1 / 26

Chapter 7

Nearly every pc platform (and mobile devices PDAs, cell phones, etc) ... MSN Messenger. Net Meeting. Chat. Vchat. WinChat. WinPopUP. Yahoo Messenger. Lotus. Instant ...

Télécharger la présentation

Chapter 7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

    Slide 1:Chapter 7 Instant Messaging Attacks

    June 30

    Slide 2:Instant Messaging Attacks

    IM is a real-time communication popularly known as chat Nearly every pc platform (and mobile devices PDAs, cell phones, etc) have some form of IM. Most popular Internet Chat programs: AOL Instant Messenger (AIM) MSFT MSN Messenger Net Meeting Chat Vchat WinChat WinPopUP Yahoo Messenger Lotus Instant Meeting Same Time Unix: Many flavors

    Slide 3:Instant Messaging Attacks continued

    Most IMs allow users to create buddy lists or friends list IM clients can be configured to alarm or alert other users in their buddy lists as to when you are on the internet. Enables chatting Keyboard Voice and video File sharing Some IM clients enable public channels and private chat rooms or channel

    Slide 4:Figure 7-1 Types of Instant Messaging Networks

    All IM clients enable keyboard chats Newer versions have far more functionality enabling: File Sharing Private Chats Internet Telephone Radio Channels Video Cams On-Line Gaming Real Time Collaboration Email

    Slide 5:Network Models

    Two basic network models Peer to Peer Peer to Server Variants P2P Messages are broadcast from one client across the network, intercepted by destination client S/ W. Model works well on Local Area Networks

    Slide 6:Message Server Model

    Most popular network model Incorporates message servers that keep track of users and fonte messages to/from source and destination Larger IM networks will group servers within a network to distribute the load. Requires synchronization Figure 7-2

    Slide 7:P2 Server IM

    Slide 8:Variations Network Model

    Client to server model for location and messaging service. Peer to peer for private conversations, file transfers, video, audio. Types of IM AIM Proprietary format Largest number of users Variation network model Many hacks

    Slide 9:ICQ

    Israeli-based Mirabilis Assigns a number Audio, video, email Fair amount of hacker activity Now owned by AOL IRC Oldest and most popular IM Not owned by anyone public Defined in RFC 1459 Web Chats Numerous Some browser only (refreshing) Many using Java Applets

    Slide 10:IRC Standardized IRC protocol (RFC145) Each server belongs to a series of IRC servers to form a network Variations Network Model Must use an IRC client to connect

    Slide 11:IC Networks Many malicious code programs use IRC Popular networks EFnet (Eris Free Net) IRCnet Undernet Dalnet & others Size range from one server for private networks to over 100 interconnected servers & tens of thousands of online users Each network is a separate IRC community Public groups are formed as channels In general, users need to know what network and what channel to be on. Some networks will attempt to perform some type of authentication Each channel has an operator or ops

    Slide 12:IRC Hacks

    Mal hackers are and have used IRC to both hack the network and use IRC infrastructure to support other hacks going on. A great anonymizer

    Slide 13:IRC Clients

    MIRC Pinch irCII WSIRC Interface Chatman Virc Eggdrop BitchX Many more

    Slide 14:IRC Commands

    Connect to a network Basic commands /JOIN joins an existing channel /PART leaves a channel /LIST Lists all available channels MSG send a private message to an individual user /WHOIS shows info on a user /INVITE invite a user to join a particular channel /NICK change your nickname on the fly /NAMES show nicknames of non-invisible users /KICK force someone off the channel /MODE OPS: change admin channel options

    Slide 15:Other IRC Features

    DCC Direct Client to Client allows a user to connect directly with another IRC user. DCC send command send a user a file. DCC chat private conversation CTCP Client to client protocol Communication between two IRC clients which allows a user to expand their own IRC clients functionality

    Slide 16:Examples

    Grant operator status to a friend when you are absent Find out more info on a user What version client S/w he is using Remotely control an IRC client Remotely execute any command .into their IRC client & PC Often used to remotely pick-up and drop off files A feature hackers LOVE!

    Slide 17:Hacking IM

    Hacking the medium itself Knocking people off the chat network Taking control of a channel Joining a private chat Cause disruption Using it as a method of attacking computers attached to it. Using IM as a transport mechanism Moving viruses, worms, trojans onto remote computers and compromising their security Using IM as a zombie trigger, or agent control.

    Slide 18:Maliciously Hacking AIM & ICQ

    Hundreds of rogue hacking utilities Punters & Busters Punters goal: knock off other users from the chat medium Multiple invitations (many popup windows) Antipunters (defense) Busters: Programs which allow rogue hacker to gain access to a private chat without being invited.

    Slide 19:Malicious File Transfers

    Send user a trojan file Turn off file accept prompt Automated uploads for trusted buddies (then impersonate) Dozens of Trojans specifically built to exploit AIM users

    Slide 20:Name Hijacking All IM services are prone to name hijacking. ICQ uses sequential numbers as names AIM used limited number of letters of name of uniqueness (easily diverted) IP Address Stealing Run netstat IP hiding Wel Buffer Overflow URL Association overflow AIM: goim? <AAAA,,,,AAA>+ - restart

    Slide 21:Hacking IRC

    Script files Bots Lag Flooding Netsplit Nick Collision kill Channel DeSyncs Channel Wars Network Redirection

    Slide 22:Script files

    Extend the functionality of IRC clients Malicious scripts can be written Some clients have default scripts (mIRC) Downloadable scripts (can be trojanized) Scripts are at the heart of nearly all IRC worms mIRC used SCRIPT.INI

    Slide 23:bots

    Robots Automated scripts or compiled programs Bots appear as users within a channel (bot or srv in their names) War bots flooding, hacking, and enforce rules

    Slide 24:Lag

    Latency within the network or servers Speed and congestion problems Can cause net splits

    Slide 25:Flooding

    Slide 26:Script files Bots Lag Flooding Netsplit Nick Collision kill Channel DeSyncs Channel Wars Network Redirection

More Related