Anatomy of attacks Buffer Overflow attacks Rootkits Warning

Anatomy of attacks Buffer Overflow attacks & Rootkits

Warning Do not use hacking tools unless you are sure you have sysadmin’s permission. n n Company policy fired/suspended Illegal Go to Jail Honor Code Just because you have a set of masterkeys does NOT give you permission to drive anyone’s car!

Prep for class Log into a Linux VM Download the Embry-Riddle demos n Demos only, not real hacks Open a tty in Linux for the rootkit demos.

Gift of fire? To get access to the world through the Internet we trade increased exposure of ourselves. The trade is not optional n n Improved user experience requires Personal knowledge Apple i. Phone: Siri?

Buffer Overflow Work through the Embry-Riddle tutorial n n “Stacks”—normal returns & data on stack “Spock”—Buffer overflow with altered data “Smasher”—Buffer overflow with altered return address “Stackguard”—using a “canary” to sniff an attack RSA notes Questions n How do these get into the users’ system?

Root Kits Work through Linux. Focus Notes Story of the Sony rootkit problem

Rootkit details Definition trojan and backdoor Example: Linux Root kit trojanned commands Promiscuous mode is dangerous DEMO: Use ifconfig to check promiscuous (su) n n n Linux tty ifconfig –a; ifconfig eth 1 promisc And use ifconfig eth 1 –promisc to undo Try tcpdump –i any to view traffic (tutorial) Can use checksum to detect altered commands n if clean backups are available

Rootkit Questions Class exercise: Search Google for current “rootkit” info n n n How do rootkits get installed? How can you detect them? How can you remove them?

Root kit summary Review main points in notes If the system is compromised the cracker can use trojanned commands and backdoors to hide It is nearly impossible to use a rooted system to clean itself n Boot off CD with toolkit

Script Kiddies Metasploit Demo video

More? IT 466 Information Assurance and Security (IAS) Discusses this in depth n n With discussions of ethics And “sandbox” exercises