Hacking
Hacking
Hacking
Hackers
Topics
Crisis
Computer Crimes
Hacker Attacks
Modes of Computer Security
Password Security
Network Security
Web Security
Distributed Systems Security
Database Security
Crisis
Why Security?
Some of the sites which have been compromised
Yahoo
Microsoft
Amazon
Why do Hackers
Attack?
Financial Gain
Espionage
Venting anger at a company or organization
Terrorism
Denial of Service
Breaking into a site
Intelligence Gathering
Resource Usage
Deception
Passive Attacks
Sniffing
Passwords
Network Traffic
Sensitive Information
Information Gathering
Spoofing
Definition:
An attacker alters his identity so that some one thinks he
is some one else
Email, User ID, IP Address,
Attacker exploits trust relation between user and
networked machines to gain access to machines
Types of Spoofing:
1. IP Spoofing:
2. Email Spoofing
3. Web Spoofing
IP Spoofing Flying-Blind
Attack
Definition:
Attacker uses IP address of another computer to acquire
information or gain access
Replies sent back to 10.10.20.30
Spoofed Address
10.10.20.30
John
10.10.5.5
From Address: 10.10.20.30
To Address: 10.10.5.5
Attacker
10.10.50.50
IP Spoofing Source
Routing
Definition:
Attacker spoofs the address of another machine and inserts itself between
the attacked machine and the spoofed machine to intercept replies
Spoofed Address
10.10.20.30
Attacker
10.10.50.50
John
10.10.5.5
Email Spoofing
Definition:
Attacker sends messages masquerading as some one else
What can be the repercussions?
3. Telnet to port 25
Most mail servers use port 25 for SMTP. Attacker logs on to this
port and composes a message for the user.
Web Spoofing
Basic
Man-in-the-Middle Attack
Attacker acts as a proxy between the web server and the client
Attacker has to compromise the router or a node through which
the relevant traffic flows
URL Rewriting
Tracking State
Web Spoofing
Tracking State
Session Hijacking
Definition:
Process of taking over an existing active session
Modus Operandi:
1. User makes a connection to the server by
authenticating using his user ID and password.
2. After the users authenticate, they have access to the
server as long as the session lasts.
3. Hacker takes the user offline by denial of service
4. Hacker gains access to the user by impersonating the
user
Session Hijacking
Bob telnets to Server
Bob authenticates to Server
Server
Bob
Die!
Hi! I am Bob
Attacker
Attacker can
IP addresses
Port Numbers
Sequence Number
Definition:
Types:
1.
2.
3.
Send the victim data or packets which will cause system to crash or
reboot.
Since all resources are exhausted others are denied access to the
resources
Types:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
Ping of Death
SSPing
Land
Smurf
SYN Flood
CPU Hog
Win Nuke
RPC Locator
Jolt2
Bubonic
Microsoft Incomplete TCP/IP Packet Vulnerability
HP Openview Node Manager SNMP DOS Vulneability
Netscreen Firewall DOS Vulnerability
Checkpoint Firewall DOS Vulnerability
This attack takes advantage of the way in which information is stored by computer programs
An attacker tries to store more information on the stack than the size of the buffer
Bottom of
Memory
Buffer 2
Local Variable 2
Buffer 1
Local Variable 1
Fill
Direction
Bottom of
Memory
Return Pointer
Function Call
Arguments
Top of
Memory
Normal Stack
Top of
Memory
Fill
Direction
Buffer 2
Local Variable 2
Machine Code:
execve(/bin/sh)
New Pointer to
Exec Code
Function Call
Arguments
Smashed Stack
Programs which do not do not have a rigorous memory check in the code are vulnerable to this attack
Simple weaknesses can be exploited
If memory allocated for name is 50 characters, someone can break the system by sending a fictitious name of more than 50 characters
Can be used for espionage, denial of service or compromising the integrity of the data
Examples
Password Attacks
Password Security
Client
Hash
Function
Server
Hashed
Password
Compare
Password
Hashed
Password
Password
Salt
Stored Password
Allow/Deny Access
Shoulder Surfing
Social Engineering
Hybrid Attack
Dumpster Diving
People dump their trash papers in garbage which may contain information
to crack passwords
Conclusions