SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Similar documents
NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

CSE 565 Computer Security Fall 2018

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

NETWORK SECURITY. Ch. 3: Network Attacks

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

CTS2134 Introduction to Networking. Module 08: Network Security

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

Application Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Computer Security Exam 3 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

ECCouncil Certified Ethical Hacker. Download Full Version :

Features of a proxy server: - Nowadays, by using TCP/IP within local area networks, the relaying role that the proxy

CIS 4360 Secure Computer Systems XSS

Defeating All Man-in-the-Middle Attacks

Computer Security 3e. Dieter Gollmann. Chapter 18: 1

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

OWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.

CSCE 813 Internet Security Case Study II: XSS

Computer Security and Privacy

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

Network Security. Course notes. Version

Wireless LAN Security (RM12/2002)

Secure Internet Commerce -- Design and Implementation of the Security Architecture of Security First Network Bank, FSB. Abstract

CS 161 Computer Security

PrecisionAccess Trusted Access Control

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

Phishing Read Behind The Lines

Handout 20 - Quiz 2 Solutions

e-commerce Study Guide Test 2. Security Chapter 10

Lecture Overview. IN5290 Ethical Hacking

Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks

On the Internet, nobody knows you re a dog.

ICS 351: Today's plan. web scripting languages HTTPS: SSL and TLS certificates cookies DNS reminder

WEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Frequently Asked Questions (FAQ)

ELEC5616 COMPUTER & NETWORK SECURITY

Copyright

Hacking Terminology. Mark R. Adams, CISSP KPMG LLP

CHAPTER 8 SECURING INFORMATION SYSTEMS

Web Security II. Slides from M. Hicks, University of Maryland

Security: Focus of Control. Authentication

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Software and Web Security 2

Configuring Caching Services

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Man-In-The-Browser Attacks. Daniel Tomescu

CE Advanced Network Security Phishing I

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Security and Authentication

NET 311 INFORMATION SECURITY

Internet Crimes Against Children:

Application vulnerabilities and defences

FAQ. Usually appear to be sent from official address

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

WebGoat Lab session overview

Chapter 2. Switch Concepts and Configuration. Part II

Firewall Identification: Banner Grabbing

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Phishing. Eugene Davis UAH Information Security Club April 11, 2013

Curso: Ethical Hacking and Countermeasures

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web

ICS 351: Today's plan. web scripting languages HTTPS: SSL and TLS certificates cookies DNS reminder

Flashback.. Internet design goals. Security Part One: Attacks and Countermeasures. Why did they leave it out? Security Vulnerabilities

Security: Focus of Control

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

CSE 565 Computer Security Fall 2018

P2_L12 Web Security Page 1

Security and Privacy

Phishing Attacks. Mendel Rosenblum. CS142 Lecture Notes - Phishing Attack

Securing CS-MARS C H A P T E R

Firewalls, Tunnels, and Network Intrusion Detection

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

Authentication Security

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CSCE 463/612 Networks and Distributed Processing Spring 2018

Why Firewalls? Firewall Characteristics

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

Definition of firewall

Robust Defenses for Cross-Site Request Forgery Review

Cryptographic Protocols 1

Remote Administration

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Computer Network Vulnerabilities

Post Connection Attacks

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Don t blink or how to create secure software. Bozhidar Bozhanov, LogSentinel

Our Narrow Focus Computer Networking Security Vulnerabilities. IP-level vulnerabilities

ICS 351: Today's plan. IPv6 routing protocols (summary) HTML HTTP web scripting languages certificates (review) cookies

Web Security, Summer Term 2012

Web Security, Summer Term 2012

Web Application Security. Philippe Bogaerts

Chapter 26: Network Security

2/16/18. CYSE 411/AIT 681 Secure Software Engineering. Secure Coding. The Web. Topic #11. Web Security. Instructor: Dr. Kun Sun

Transcription:

SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1

Learning Objectives Students should be able to: Determine relevance of spoofing attacks to specific business scenarios Identify various types of spoofing Recognize different spoofing attacks Determine controls for spoofing 2

Basics Definition: Computer on a network pretends to have identity of another computer, usually one with special access privileges, so as to obtain access to the other computers on the network Typical Behaviors: Spoofing computer often doesn t have access to user-level commands so attempts to use automation-level services, such as email or message handlers, are employed Vulnerabilities: Automation services designed for network interoperability are especially vulnerable, especially those adhering to open standards. 3

Types IP Spoofing: Typically involves sending packets with spoofed IP addresses to machines to fool the machine into processing the packets Email Spoofing: Attacker sends messages masquerading as some one else Web Spoofing: Assume the web identity and control traffic to and from the web server 4

IP Spoofing: Definition Attacker uses IP address of another computer to acquire information or gain access to another computer Types Basic Address Change Use source routing to intercept packets Exploit trust relationships on UNIX machines 5

IP Spoofing: Basic Address Change Replies sent back to 10.10.20.30 Steps Spoofed Address 10.10.20.30 1. Attacker changes his own IP address to spoofed address 2. Attacker can send messages to a machine masquerading as spoofed machine 3. Attacker can not receive messages from that machine Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 6

IP Spoofing: Source Routing To facilitate two way traffic, attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies The path a packet may change can vary over time so attacker uses source routing to ensure that the packets pass through certain nodes on the network Spoofed Address 10.10.20.30 Attacker intercepts packets as they go to 10.10.20.30 From Address: 10.10.20.30 To Address: 10.10.5.5 Replies sent back to 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 7

IP Spoofing: Prevention Prevention Protect your machines from being used to launch a spoofing attack Little can be done to prevent other people from spoofing your address Users can be prevented from having access to network configuration To protect your company from spoofing attack you can apply basic filters at your routers Ingress Filtering: Prevent packets from outside coming in with address from inside. Egress Filtering: Prevents packets not having an internal address from leaving the network 8

IP Spoofing: Unix Trust Relations In UNIX trust relationships can be set up between multiple machines After trust becomes established user can use Unix r-commands to access sources on different machines A.rhosts file is set up on individual machines or /etc/hosts.equiv is used to set it up at the system level Trust relationship is easy to spoof If user realizes that a machine trusts the IP address 10.10.10.5 he can spoof that address and he is allowed access without password The responses go back to the spoofed machine so this is a flying blind attack. Protection Do not use trust relations Do not allow trust relationships on the internet and limit them within the company Monitor which machines and users can have trust without jeopardizing critical data or function 9

IP Spoofing: Prevention and Detection Prevention: Limit system privileges of automation services to minimum necessary Upgrade via security patches as they become available Detection: Monitor transaction logs of automation services, scanning for unusual behaviors If automating this process do so off-line to avoid tunneling attacks Countermeasures: Disconnect automation services until patched Monitor automation access points, such as network sockets, scanning for next spoof, in attempt to track perpetrator 10

Email Spoofing: Types Definition: Attacker sends messages masquerading as someone else. What are the repercussions? Types Fake email accounts Changing email configuration Telnet to mail port 11

Email Spoofing: Basics Reasons: Attackers want to hide their identity while sending messages (sending anonymous emails) User sends email to anonymous e-mailer which sends emails to the intended recipient Attacker wants to impersonate someone To get someone in trouble Social engineering Get information by pretending to be someone else 12

Email Spoofing: Similar Name Account Create an account with similar email address SanjayGoel@yahoo.com: A message from this account can perplex the students Most mailers have an alias field (this can be used to prescribe any name. Example Class: I am too sick to come to the class tomorrow so the class is cancelled. The assignments that were due are now due next week. Sanjay Goel 13

Email Spoofing: Similar Name Account Protection Educating the employees in a corporation to be cautious Make sure that the full email address rather than alias is displayed Institute policy that all official communication be done using company email Use PKI where digital signature of each employee is associated with the email 14

Email Spoofing: Modify Mail Client When email is sent from the user no authentication is performed on the from address Attacker can put in any return address he wants to in the mail he sends Protection Education Audit Logging Looking at the full email address 15

Email Spoofing: Telnet to Port 25 Telnet to port 25 Most mail servers use port 25 for SMTP. An attacker runs a port scan and gets the IP address of machine with port 25 open telnet IP address 25 (cmd to telnet to port 25) Attacker logs on to this port and composes a message for the user. Example: Hello mail from:spoofed-email-address Rcpt to: person-sending-mail-to Data (message you want to send) Period sign at the end of the message 16

Email Spoofing: Telnet to Port 25 Mail relaying is the sending of email to a person on a different domain Used for sending anonymous email messages Protection Make sure recipients domain same as mail server New SMTP servers disallow mail relaying From remote connection the from and to addresses are from same domain as mail server Make sure spoofing and relay filters are configured 17

Web Spoofing: Types Web spoofing is the act of tricking a web browser into talking to a web server other than the intended server Once spoofed the spoofed web server can send fake web pages or fool the victim into releasing personal information It can be done by hacking the DNS that maps the server in a URL to a network address, or by modifying a Web page to have a bad URL, or by tricking your browser as it interprets CGI data, JavaScript, etc. Types Registering a similar sounding domain Man-in-the-Middle Attack URL Rewriting Tracking State 18

Web Spoofing: Registering new Domain No requirement against registering a domain Attacker registers a web address matching an entity Process e.g. geproducts.com, gesucks.com Hacker sets up site similar to authentic site User goes to the spoofed site, orders items, and checks out Site prompts user for credit card information Gives the user a cookie Puts message that site is experiencing technical difficulty When user tries back spoofed site checks cookie Directs the user back to legitimate site 19

Web Spoofing: Man in the Middle Attack Man-in-the-Middle Attack Attacker inserts itself as a proxy between web server and client Intercepts all communication and controls flow of information between client and server Attacker has to compromise router or node through which the relevant traffic flows Protection Secure perimeter to prevent compromise of routers 20

Web Spoofing Web Spoofing: URL Rewriting URL Rewriting Attacker redirects web traffic to another site that is controlled by the attacker Attacker writes his own web site address before the legitimate link e.g. <A href= http://www.hacker.com/http://www.albany.edu/index.html > The user is first directed to the hacker site and then redirected to the actual site Protections Web browsers should be configured to always show complete address Ensure that code for website is properly protected at the server end and during transit 21

Web Spoofing: Tracking State Web Sites need to maintain persistent authentication so that user does not have to authenticate repeatedly Http is a stateless protocol Tracking State is required to maintain persistent authentication This authentication can be stolen for masquerading as the user 22

Web Spoofing Tracking State Three types of tracking methods are used: Cookies: Text containing ID of the user stored in the cookie file Attacker can read the ID from users cookie file URL Session Tracking: An id is appended to all the links in the website web pages. Attacker can guess or read this id and masquerade as user Hidden Form Elements ID is hidden in form elements which are not visible to user Hacker can modify these to masquerade as another user 23

Web Spoofing: Protection Random hard to guess ID Could be a random number in between 1 to 1000 Use server side certificates Certificates much harder to spoof Users need to ensure that the certificates are legitimate before clicking on OK to accept certificate Protect the hard drive physically Do not leave terminals unattended Use non-persistent cookies since hacker has to access and edit memory to get to it. Keep session inactivity time low 24

Web Spoofing: Protection Disable JavaScript, ActiveX and other scripting languages that execute locally or in the browser Make sure that browser s URL address line is always visible User Education 25

Summary Spoofing is the false representation of a digital identity. Spoofing comes in three forms IP Spoofing: using the IP address of another computer to gain access to unauthorized information. Email Spoofing: masquerading as someone else through email. Web Spoofing: having a web browser talk to a different web server than intended. Various security controls are available to prevent and protect against spoofing. 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback