRITY THREATS

MESSAGE INTEGRITY THREATS INCLUDE:

MSG FABRICATION
NOISE

1) MSG FABRICATION

RECEIVER OF FABRICATED MSG MAY BE MISLED TO DO WHAT MSG REQUESTS OR DEMANDS

SOME TYPES OF MSG FABRICATION:

CHANGING PART OF/ENTIRE MSG BODY

COMPLETELY REPLACING WHOLE MSG (BODY & HEADER)
REPLAY OLD MSG
COMBINE PIECES OF OLD MSGS
CHANGE APPARENT MSG SOURCE
DESTROY/DELETE MSG
MEANS OF MSG FABRICATION:
ACTIVE WIRETAP
TROJAN HORSE
IMPERSONATION
TAKING OVER HOST/WORKSTATION

2) NOISE

= UNINTENTIONAL INTERFERENCE
NOISE CAN DISTORT MSG
COMMUNICATION PROTOCOLS DESIGNED TO DETECT/CORRECT TRANSMISSION ERRORS
CORRECTED BY: 1. ERROR CORRECTING CODES
2. RETRANSMISSION

WEB SITE ATTACKS

WEB SITE ATTACKS – QUITE COMMON DUE TO:

VISIBILITY
E.G., WEB SITE DEFACEMENT – CHANGING WEB SITE APPEARANCE
EASE OF ATTACK
WEB SITE CODE AVAILABLE TO ATTACKER (MENU: VIEW>>SOURCE)
A LOT OF VULNERABILITIES IN WEB SERVER S/W
E.G., 17 SECURITY PATCHES FOR MS WEB SERVER S/W, IIS V. 4.0 IN 18 MONTHS

COMMON WEB SITE ATTACKS:

BUFFER OVERFLOWS
DOT-DOT ATTACKS
EXPLOITING APPLICATION CODE ERRORS
SERVER-SIDE INCLUDE

BUFFER OVERFLOWS

ATTACKER FEEDS PGM MUCH MORE DATA THAN IT EXPECTS (AS DISCUSSED)
IISHACK - BEST KNOWN WEB SERVER BUFFER OVERFLOW PROBLEM
PROCEDURE EXECUTING THIS ATTACK IS AVAILABLE

DOT-DOT ATTACKS

IN UNIX & WINDOWS: ‘..’ POINTS TO PARENT DIRECTORY

EXAMPLE ATTACK: ON WEBHITS.DLL FOR MS INDEX SERVER

PASS THE FOLLOWING URL TO THE SERVER
HTTP://URL/NULL.HTW?CIWEBHITSFILE=/../../../../../WINNT/SYSTEM32/AUTOEXEC.NT

RETURNS AUTOEXEC.NT FILE – ATTACKER CAN MODIFY IT

SOLUTION TO (SOME) DOT-DOT ATTACKS:

HAVE NO EDITORS, XTERM, TELNET, UTILITIES ON WEB SERVER

NO S/W TO BE EXECUTED BY AN ATTACKER ON WEB SERVER TO HELP HIM
CREATE A FENCE CONFINING WEB SERVER

EXPLOITING APPLICATION CODE ERRORS

SOURCE OF PROBLEM:
WEB SERVER MAY HAVE K*1,000 TRANSACTIONS AT A TIME
MIGHT USE PARAMETER FIELDS (APPENDED TO URL) TO KEEP TRACK OF TRANSACTION
STATUS
EXAMPLE: EXPLOITING INCOMPLETE MEDIATION IN APP (CF. EARLIER)
URL GENERATED BY CLIENT’S BROWSER TO ACCESS WEB SERVER, E.G.:

HTTP://WWW.THINGS.COM/ORDER/FINAL&CUSTID=101&PART=555A&QY=20&PRICE=10&SHIP=BOAT&SH
IPCOST=5&TOTAL=205
INSTEAD, USER EDITS URL DIRECTLY, CHANGING PRICE AND TOTAL COST AS FOLLOWS:

HTTP://WWW.THINGS.COM/ORDER/FINAL&CUSTID=101&PART=555A&QY=20&PRICE=1&SHIP=BOAT&SHI
PCOST=5&TOTAL=25
USER SENDS FORGED URL TO WEB SERVER
THE SERVER TAKES 25 AS THE TOTAL COST

