NETWORK SECURITY. Ch. 3: Network Attacks

Similar documents
CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

CSE 565 Computer Security Fall 2018

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Denial of Service. Serguei A. Mokhov SOEN321 - Fall 2004

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security

Computer Security: Principles and Practice

Endpoint Security - what-if analysis 1

ELEC5616 COMPUTER & NETWORK SECURITY

DDoS Testing with XM-2G. Step by Step Guide

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Configuring attack detection and prevention 1

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

DDoS PREVENTION TECHNIQUE

CSC 574 Computer and Network Security. TCP/IP Security

Network Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018

A Review on ICMPv6 Vulnerabilities and its Mitigation Techniques: Classification and Art

CS 161 Computer Security

DENIAL OF SERVICE ATTACKS

Anatomy and Mechanism of DOS attack

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

DDoS and Traceback 1

Cloudflare Advanced DDoS Protection

Systems and Network Security (NETW-1002)

Configuring attack detection and prevention 1

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

Distributed Denial of Service (DDoS)

Analysis. Group 5 Mohammad Ahmad Ryadh Almuaili

A Study on Intrusion Detection Techniques in a TCP/IP Environment

Chapter 4. Network Security. Part I

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Wireless LAN Security (RM12/2002)

Denial of Service. EJ Jung 11/08/10

Denial of Service. Eduardo Cardoso Abreu - Federico Matteo Bencic - Pavel Alexeenko -

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Network Security. Thierry Sans

ch02 True/False Indicate whether the statement is true or false.

Communication Networks ( ) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University. Allon Wagner

Table of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1

How Insecure is Wireless LAN?

Ping of death Land attack Teardrop Syn flood Smurf attack. DOS Attack Methods

Threat Pragmatics. Target 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

IBM i Version 7.3. Security Intrusion detection IBM

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

20-CS Cyber Defense Overview Fall, Network Basics

Mobile Security Fall 2013

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

AN INTRODUCTION TO ARP SPOOFING

Wireless Network Security

Network Security. Network Vulnerabilities

CIT 380: Securing Computer Systems. Network Security Concepts

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

network security s642 computer security adam everspaugh

Attack Prevention Technology White Paper

Network Security Protocols NET 412D

HP High-End Firewalls

Denial of Service and Distributed Denial of Service Attacks

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Attacks on WLAN Alessandro Redondi

Chapter 11: It s a Network. Introduction to Networking

Denial Of Service Attacks

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Lab1. Definition of Sniffing: Passive Sniffing: Active Sniffing: How Does ARP Spoofing (Poisoning) Work?

Chapter 10: Denial-of-Services

Chapter 7. Denial of Service Attacks

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

Network Security. Chapter 0. Attacks and Attack Detection

Man In The Middle Project completed by: John Ouimet and Kyle Newman

Denial of Service (DoS) attacks and countermeasures

Introduction to Computer Security

CSC 6575: Internet Security Fall Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers

MITIGATING DENIAL OF SERVICE ATTACKS IN OLSR PROTOCOL USING FICTITIOUS NODES

HP High-End Firewalls

Resources and Credits. Definition. Symptoms. Denial of Service 3/3/2010 COMP Information on Denial of Service attacks can

Denial of Service, Traceback and Anonymity

Secure Telephony Enabled Middle-box (STEM)

Computer and Network Security

A Framework for Optimizing IP over Ethernet Naming System

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Last time. Trusted Operating System Design. Security in Networks. Security Features Trusted Computing Base Least Privilege in Popular OSs Assurance

ICS 351: Networking Protocols

GCIH. GIAC Certified Incident Handler.

CS670: Network security

Configuring IP Services

Networking interview questions

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015

A Look Back at Security Problems in the TCP/IP Protocol Suite Review

Are You Fully Prepared to Withstand DNS Attacks?

ARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

Chapter 8 roadmap. Network Security

Firewalls, Tunnels, and Network Intrusion Detection

Flashback.. Internet design goals. Security Part One: Attacks and Countermeasures. Why did they leave it out? Security Vulnerabilities

ICS 451: Today's plan

Network Defenses 21 JANUARY KAMI VANIEA 1

To Study and Explain the Different DDOS Attacks In MANET

Basic Concepts in Intrusion Detection

Transcription:

NETWORK SECURITY Ch. 3: Network Attacks

Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2

3.1 Network Vulnerabilities Two broad categories of network vulnerabilities: those found in network transport media, and network devices. 03 NETWORK ATTACKS 3

3.1 Network Vulnerabilities 3.1.1 Media-Based Vulnerabilities Monitoring traffic can be done in two ways: By port mirroring on a manageable switch, that allow traffic redirection from all or some ports to a designated port and analyze by a protocol analyzer (also called a sniffer) A second method for monitoring traffic is to install a network tap 03 NETWORK ATTACKS 4

3.1 Network Vulnerabilities 03 NETWORK ATTACKS 5

3.1 Network Vulnerabilities 03 NETWORK ATTACKS 6

3.1 Network Vulnerabilities Just as network taps and protocol analyzers can be used for legitimate purposes, they also can be used by attackers to intercept and view network traffic. By default, a switch sends packets only to the intended recipient. However, there are several techniques that can be used to circumvent this limitation. 03 NETWORK ATTACKS 7

3.1 Network Vulnerabilities 03 NETWORK ATTACKS 8

3.1 Network Vulnerabilities 3.1.2 Network Device Vulnerabilities Common network device vulnerabilities include: some factors cause many network administrators to use weak passwords, or those that compromise security. default accounts, is a user account on a device that is created automatically by the device instead of by an administrator. a back door, an account that is secretly set up without the administrator s knowledge or permission. privilege escalation, it is possible to exploit a vulnerability in the network device s software to gain access to resources. 03 NETWORK ATTACKS 9

3.2 Categories of Attacks There are a number of different categories of attacks that are conducted against networks. These categories include denial of service, spoofing, man-in-the-middle, and replay attacks. 03 NETWORK ATTACKS 10

3.2 Categories of Attacks 3.2.1 Denial of Service (DoS) A DoS attack attempts to consume network resources so that the network or its devices cannot respond to legitimate requests. DoS attacks can take several forms: Overwhelm a network Overwhelm a server Bring down a server 03 NETWORK ATTACKS 11

3.2 Categories of Attacks SYN Flood Attacks The earliest DoS attacks were launched from a single source computer. The attacker launches packets from his or her machine that compromise the victim. One of the earliest to appear was the SYN flood attack which takes advantage of the TCP three-way handshake. 03 NETWORK ATTACKS 12

3.2 Categories of Attacks The general technique of the attack is to send a flood of SYN segments to the victim with spoofed and usually invalid source IP addresses. As a result, the victim slows down and can t handle legitimate traffic in an acceptable time frame. 03 NETWORK ATTACKS 13

3.2 Categories of Attacks 03 NETWORK ATTACKS 14

3.2 Categories of Attacks Ping of Death A simple way to mount a DoS attack is to flood the victim system with multiple, oversized ping requests. The attacker sends a ping in a packet that has too much data in its data field, creating a packet that is too long (more than 65,536 octets). The victim receives these oversized packets and is likely to crash, hang, or even reboot. 03 NETWORK ATTACKS 15

3.2 Categories of Attacks Smurf Smurf is a DoS attack that takes advantage of ICMP and IP broadcast addresses. Smurf works in the following way: An attacker creates an ICMP echo request packet with a spoofed return address (the IP address of the attack s victim) and a broadcast destination address. The attacker then sends the packet to another target, usually a router that doesn t block ICMP echo requests to broadcast addresses. 03 NETWORK ATTACKS 16

