Peer to Peer Networks and Security Kostya Kortchinsky
- Slides: 33
Peer to Peer Networks and Security Kostya Kortchinsky CERT RENATER Kostya. Kortchinsky@renater. fr 9/18/2020 Kostya Kortchinsky - RENATER 1
Agenda • Some Figures • Security Issues – Viruses, trojans, and other malware – Information disclosure – System compromise • Solutions 9/18/2020 Kostya Kortchinsky - RENATER 2
Some Figures 9/18/2020 Kostya Kortchinsky - RENATER 3
Traffic Monitoring on RENATER Netflow 9/18/2020 Kostya Kortchinsky - RENATER 4
Traffic coming from RENATER 9/18/2020 Kostya Kortchinsky - RENATER 5
Traffic going to RENATER 9/18/2020 Kostya Kortchinsky - RENATER 6
Number of Flows 9/18/2020 Kostya Kortchinsky - RENATER 7
Security Issues 9/18/2020 Kostya Kortchinsky - RENATER 8
Viruses, Trojans, and Other Malware • A virus is a piece of programming code usually disguised as something else that causes some unexpected and usually undesirable event. • A virus is often designed so that it is automatically spread to other computer users. • Viruses can be transmitted as attachments to an e-mail note, as downloads, or be present on a diskette or CD. 9/18/2020 Kostya Kortchinsky - RENATER 9
Dissemination • By the software itself – Its popularity makes it a very valuable infection vector 9/18/2020 Kostya Kortchinsky - RENATER 10
Dl. Der • http: //www. grokster. com 1 January 2002 « It has recently come to our attention that our previous Grokster installer for about a three week period contained a program being called by the anti-virus companies W 32. Dl. Der. Trojan. This program was apparently installed by one of our advertisers, Click. Til. UWin. » 9/18/2020 Kostya Kortchinsky - RENATER 11
Dissemination • By the content provided – Each user acts as a server for each other user • No centralized server to upload and download files • No way for the software developer to check the content provided • Protection is up to the user – A downloaded file is usually made available immediately for upload to other users 9/18/2020 Kostya Kortchinsky - RENATER 12
Dissemination • http: //www. kazaa. com/en/help/virus. htm « Most files that are accessible using Kazaa Media Desktop originate from other users. This means that there will always be the risk of irresponsible users introducing viruses. » • P 2 P File-Sharing networks have become a very easy mean to spread viruses 9/18/2020 Kostya Kortchinsky - RENATER 13
Example • Win 32/Merkur. A@mm (2002 -11 -01) – Mass mailing Internet worm in VB 6 – Also spreads via • IRC network (using m. IRC) • P 2 P network (using Kazaa, e. Donkey, Bear. Share) – Copies itself to • C: Program FilesKazaaMy Shared FolderIPspoofer. exe • C: Program FilesKazaaMy Shared FolderVirtual Sex Simulator. exe 9/18/2020 Kostya Kortchinsky - RENATER 14
Example • Win 32/HLLW. Gool. B (2003 -02 -14) – Backdoor with trojan and internet worm capabilities in Delphi – Sets in the registry the sharing folders for Kazaa to C: WindowsSys 32 – Copies itself in this folder to • Britney. jpg. exe • Catherine_Zeta_Jones_Nude. jpg. exe • X_Box_Emulator. txt. exe 9/18/2020 Kostya Kortchinsky - RENATER 15
Screenshot XBOX Emulator search results on Ka. Za. A 9/18/2020 Kostya Kortchinsky - RENATER 16
Screenshot NO CD search results on e. Mule 9/18/2020 Kostya Kortchinsky - RENATER 17
Information Disclosure 9/18/2020 Kostya Kortchinsky - RENATER 18
Spyware • In general, spyware is any technology that aids in gathering information about a person or organization without their knowledge. • On the Internet, spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. 9/18/2020 Kostya Kortchinsky - RENATER 19
Screenshot 9/18/2020 Kostya Kortchinsky - RENATER 20
Sharing Private Data • The risk is great that unintended files will be shared – Users may often be sharing private data without being aware of it – Although theoretically the user controls what subdirectories he/she makes available to peer users, sometimes more subdirectories are shared than is known or intended 9/18/2020 Kostya Kortchinsky - RENATER 21
Screenshot Downloading 260 megabytes Inbox file from Ka. Za. A 9/18/2020 Several Inbox. dbx in search results from e. Donkey Kostya Kortchinsky - RENATER 22