SERVER-SIDE INCLUDE

HTML CODE FOR WEB PAGE CAN CONTAIN INCLUDE COMMANDS

EXAMPLE
OPEN TELNET SESSION FROM SERVER (WITH SERVER’S PRIVILEGES)
<!-#EXEC CMD=/”USR/BIN/TELNET &”->

INCLUDE EXEX (# EXEC) COMMANDS CAN BE USED TO EXECUTE AN ARBITRARY FILE ON

THE SERVER
ATTACKER CAN EXECUTE, E.G., COMMANDS SUCH AS:
CHMOD – CHANGES ACCESS RIGHTS
SH – ESTABLISH COMMAND SHELL
CAT – COPY TO A FILE

DENIAL OF SERVICE (ATTACK OV AVAIL.)

SERVICE CAN BE DENIED:

DUE TO (NONMALICIOUS) FAILURES
EXAMPLES:
LINE CUT ACCIDENTALLY (E.G., BY A CONSTRUCTION CREW)
NOISE ON A LINE
NODE/DEVICE FAILURE (S/W OR H/W FAILURE)
DEVICE SATURATION (DUE TO NONMALICIOUS EXCESSIVE WORKLOAD/ OR TRAFFIC)
SOME OF THE ABOVE SERVICE DENIALS ARE SHORT-LIVED AND/OR GO AWAY
AUTOMATICALLY (E.G., NOISE, SOME DEVICE SATURATIONS)

DUE TO DENIAL-OF-SERVICE (DOS) ATTACKS = ATTACKS ON AVAILAB.

DOS ATTACKS INCLUDE:
PHYSICAL DOS ATTACKS
ELECTRONIC DOS ATTACKS

PHYSICAL DOS ATTACKS

LINE CUT DELIBERATELY

NOISE INJECTED ON A LINE
BRINGING DOWN A NODE/DEVICE VIA H/W MANIPULATION

ELECTRONIC DOS ATTACKS

(2A) CRASHING NODES/DEVICES VIA S/W MANIPULATION

(2B) SATURATING DEVICES (DUE TO MALICIOUS INJECTION OF EXCESSIVE WORKLOAD/ OR

TRAFFIC)
INCLUDES:
CONNECTION FLOODING
SYN FLOOD

(2C) REDIRECTING TRAFFIC

INCLUDES:
PACKET-DROPPING ATTACKS (INCL. BLACK HOLE ATTACKS)
DNS ATTACKS

CONNECTION FLOODING

= FLOODING A CONNECTION WITH USELESS PACKETS SO IT HAS NO CAPACITY TO HANDLE

(MORE) USEFUL PACKETS

ICMP (INTERNET CONTROL MSG PROTOCOL) - DESIGNED FOR INTERNET SYSTEM

DIAGNOSTIC (3RD CLASS OF INTERNET PROTOCOLS NEXT TO TCP/IP & UDP)

ICMP MSGS CAN BE USED FOR ATTACKS

SOME ICMP MSGS:

- ECHO REQUEST – SOURCE S REQUESTS DESTINATION D TO RETURN DATA SENT TO IT

(SHOWS THAT LINK FROM S TO D IS GOOD)
- ECHO REPLY – RESPONSE TO ECHO REQUEST SENT FROM D TO S
- DESTINATION UNREACHABLE – MSG TO S INDICATING THAT PACKET CAN’T BE
DELIVERED TO D
- SOURCE QUENCH – S TOLD TO SLOW DOWN SENDING MSGS TO D (INDICATES THAT D IS
BECOMING SATURATED)

NOTE: PING SENDS ICMP „ECHO REQUEST” MSG TO DESTINATION D.

IF D REPLIES WITH „ECHO REPLY” MSG, IT INDICATES THAT D IS
REACHABLE/FUNCTIONING (ALSO SHOWS MSG ROUND-TRIP TIME).