3.2 Categories of Attacks The router sends the packet to all systems on its network. Each system that received the echo request packet responds to the victim, flooding the victim with packets that tie up its network bandwidth. The attacker sends the datagram to the victim. The victim s chargen service responds with a random string of characters, which goes to the spoofed IP address on its own network. The two systems continue to send characters to each other, slowing both their own processing and network traffic. 03 NETWORK ATTACKS 17

3.2 Categories of Attacks UDP Flood Attacks A UDP flood attack (sometimes called pingpong) takes advantage of the chargen (useless) service, which is used legitimately to test hosts and networks. An attacker mounts it in the following manner: The attacker spoofs the return IP address of a UDP datagram that makes a request of the chargen service. Typically, the spoofed return address will point to a host on the victim network. An attacker can also mount a similar type of attack using echo requests. 03 NETWORK ATTACKS 18

3.2 Categories of Attacks DoS attacks can be used against wireless networks as well. An attacker can flood the radio frequency (RF) spectrum with enough radiomagnetic interference. However, these attacks generally are not widespread because sophisticated and expensive equipment is necessary 03 NETWORK ATTACKS 19

3.2 Categories of Attacks 03 NETWORK ATTACKS 20

3.2 Categories of Attacks Most successful wireless DoS attacks take a different approach. Attackers can take advantages of CSMA/CA and explicit frame ACK to perform a wireless DoS. Another wireless DoS attack uses disassociation frames. A disassociation frame is sent to a device to force it to temporarily disconnect from the wireless network. 03 NETWORK ATTACKS 21

3.2 Categories of Attacks 03 NETWORK ATTACKS 22

3.2 Categories of Attacks A variant of the DoS is the distributed denial of service (DDoS) attack. Instead of using one computer, a DDoS may use hundreds or thousands of zombie computers in a botnet to flood a device with requests. This makes it virtually impossible to identify and block the source of the attack. 03 NETWORK ATTACKS 23

3.2 Categories of Attacks 03 NETWORK ATTACKS 24

3.2 Categories of Attacks Attacks that were categorized in this DDoS include: Tribe Flood Network, Trinoo, and Stacheldraht. Tribe Flood Network uses client software on compromised hosts to launch attacks on a victim or victims. 03 NETWORK ATTACKS 25

3.2 Categories of Attacks 03 NETWORK ATTACKS 26

3.2 Categories of Attacks Trinoo Similar to that of TFN (the attacker communicating with daemons on a compromised host). However, it is used to launch UDP flood attacks from multiple sources. 03 NETWORK ATTACKS 27

3.2 Categories of Attacks Stacheldraht A variation of TFN and Trinoo. The client communicates with handlers using encrypted communication from a command line. Handlers are password protected. Stacheldraht uses both TCP and ICMP to mount attacks. 03 NETWORK ATTACKS 28

3.2 Categories of Attacks 3.2.2 Spoofing Spoofing is impersonation; that is, it is pretending to be someone or something else by presenting false information. There are some type of spoofing, TCP Spoofing DNS Spoofing IP Spoofing, and Web Spoofing 03 NETWORK ATTACKS 29

3.2 Categories of Attacks TCP Spoofing The goal of a cracker is to jump into the middle of the TCP exchanges, intercepting the segments and inserting his/her own segments. To make TCP spoofing work, the cracker needs to know the starting sequence number of the TCP segments so that the fake segment returned. 03 NETWORK ATTACKS 30

3.2 Categories of Attacks 03 NETWORK ATTACKS 31

3.2 Categories of Attacks DNS Spoofing A method for redirecting users to a Web site other than the one to which a domain name is actually registered. The most common variation is malicious cache poisoning, which involves the modification of data in the cache of a domain name server. Any name server that specifically isn t protected against this type of attack is vulnerable. 03 NETWORK ATTACKS 32

3.2 Categories of Attacks 03 NETWORK ATTACKS 33

3.2 Categories of Attacks 03 NETWORK ATTACKS 34

3.2 Categories of Attacks IP Spoofing The most common type of spoofing. Used primarily to spoof the source address of e-mail. The intent is to trick the user into thinking the e-mail comes from a trusted source. 03 NETWORK ATTACKS 35

