Scribd
Upload
23 views

EECS3482 1 Introduction Winter2023 Part8 Posted

This document discusses various types of software attacks: 1) Spoofing involves forging internet identification data like IP addresses to gain illegitimate access. Types of spoofing include IP, email, and referrer spoofing. 2) Sniffing uses programs to monitor network data traffic, which can extract critical information from packets. Wireless sniffing is particularly easy. 3) Man-in-the-middle attacks intercept communications between two parties, allowing the attacker to alter messages. DNS poisoning is an example.

Uploaded by

daniellyu22
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
23 views

EECS3482 1 Introduction Winter2023 Part8 Posted

This document discusses various types of software attacks: 1) Spoofing involves forging internet identification data like IP addresses to gain illegitimate access. Types of spoofing include IP, email, and referrer spoofing. 2) Sniffing uses programs to monitor network data traffic, which can extract critical information from packets. Wireless sniffing is particularly easy. 3) Man-in-the-middle attacks intercept communications between two parties, allowing the attacker to alter messages. DNS poisoning is an example.

Uploaded by

daniellyu22
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Threat Events: Software Attacks (cont.

)
d) Spoofing
 insertion of forged Internet identification data in order to
gain an illegitimate advantage (in packets, web-requests,
emails)
 types of spoofing
 IP Spoofing – creation of IP packets with a forged source IP
address, e.g. for the purpose of ‘passing through a firewall’

Firewall rule:
Hacker’s IP: block all packets coming
192.168.0.25 from: 192.168.0.25
Threat Events: Software Attacks (cont.)
 types of spoofing (cont.)
 Email Address Spoofing – creation of email messages with
a forged sender address, e.g. for the purposes of social
engineering and data phishing
Threat Events: Software Attacks (cont.)
 types of spoofing (cont.)
 Referrer or User Agent Spoofing – creation of HTTP requests
with forged fields in order to gain access to a protected web-site
* some sites allow access to their material only from certain
approved (login) pages and/or only to humans
Threat Events: Software Attacks (cont.)
e) Sniffing
 use of a program or device that can monitor data
traveling over a network
 unauthorized sniffers can be very
dangerous – they cannot be detected,
yet they can sniff/extract critical
information from the packets traveling
over the network
 wireless sniffing is particularly simple,
due to the ‘open’ nature of the
wireless medium
 popular sniffers:
Wireshark – wired medium
Cain & Abel – wireless medium
Kismet – wireless medium
Threat Events: Software Attacks (cont.)
f) Man-in-the-Middle Attacks
 gives an illusion that two computers are communicating
with each other, when actually they are sending and
receiving data with a computer between them
 spoofing and/or sniffing can be involved

 examples:
 passive – attacker records &
resends data at a later time
(acts as a signal/packet
repeater)

 active – attacker intercepts,


alters and sends data
before or after the original
arrives to the recipient
Threat Events: Software Attacks (cont.)
Example: DNS Poisoning (active Man-in-the-Middle attack)
If DNS server does not know
the ‘answer’, it queries other
DNS servers.

192.168.1.23

http://hackingplayground.blogspot.ca/2012/01/hacking-facebookgmailhotmail-using-set.html
Threat Events: Software Attacks (cont.)

Social Engineering
 process of using social skills to manipulate people into
revealing vulnerable information
 either by believing that an email came from a legitimate person
or believing that a web-site is the real web-site, or both!

g) Phishing – involves fake/spoofed emails + …


 attempt to gain sensitive personal information by
posing as a legitimate entity
 SIMPLE PHISHING: an email is sent to the victim informing
them of a problem (e.g. with their email or banking
account) and asking them to provide their username,
password, etc.;
‘From’ email address is spoofed to look legitimate, ‘Reply
To’ email address is an account controlled by the attacker
Threat Events: Software Attacks (cont.)
Example: Simple Phishing

http://www.itknowingness.com/page/2/
Threat Events: Software Attacks (cont.)

 SOPHISTICATED PHISHING: an email is sent to the victim


containing a link to a bogus website that looks legitimate

Example: Phishing using URL Links Embedded in HTML-based


Emails
Threat Events: Software Attacks (cont.)
Example: Phishing using URL Links Embedded in HTML-based
Emails (cont.)
Threat Events: Software Attacks (cont.)

http://www.informacija.rs/Clanci/Phishing-Obmanjivanje-korisnika.html
Threat Events: Software Attacks (cont.)
i) Pharming – involves a fake Web-site (remember Lab 1)
 phishing is accomplished by getting users to type in or
click on a bogus URL
 pharming redirects users to false website without them
even knowing it – typed in or clicked on URL looks OK
 performed through DNS
poisoning – user’s local
DNS Cache or DNS server
are ‘poisoned’ by a virus

http://www.itmatrix.com/FraudManagement/AntiPharming.html
poisoned
DNS server
Threat Events: Software Attacks (cont.)
• Biggest Challenge of – How much security?!
Information Security
Information security should balance protection & access
- a completely secure information system would not allow
anyone access!

You might also like