NOTE: TRY PING/ECHO ON MS WINDOWS:

START>>ALL PROGRAMS>>ACCESSORIES>>COMMAND PROMPT
PING WWW.WMICH.EDU (TRY: WWW.CS.WMICH.EDU, CS.WMICH.EDU)

EXAMPLE ATTACKS USING ICMP MSGS

ECHO-CHARGEN ATTACK

- CHARGEN PROTOCOL – GENERATES STREAM OF PACKETS; USED FOR TESTING NETWORK

- ECHO-CHARGEN ATTACK EXAMPLE 1:
ATTACKER USES CHARGEN ON SERVER X TO SEND
STREAM OF ECHO REQUEST PACKETS TO Y
Y SENDS ECHO REPLY PACKETS BACK TO X
THIS CREATES ENDLESS „BUSY LOOP” BEETW. X & Y

- ECHO-CHARGEN ATTACK EXAMPLE 2:

ATTACKER USES CHARGEN ON X TO SEND
STREAM OF ECHO REQUEST PACKETS TO X
X SENDS ECHO REPLY PACKETS BACK TO ITSELF

PING OF DEATH ATTACK, INCL. SMURF ATTACK

- PING OF DEATH EXAMPLE :
ATTACKER USES PING AFTER PING ON X TO FLOOD
Y WITH PINGS (PING USES ICMP ECHO REQ./REPLY)
X RESPONDS TO PINGS (TO Y)
THIS CREATES ENDLESS „BUSY LOOP” BEETW. X & Y

SMURF ATTACK EXAMPLE:

ATTACKER SPOOFS SOURCE ADDRESS OF PING
PACKET SENT FR. X – APPEARS TO BE SENT BY Z
ATT. BROADCASTS SPOOFED PKT TO N HOSTS
ALL N HOSTS ECHO TO Z – FLOOD IT

SYN FLOOD DOS ATTACK

ATTACK IS BASED ON PROPERTIES/IMPLEMENTATION OF A SESSION IN TCP PROTOCOL
SUITE
SESSION = VIRTUAL CONNECTION BETWEEN PROTOCOL PEERS
SESSION ESTABLISHED WITH THREE-WAY HANDSHAKE (S = SOURCE, D = DESTINATION)
AS FOLLOWS:
S TO D: SYN
D TO S: SYN+ACK
S TO D: ACK
NOW SESSION BETWEEN S AND D IS ESTABLISHED
D KEEPS SYN_RECV QUEUE WHICH TRACKS CONNECTIONS BEING ESTABLISHED FOR WHICH
IT HAS RECEIVED NO ACK
NORMALLY, ENTRY IS IN SYN_RECV FOR A SHORT TIME
IF NO ACK RECEIVED WITHIN TIME T (USU. K MINUTES), ENTRY DISCARDED
(CONNECTION ESTABL. TIMES OUT)

NORMALLY, SIZE OF SYN_RECV (10-20) IS SUFFICIENT TO ACCOMMODATE ALL

CONNECTIONS UNDER ESTABLISHMENT

SYN FLOOD ATTACK SCENARIO

ATTACKER SENDS MANY SYN REQUESTS TO D (AS IF STARTING 3-WAY HANDSHAKE)

ATTACKER NEVER REPLIES TO D’S SYN+ACK PACKETS
D PUTS ENTRY FOR EACH UNANSWERED SYN+ACK PACKET INTO SYN_RECV QUEUE
WITH MANY UNANSWERED SYN+ACK PACKETS, SYN_RECV QUEUE FILLS UP
WHEN SYN_RECV IS FULL, NO ENTRIES FOR LEGITIMATE UNANSWERED SYN+ACK PACKETS
CAN BE PUT INTO SYN_RECV QUEUE ON D
NOBODY CAN ESTABLISH LEGITIM. CONNECTION WITH D

MODIFICATION 1 OF SYN FLOOD ATTACK SCENARIO:

ATTACKER SPOOFS SENDER’S ADDRESS IN SYN PACKETS SENT TO D
QUESTION: WHY?
MODIFICATION 1 OF SYN FLOOD ATTACK SCENARIO:
ATTACKER SPOOFS SENDER’S ADDRESS IN SYN PACKETS SENT TO D
QUESTION: WHY?
ANSWER:
TO MASK PACKET’S REAL SOURCE, TO COVER HIS TRACKS

MODIFICATION 2 OF SYN FLOOD ATTACK SCENARIO:

ATTACKER MAKES EACH SPOOFED SENDER’S ADDRESS IN SYN PACKETS DIFFERENT
QUESTION: WHY?