3.2 Categories of Attacks Web Spoofing Web spoofing involves tricking a user into thinking he or she is interacting with a trusted Web site. Spoofed Web sites look very much like the site they are imitating. 03 NETWORK ATTACKS 36

3.2 Categories of Attacks 3.2.3 Man-in-the-Middle This type of attack makes it seem that two computers are communicating with each other, when actually they are sending and receiving data with a computer between them, or the man-in-the-middle. 03 NETWORK ATTACKS 37

3.2 Categories of Attacks 03 NETWORK ATTACKS 38

3.2 Categories of Attacks Man-in-the-middle attacks can be active or passive. In a passive attack, the attacker captures the data that is being transmitted, records it, and then sends it on to the original recipient without his presence being detected. In an active attack, the contents are intercepted and altered before they are sent on to the recipient. 03 NETWORK ATTACKS 39

3.2 Categories of Attacks 3.2.4 Replay A replay attack is similar to a passive man-in-the-middle attack. Whereas a passive attack sends the transmission immediately, a replay attack makes a copy of the transmission before sending it to the recipient. This copy is then used at a later time (the man-in-the-middle replays it). 03 NETWORK ATTACKS 40

3.3 Methods of Net. Attacks Five steps of Attack Probe for information. The first step in an attack is to probe the system for any information that can be used to attack it (reconnaissance). Penetrate any defenses. The next step is to launch the attack to penetrate the defenses. Modify security settings. This allows the attacker to re-enter the compromised system 03 NETWORK ATTACKS 41

3.3 Methods of Net. Attacks Circulate to other systems. The attacker then uses the compromised systems as a base to attack other networks and computers. Paralyze networks and devices. Attackers may also work to maliciously damage. 03 NETWORK ATTACKS 42

3.3 Methods of Net. Attacks 03 NETWORK ATTACKS 43

3.3 Methods of Net. Attacks Just as there are different categories of attacks on networks, there are several different ways to perform these attacks. Network attack methods can be protocol-based or wireless, as well as other methods. 03 NETWORK ATTACKS 44

3.3 Methods of Net. Attacks 3.3.1 Protocol-Based Attacks The most common methods of attack. The weakness is inherent within the protocol itself and can be harder to defend. Some of the most common protocol-based attacks are: Antiquated Protocols, DNS attacks, ARP poisoning, and TCP/IP hijacking. 03 NETWORK ATTACKS 45

3.3 Methods of Net. Attacks Antiquated Protocols Over time, TCP/IP protocols have been updated often to address security vulnerabilities. Antiquated protocols, like SNMPv1 and SNMPv2, are popular targets for attackers. 03 NETWORK ATTACKS 46

3.3 Methods of Net. Attacks DNS Attacks The DNS is frequently the focus of attacks. These attacks include DNS poisoning and DNS transfers. DNS Poisoning. One type of DNS attack is to substitute a fraudulent IP address so that when a user enters a symbolic name, she is directed to the fraudulent computer site. 03 NETWORK ATTACKS 47

3.3 Methods of Net. Attacks 03 NETWORK ATTACKS 48

3.3 Methods of Net. Attacks Substituting a fraudulent IP address can be done in one of two different locations. First, TCP/IP still uses host tables stored on the local computer. Attackers can target a local host s file to create new entries that will redirect users to their fraudulent site. Another approach to substituting a fraudulent IP address is to target the external DNS server and is called DNS poisoning (also called DNS spoofing). 03 NETWORK ATTACKS 49

3.3 Methods of Net. Attacks DNS Transfers A second attack using DNS is almost the reverse of DNS poisoning. An attacker asks the valid DNS server for a zone transfer. With this information it would be possible for the attacker to map the entire internal network. 03 NETWORK ATTACKS 50