Example To: « Pierre Dupont » <pierre. dupont@xxxxxxx. fr> Subject: Votre mot de passe From: membre@yyyy. fr Reply-To: membre@yyyy. fr Date: Tue, 22 Oct 2002 18: 29: 37 +0200 Cher(e) membre, Vous avez oublie votre mot de passe, le voici : zzzzzz A tres bientot sur www. yyyy. fr L'equipe Yyyy ! 9/18/2020 Kostya Kortchinsky - RENATER 23
System Compromise 9/18/2020 Kostya Kortchinsky - RENATER 24
Bear. Share Advice • http: //www. bearshare. com/help/citizen. htm « You don't need to get rid of your firewall completely, you just need to "drill a hole" in it for Bear. Share. It won't decrease your security because Bear. Share doesn't contain any security holes. Please read Bear. Share Firewall Tutorial for instructions how to configure your firewall. » 9/18/2020 Kostya Kortchinsky - RENATER 25
Bear. Share Directory Traversal • http: //www. securityfocus. com/bid/5888 « The Bear. Share webserver is prone to directory traversal attacks. This may allow remote attackers to break out of the web root directory and browse the filesystem of the host running the software. This issue is a variant of the vulnerability described in Bugtraq ID 2672. The variant issue was unsuccessfully addressed in version 4. 0. 6. It is still possible to disclose files with a malicious URL encoded request to the webserver. » 9/18/2020 Kostya Kortchinsky - RENATER 26
e. Donkey 2000 Buffer Overflow • http: //www. securityfocus. com/bid/4951 « The e. Donkey 2000 Windows client includes a handler for a custom URI, ed 2 k: //. It has been reported that the handler for e. Donkey 2000 is vulnerable to a buffer overflow condition when parsing maliciously constructed URIs. This may be exploited to crash the user's browser or execute arbitrary code on the victim client. » 9/18/2020 Kostya Kortchinsky - RENATER 27
Kazaa Buffer Overflow • http: //www. securityfocus. com/bid/6747 « Ka. Za. A version 2. 0. 2 is vulnerable to a denial of service attack caused by a buffer overflow. By sending a malicious response to an affected system for the automated advertisement download, a remote attacker could overflow a buffer and cause the system to crash or possibly execute code on the system. » 9/18/2020 Kostya Kortchinsky - RENATER 28
SETI@home Buffer Overflow • http: //spoor 12. edup. tudelft. nl « The SETI@home clients use the HTTP protocol to download new workunits, user information and to register new users. There is a bufferoverflow in the server responds handler. Sending an overly large string followed by a newline ('n') character to the client will trigger this overflow. » 9/18/2020 Kostya Kortchinsky - RENATER 29
Solutions 9/18/2020 Kostya Kortchinsky - RENATER 30
JANET-CERT • http: //www. ja. net/CERT/JANETCERT/prevention/peer-to-peer. html – «. . . In an aim to improve the security of our network, as well as hopefully reduce bandwidth, particularly outgoing, we have decided to block Peer To Peer (P 2 P) file sharing. Research has revealed the following TCP/IP are used, and the software that uses them. Links to the software itself can be found with the list of ports. . . » 9/18/2020 Kostya Kortchinsky - RENATER 31
University of Chicago • Disabling Peer to Peer File Sharing – http: //security. uchicago. edu/peer-topeer/no_fileshare. shtml 9/18/2020 Kostya Kortchinsky - RENATER 32
Thank You ! Questions ? 9/18/2020 Kostya Kortchinsky - RENATER 33
- Kostya kortchinsky
- Kostya serebryany
- Security private
- Datagram network diagram
- Features of peer to peer network and client server network
- Pros and cons of peer to peer network
- Backbone networks in computer networks
- Annotazioni sulla verifica effettuata peer to peer
- Peer-to-peer
- Tim beamer
- Peer to peer transactional replication
- Gambar topologi peer to peer
- Registro peer to peer compilato
- Esempi di peer to peer compilati scuola primaria
- Relazione finale tutor tirocinio esempio
- Peer to peer l
- Peer to peer merupakan jenis jaringan… *
- Bitcoin: a peer-to-peer electronic cash system
- Ambiti operativi da supportare
- Peer-to-peer communication in osi model
- Peer to peer vorteile nachteile
- Node lookup in peer to peer network
- Peer-to-peer o que é
- Peer to peer computing environment
- Peer to peer intervention
- Peer-to-peer o que é
- Peer-to-peer o que é
- Peer to peer network hardware
- Peer to peer chat application in java
- Jaringan peer to peer diistilahkan dengan
- Next generation security platform
- Pearson vue pcnse
- Sinkhole palo alto
- Next generation security platform