MODIFICATION 2 OF SYN FLOOD ATTACK SCENARIO:

ATTACKER MAKES EACH SPOOFED SENDER’S ADDRESS IN SYN PACKETS DIFFERENT
QUESTION: WHY?
ANSWER:
IF ALL HAD THE SAME SOURCE, DETECTION OF ATTACK WOULD BE SIMPLER (TOO MANY
INCOMPLETE CONNECTION REQUESTS COMING FROM THE SAME SOURCE LOOK SUSPICIOUS)

REDIRECTING TRAFFIC (INCL. DROPPING REDIRECTED PACKETS)

REDIRECTING TRAFFIC BY ADVERTISING A FALSE BEST PATH

ROUTERS FIND BEST PATH FOR PASSING PACKETS FROM S TO D
ROUTERS ADVERTISE THEIR CONECTIONS TO THEIR NEIGHBORS
ROUTER R TAKEN OVER BY ATTACKER
R ADVERTISES (FALSELY) TO ALL NEIGHBORS THAT IT HAS THE BEST (E.G.,
SHORTEST) PATH TO HOSTS H1, H2, ..., HN
HOSTS AROUND R FORWARD TO R ALL PACKETS ADDRESSED TO H1, H2, ..., HN
R DROPS SOME OR ALL THESE PACKETS
DROPS SOME => PACKET-DROPPING ATTACK
DROPS ALL => BLACK HOLE ATTACK
(BLACK HOLE ATTACK IS SPEC. CASE OF PKT-DROP. ATTACK)

REDIRECTING TRAFFIC BY DNS ATTACKS

FUNCTION: RESOLVING DOMAIN NAME
= CONVERTING DOMAIN NAMES INTO IP ADDRESSES
E.G., AOL.COM à 205.188.142.182
DNS QUERIES OTHER DNSS (ON OTHER HOSTS) FOR INFO ON UNKNOWN IP ADDRESSES
DNS CACHES QUERY REPLIES (ADDRESSES) FOR EFFICIENCY

MOST COMMON DNS IMPLEMENTATION:

BIND S/W (BIND = BERKELEY INTERNET NAME DOMAIN)
A.K.A. NAMED (NAMED = NAME DAEMON)
NUMEROUS FLAWS IN BIND INCLUDING BUFFER OVERFLOW

ATTACKS ON DNS (E.G., ON BIND)

OVERTAKING DNS / FABRICATING CACHED DNS ENTRIES
USING FABRICATED ENTRY TO REDIRECT TRAFFIC

DISTRIBUTED DENIAL OF SERVICE-(ATTACK ON AVAILABILITY)

DDOS = DISTRIBUTED DENIAL OF SERVICE

ATTACK SCENARIO:
STAGE 1:
ATTACKER PLANTS TROJANS ON MANY TARGET MACHINES
TARGET MACHINES CONTROLLED BY TROJANS BECOME ZOMBIES

STAGE 2:
ATTACKER CHOOSES VICTIM V, ORDERS ZOMBIES TO ATTACK V
EACH ZOMBIE LAUNCHES A SEPARATE DOS ATTACK

DIFFERENT ZOMBIES CAN USE DIFFERENT DOS ATTACKS

E.G., SOME USE SYN FLOODS, OTHER SMURF ATTACKS

THIS PROBES DIFFERENT WEAK POINTS

ALL ATTACKS TOGETHER CONSTITUTE A DDOS
V BECOMES OVERWHELMED AND UNAVAILABLE
DDOS SUCCEEDS

THREATS TO ACTIVE OR MOBILE CODE

ACTIVE CODE / MOBILE CODE = CODE PUSHED BY SERVER S TO A CLIENT C FOR EXECUTION ON
C
WHY S DOESN’T EXECUTE ALL CODE ITSELF? FOR EFFICIENCY.
EXAMPLE: WEB SITE WITH ANIMATION
IMPLEMENTATION 1 — S EXECUTING ANIMATION
EACH NEW ANIMATION FRAME MUST BE SENT FROM S TO C FOR DISPLAY ON C
USES NETWORK BANDWIDTH
IMPLEMENTATION 2 — S SENDS ANIMATION CODE FOR EXECUTION TO C
C EXECUTES ANIMATION
EACH NEW ANIMATION FRAME IS AVAILABLE FOR DISPALY LOCALLY ON C

IMPLEMENTATION 2 IS BETTER: SAVES S’S PROCESSOR TIME AND NETWORK BANDWIDTH

ISN’T ACTIVE/MOBILE CODE A THREAT TO CLIENT’S HOST?

IT DEFINITELY IS A THREAT (TO C-I-A)!

KINDS OF ACTIVE CODE:

COOKIES
SCRIPTS
ACTIVE CODE
AUTOMATIC EXECUTION BY TYPE

= DATA OBJECT SENT FROM SERVER S TO CLIENT C THAT CAN CAUSE UNEXPECTED DATA
TRANSFERS FROM C TO S
NOTE: COOKIE IS DATA FILE NOT REALLY ACTIVE CODE!
COOKIES TYPICALLY ENCODED USING S’S KEY (C CAN’T READ THEM)

TYPES OF COOKIES:
1) PER-SESSION COOKIE
2) STORED IN MEMORY, DELETED WHEN C’S BROWSER CLOSED
3) PERSISTENT COOKIE
4) STORED ON DISK, SURVIVE TERMINATION OF C’S BROWSER

COOKIE CAN STORE ANYTHING ABOUT CLIENT C THAT BROWSER RUNNING ON C CAN
DETERMINE, INCLUDING:
USER’S KEYSTROKES
MACHINE NAME AND CHARACTERISTICS
CONNECTION DETAILS (INCL. IP ADDRESS)

LEGITIMATE ROLE FOR COOKIES:

PROVIDING C’S CONTEXT TO S
DATE, TIME, IP ADDRESS
DATA ON CURRENT TRANSACTION (INCL. ITS STATE)
DATA ON PAST TRANSACTIONS (E.G., C USER’S SHOPPING PREFERENCES)

ILLEGITIMATE ROLE FOR COOKIES:

SPYING ON C
COLLECTING INFO FOR IMPERSONATING USER OF C WHO IS TARGET OF COOKIE’S INFO
GATHERING
ATTACKER WHO INTERCEPTS X’S COOKIE CAN EASILY IMPERSONATE X IN INTERACTIONS
WITH S

PHILOSOPHY BEHIND COOKIES:

TRUST US, WE KNOW WHAT’S GOOD FOR YOU!
HMM... THEY DON’T TRUST YOU (ENCODE COOKIE) BUT WANT YOU TO TRUST THEM.