3.3 Methods of Net. Attacks ARP Poisoning Similar to DNS poisoning, an attacker could alter the MAC address in the ARP cache so that the corresponding IP address would point to a different computer. Attackers would : Send a malicious ARP reply to the router (1) and victims (2) associating his MAC and begin to send or forward any network traffic it receives (3). 03 NETWORK ATTACKS 51

3.3 Methods of Net. Attacks 03 NETWORK ATTACKS 52

3.3 Methods of Net. Attacks TCP/IP Hijacking In order to identify TCP packets, the TCP header consists of two 32-bit fields that are used as packet counters. In a TCP/IP hijacking attack, the attacker creates fictitious ( spoofed ) TCP packets to take advantage of the weaknesses. 03 NETWORK ATTACKS 53

3.3 Methods of Net. Attacks 03 NETWORK ATTACKS 54

3.3 Methods of Net. Attacks 3.3.2 Wireless Attacks As wireless networks have become commonplace, new attacks have been created to target these networks. These attacks include : rogue access points, war driving, bluesnarfing, and blue jacking. 03 NETWORK ATTACKS 55

3.3 Methods of Net. Attacks Rogue Access Points Improperly configured (rogue) AP provided open access to an attacker who also picks up the wireless signal. This attacker can then circumvent the security protections of the company s network and launch attacks on all users. 03 NETWORK ATTACKS 56

3.3 Methods of Net. Attacks 03 NETWORK ATTACKS 57

3.3 Methods of Net. Attacks War Driving At regular intervals (normally every 100 microseconds) a wireless AP sends a beacon frame to announce its presence and to provide the necessary information for devices that want to join the network. There is no means to limit who receives the signal, unapproved wireless devices can likewise pick up the beaconing RF transmission. 03 NETWORK ATTACKS 58

3.3 Methods of Net. Attacks War driving technically involves using an automobile to search for wireless signals over a large area. Wireless location mapping (or War Driving, informal) is the formal expression for this passive wireless discovery, or the process of finding a WLAN signal and recording information about it. 03 NETWORK ATTACKS 59

3.3 Methods of Net. Attacks Bluesnarfing Bluetooth is the name given to a wireless technology that uses short-range RF transmissions. It provides for rapid on the fly and ad hoc connections between devices. Standardized as IEEE 802.15.1, with one of their network topologies is known as a piconet. 03 NETWORK ATTACKS 60

3.3 Methods of Net. Attacks Due to the ad hoc nature of Bluetooth piconets and scatternets, attacks on wireless Bluetooth technology have appeared. Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and personal digital assistants. 03 NETWORK ATTACKS 61

3.3 Methods of Net. Attacks Bluesnarfing allows an attacker to access e-mails, calendars, contact lists, and cell phone pictures and videos by simply connecting to that Bluetooth device without the owner s knowledge or permission. 03 NETWORK ATTACKS 62

3.3 Methods of Net. Attacks Blue jacking is sending unsolicited messages from Bluetooth to Bluetooth-enabled devices. Bluejacking is usually considered less harmful than bluesnarfing because no data is stolen. 03 NETWORK ATTACKS 63

3.3 Methods of Net. Attacks 3.3.3 Other Attacks and Frauds Other types of attacks and frauds that are sometimes found today are Null sessions and Domain Name Kiting. 03 NETWORK ATTACKS 64

3.3 Methods of Net. Attacks Null Sessions Null sessions are unauthenticated connections to a Microsoft Windows 2000 or Windows NT computer that do not require a username or a password. Using a command as simple as C:\>net use \\192.168.###.###\IPC$ "" /u: could allow an attacker to connect to open a channel 03 NETWORK ATTACKS 65

3.3 Methods of Net. Attacks Domain Name Kiting Check kiting is a type of fraud that involves the unlawful use of checking accounts to gain additional time before the fraud is detected. Domain Name Kiting is a variation on the kiting concept of taking advantage of additional time. 03 NETWORK ATTACKS 66

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback