1 / 44

WARNING !

WARNING !. The system is either busy or has been unstable. You can wait and See if it becomes available again, or you can restart your computer. * Press any key to return to Windows and wait. * Press CTRL+ALT+DEL again to restart your computer. You will

trory
Télécharger la présentation

WARNING !

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WARNING ! • The system is either busy or has been unstable. You can wait and • See if it becomes available again, or you can restart your computer. • * Press any key to return to Windows and wait. • * Press CTRL+ALT+DEL again to restart your computer. You will • Lose unsaved information in any programs that are running. • Press any key to continue.

  2. Group 4 Presents: Carl the Happy Chatter But not for long…. Carl Morris Andrew Snyder Ken Nguyen Dec 4 2000 User Attacks

  3. User Attacks What is it? • An attack mounted against an end user of the Internet Goals of an attacker • Obtain access to systems • Eavesdrop on communications • Aggravate and annoy a household user • Cause damage! Anything to annoy an end user

  4. Context of Discussion • Not meant to apply to “computer geeks” • Applies to average end user • Attacks mounted easily by attackers with limited computer knowledge

  5. Methods of choice • Performed a search for phrases such as “How to find Windows NT passwords,” “Hacking into Computers” & “Easy Hacking” • Used our own past experiences (world & class) • Our own interests

  6. We decided... • The Big Three: • Denial of Service (DoS) • Packet Sniffing • Back Orifice 2000

  7. What is DoS? • Attacker consumes limited resources on victim’s machine • CPU time • memory • bandwidth

  8. DoS • Easy DoS Attack • Ping Flooding • Ping of Death • WinNuke

  9. Ping Flooding • What is Ping Flooding? • Sending huge amounts of ICMP Echo Requests • Used legitimately to test your connection

  10. Ping Flooding (cont.) • Ping Flooding’s impact • Ties up victim’s bandwidth • Forces dialup users to disconnect • May cause victim’s machine to crash

  11. Ping Flooding (cont.) • Ping Flooding is Hard! • Need to know victim’s IP • Easily obtained from ICQ, IRC, message forums, etc... • Must type “ping destination_IP –t –l huge#”

  12. Ping of Death • What is Ping of Death? • Carl receives a packet of illegal size • Carl’s computer crashes 

  13. Ping of Death (cont.) • Ping of Death is also very hard • Must type “ping destination_IP –l 65550”

  14. WinNuke • What is WinNuke? • Takes advantage of Window’s Out of Band (OOB) bug • Carl receives a pointer that is invalid • Carl’s computer crashes 

  15. WinNuke • WinNuke is also very hard

  16. Protect yourself • Ping of Death & WinNuke • Get patches for your appropriate OS to prevent overflow/pointer error

  17. Protect yourself • Ping Flooding • Sets computer not to echo back, cuts by 50% • Call your ISP, or set up your own firewall • Stop it before it start: Do not give out your IP!

  18. What Is Packet Sniffing? • Packet sniffing is eavesdropping on network traffic. • It consists of capturing packets on the network and analyzing them to obtain information.

  19. What Is in a Packet? • Source and Destination (MAC) • A packet can contain information ranging from web addresses to passwords. • However, it is all in binary form, and requires a protocol analyzer to make sense of it all.

  20. MAC • Each Ethernet card contains a 48-bit identifier – Media Access Control • The first 24 bits identify the vendor • The last 24 bits identify the card • To find out your MAC: Win9x – winipcfg.exe WinNT – ipconfig /all Linux – ifconfig

  21. How Is Packet Sniffing Used? • Packets are captured. -- Promiscuous mode • Packets are analyzed. -- Protocol analyzer (LanSleuth, Neptune, Ethereal)

  22. Malicious Effects • Websites • Passwords • Any unencrypted information sent over the network (Messages, Files)

  23. Ease of Use • Network Protocol Analyzers LanSleuth, Ethereal, Neptune, snoop • Easy installation and configuration • Some analyzers require administrative permissions

  24. Examples • Packet captured using Ethereal

  25. Analyzing • Packet entered into Ethereal Decode

  26. Preventions • Encrypt all transfers SSL – Secure Socket Language SSH – Secure Shell VPN – Virtual Private Networks

  27. Detections • In theory – impossible • In practice – possible sometimes • Stand-alone packet sniffers don’t transfer packets • Non-standard generate traffic (DNS reverse lookups in order to find names associated with IP addresses)

  28. Ping Method • Send a request • Nobody should respond • Response --> Sniffer!

  29. Packet Sniffing Re-visited • Packets are “captured” on the network • They are then analyzed - Passwords - Web sites • Impossible to stop • Difficult to detect

  30. Back Orifice 2000 What is it? “The most powerful network administration tool available for the Microsoft environment” How is it used? • An “administrator” • creates a custom server file • installs this server on the target machine • connects to the target machine • perform various functions

  31. Back Orifice 2000 Malicious effects A malicious attacker can: • Install the server on victim’s machine • Take over computer • Logging keystrokes • Rebooting • Viewing • cached passwords • the active screen • etc Ease of use • In the next few minutes, I will show you how to use BO2K

  32. Back Orifice 2000 Create a server file…

  33. Back Orifice 2000 Create a server file… (continued)

  34. Back Orifice 2000 Time to connect

  35. Back Orifice 2000 Some stuff…

  36. Back Orifice 2000 Plugins • Encryption (AES, IDEA, RC6, Serpent) • Communications • Server Enhancement • Client Enhancement

  37. Back Orifice 2000 BO Peep Plugin

  38. Back Orifice 2000 BO Tools Plugin

  39. Prevention Measures Umgr32.Exe anyone ? 1) Antivirus 2) firewall 3) don’t trust anyone 4) look for umgr32.Exe (or registry) on your computer 5) Microsoft: get a clue

  40. Summary • Many user attacks are so easy that even your mom could figure them out • Some attacks can’t be protected against based on current network protocol and system architecture • Microsoft needs to tighten up security on their products

  41. Conclusion • Are you safe? • That kid next door could be screwing with you right now. • You could be a victim of user attacks and not even know it. • Practice online safety measures. • You are not invincible: Don’t take security for granted

  42. Questions

More Related