Gominer Manual
No ratings yet
Gominer Manual
29 pages
Instruction Manuals For Installation and Maintainance PDF
No ratings yet
Instruction Manuals For Installation and Maintainance PDF
36 pages
Sample Account Management Policy
100% (5)
Sample Account Management Policy
4 pages
Comcast Spy
100% (1)
Comcast Spy
35 pages
Network Security
No ratings yet
Network Security
60 pages
+Security+Fundamentals (1)
No ratings yet
+Security+Fundamentals (1)
23 pages
Network security 101 copy
No ratings yet
Network security 101 copy
43 pages
Intro To CCNA Security
No ratings yet
Intro To CCNA Security
52 pages
Computer Network - Topic 12
No ratings yet
Computer Network - Topic 12
46 pages
Internet Attacks
No ratings yet
Internet Attacks
28 pages
Common Security Threats Overview
No ratings yet
Common Security Threats Overview
3 pages
Common Attacks
No ratings yet
Common Attacks
16 pages
Internet Attacks: - Social Engineering - Impersonation - Exploits
No ratings yet
Internet Attacks: - Social Engineering - Impersonation - Exploits
37 pages
W8 - Network Security fundamentals-S22
No ratings yet
W8 - Network Security fundamentals-S22
40 pages
Cyber Attacks & Hacking: S. R. Shinde
No ratings yet
Cyber Attacks & Hacking: S. R. Shinde
70 pages
Detailed Network Security Attacks Requested Table
No ratings yet
Detailed Network Security Attacks Requested Table
4 pages
Network Attacks
No ratings yet
Network Attacks
35 pages
Lec21 Security
No ratings yet
Lec21 Security
51 pages
Attacks and Malicious Software
No ratings yet
Attacks and Malicious Software
55 pages
Computer Architecture
No ratings yet
Computer Architecture
6 pages
Lecture 2 - Network Security Threats
No ratings yet
Lecture 2 - Network Security Threats
44 pages
Ccidf Unit - 2
No ratings yet
Ccidf Unit - 2
127 pages
Cisa Last Minute Revision LDR
No ratings yet
Cisa Last Minute Revision LDR
5 pages
Network Security
No ratings yet
Network Security
26 pages
Athipathy Network Security
No ratings yet
Athipathy Network Security
12 pages
ch3 - Security
No ratings yet
ch3 - Security
7 pages
chapter one lecture two
No ratings yet
chapter one lecture two
56 pages
Topic - 01 - Intro To Network Security - Done
No ratings yet
Topic - 01 - Intro To Network Security - Done
43 pages
Network Security & History
No ratings yet
Network Security & History
59 pages
Security Threats MMJ
No ratings yet
Security Threats MMJ
24 pages
Lec 07,08 - Security Attacks
No ratings yet
Lec 07,08 - Security Attacks
32 pages
Network Security: By: Sukhdeep Singh IT-IV Year (0702913108)
No ratings yet
Network Security: By: Sukhdeep Singh IT-IV Year (0702913108)
30 pages
Lec21 Security
No ratings yet
Lec21 Security
51 pages
ATTACKS & Malicious Code
No ratings yet
ATTACKS & Malicious Code
20 pages
Chapter Four
No ratings yet
Chapter Four
19 pages
Week 12 - Network Security Part 1 19092023 014707pm
No ratings yet
Week 12 - Network Security Part 1 19092023 014707pm
28 pages
Chapter 1
No ratings yet
Chapter 1
24 pages
Threats and Attacks: CSE 4471: Information Security Instructor: Adam C. Champion, PH.D
No ratings yet
Threats and Attacks: CSE 4471: Information Security Instructor: Adam C. Champion, PH.D
26 pages
Information Security Week 01
No ratings yet
Information Security Week 01
17 pages
Palo DNS Security
No ratings yet
Palo DNS Security
6 pages
Security Problems in TCP-IP
No ratings yet
Security Problems in TCP-IP
18 pages
Network &amp Security PP
No ratings yet
Network &amp Security PP
7 pages
CompTIA Security+
No ratings yet
CompTIA Security+
75 pages
Honeypots, Essentially Decoy Network-Accessible Resources, Could Be Deployed in A
No ratings yet
Honeypots, Essentially Decoy Network-Accessible Resources, Could Be Deployed in A
6 pages
Cns Test 3 Answers
No ratings yet
Cns Test 3 Answers
27 pages
Network Security Concepts: Waleed Ejaz
No ratings yet
Network Security Concepts: Waleed Ejaz
47 pages
Chapter 4 - Network Vulnerabilities
100% (1)
Chapter 4 - Network Vulnerabilities
24 pages
Attack Methods: Ap/index - SHTML
No ratings yet
Attack Methods: Ap/index - SHTML
50 pages
CYBER SECURITY
No ratings yet
CYBER SECURITY
22 pages
Chapter 1: Introduction To Network Security
No ratings yet
Chapter 1: Introduction To Network Security
54 pages
lecture01 - Security Fundamental
No ratings yet
lecture01 - Security Fundamental
51 pages
Cyber Attacks in Depth
No ratings yet
Cyber Attacks in Depth
4 pages
A Deliberate Attempt To Compromise A System - Exploits Vulnerabilities
No ratings yet
A Deliberate Attempt To Compromise A System - Exploits Vulnerabilities
11 pages
Silberschatz and Galvin: Security
No ratings yet
Silberschatz and Galvin: Security
16 pages
Security of Communication Networks, InDP3 (IST, IRES, RSM)
No ratings yet
Security of Communication Networks, InDP3 (IST, IRES, RSM)
27 pages
Firewall
No ratings yet
Firewall
17 pages
Chapter 5
No ratings yet
Chapter 5
24 pages
Malineni Lakshmaih Engineering College: Singarayakonda
No ratings yet
Malineni Lakshmaih Engineering College: Singarayakonda
11 pages
DFT20083 Topic 1
No ratings yet
DFT20083 Topic 1
52 pages
Network Security: MSC Course by
No ratings yet
Network Security: MSC Course by
9 pages
Chapter 7_Computer Network Security Basics
No ratings yet
Chapter 7_Computer Network Security Basics
13 pages
Sy0 601
No ratings yet
Sy0 601
15 pages
EVERYTHING CRYPTO
From Everand
EVERYTHING CRYPTO
Brandyn Mayweather-El
No ratings yet
Blockchain Applications in Cybersecurity Solutions
From Everand
Blockchain Applications in Cybersecurity Solutions
R. Agrawal
No ratings yet
pdfDisplay
No ratings yet
pdfDisplay
1 page
Literature Survey On DDOS
No ratings yet
Literature Survey On DDOS
4 pages
ACC Vs Antivirus Knowledge Article
No ratings yet
ACC Vs Antivirus Knowledge Article
2 pages
Foundations of Cybersecurity
No ratings yet
Foundations of Cybersecurity
4 pages
A Seminar Report "Transport Layer Security": Submitted To: Submitted by
No ratings yet
A Seminar Report "Transport Layer Security": Submitted To: Submitted by
30 pages
ABX Air Boeing 767: Illustrations by Kind Permission of Graham
No ratings yet
ABX Air Boeing 767: Illustrations by Kind Permission of Graham
3 pages
Online Doctor Appointment System
69% (13)
Online Doctor Appointment System
20 pages
NSX Administration Guide NSX For Vsphere 6.2
No ratings yet
NSX Administration Guide NSX For Vsphere 6.2
370 pages
Employees' Provident Fund Organization: Form No. 11 (New) Declaration Form
No ratings yet
Employees' Provident Fund Organization: Form No. 11 (New) Declaration Form
3 pages
SBT - Chapter 1 - Introduction to Check Point Technology
No ratings yet
SBT - Chapter 1 - Introduction to Check Point Technology
62 pages
MIS Form
No ratings yet
MIS Form
2 pages
Chapter 5: Confidentiality Policies: - Overview - Bell-Lapadula Model
No ratings yet
Chapter 5: Confidentiality Policies: - Overview - Bell-Lapadula Model
31 pages
ATO SMS Manual PDF
No ratings yet
ATO SMS Manual PDF
128 pages
NDRP Consequence Management For Terrorism Related Incidents
No ratings yet
NDRP Consequence Management For Terrorism Related Incidents
134 pages
Voucher
No ratings yet
Voucher
4 pages
ABS Process Pumps: Dismantling and Assembly Bearing Assemblies 1E, 2DF/E, 3DF/E, 4F, 5F and 6F
No ratings yet
ABS Process Pumps: Dismantling and Assembly Bearing Assemblies 1E, 2DF/E, 3DF/E, 4F, 5F and 6F
8 pages
Hyper-V Network Virtualization Cookbook: Chapter No. 1 "Installing Virtual Machine Manager"
No ratings yet
Hyper-V Network Virtualization Cookbook: Chapter No. 1 "Installing Virtual Machine Manager"
48 pages
A Definition of Cyber Security
No ratings yet
A Definition of Cyber Security
5 pages
Versa Branchsecurity v1
No ratings yet
Versa Branchsecurity v1
4 pages
GK
No ratings yet
GK
9 pages
2023-2024 PU101 - en Lions Club Vav
50% (2)
2023-2024 PU101 - en Lions Club Vav
3 pages
CMEGP form
No ratings yet
CMEGP form
3 pages
2025-02-13_Net_main
No ratings yet
2025-02-13_Net_main
11 pages
JSON Web Token Hacking
No ratings yet
JSON Web Token Hacking
13 pages
XUSL2E - XUSL4E - Type 2 and Type 4 Safety Light Curtains - User Manual
No ratings yet
XUSL2E - XUSL4E - Type 2 and Type 4 Safety Light Curtains - User Manual
124 pages
Class Scheduling System and Attendance Monitoring System
100% (1)
Class Scheduling System and Attendance Monitoring System
6 pages