Resourcebased Attacks Attacking Networks ResourceBased Attacks Resourcebased attacks
![Resource-based Attacks Resource-based Attacks](https://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-1.jpg)
Resource-based Attacks
![Attacking Networks Resource-Based Attacks • Resource-based attacks are designed to gain access to additional Attacking Networks Resource-Based Attacks • Resource-based attacks are designed to gain access to additional](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-2.jpg)
Attacking Networks Resource-Based Attacks • Resource-based attacks are designed to gain access to additional resources for the attacker. • Basically, taking over machines in order to set up illicit servers on them.
![Attacking Networks Resource-Based Attacks • Some resource-based attack examples - Attacking Networks Resource-Based Attacks • Some resource-based attack examples -](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-3.jpg)
Attacking Networks Resource-Based Attacks • Some resource-based attack examples -
![Attacking Networks Resource-Based Attacks • Data storage (ftp) servers to store files (e. g. Attacking Networks Resource-Based Attacks • Data storage (ftp) servers to store files (e. g.](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-4.jpg)
Attacking Networks Resource-Based Attacks • Data storage (ftp) servers to store files (e. g. illicit copies of software and media). – Warez.
![Attacking Networks Resource-Based Attacks • Message (IRC) servers to host chat sessions. Attacking Networks Resource-Based Attacks • Message (IRC) servers to host chat sessions.](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-5.jpg)
Attacking Networks Resource-Based Attacks • Message (IRC) servers to host chat sessions.
![Attacking Networks Resource-Based Attacks • Mail servers to send spam. Attacking Networks Resource-Based Attacks • Mail servers to send spam.](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-6.jpg)
Attacking Networks Resource-Based Attacks • Mail servers to send spam.
![Attacking Networks Resource-Based Attacks • Computers from which to launch subsequent attacks (zombies, bots). Attacking Networks Resource-Based Attacks • Computers from which to launch subsequent attacks (zombies, bots).](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-7.jpg)
Attacking Networks Resource-Based Attacks • Computers from which to launch subsequent attacks (zombies, bots).
![Attacking Networks Resource-Based Attacks • Resource-based attacks typically are intrusion attacks. • That is, Attacking Networks Resource-Based Attacks • Resource-based attacks typically are intrusion attacks. • That is,](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-8.jpg)
Attacking Networks Resource-Based Attacks • Resource-based attacks typically are intrusion attacks. • That is, the attacker gains control of the computer in order to set up their desired illicit server(s).
![Data-based Attacks Data-based Attacks](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-9.jpg)
Data-based Attacks
![Attacking Networks Data-Based Attacks • Data-based attacks are designed to steal or modify data. Attacking Networks Data-Based Attacks • Data-based attacks are designed to steal or modify data.](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-10.jpg)
Attacking Networks Data-Based Attacks • Data-based attacks are designed to steal or modify data. • Basically, high-tech theft and fraud. • These are also intrusion-based attacks, so the attacker can gain access to the data to steal or alter it.
![Attacking Networks Data-Based Attacks • Recent thefts of credit card data from a credit Attacking Networks Data-Based Attacks • Recent thefts of credit card data from a credit](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-11.jpg)
Attacking Networks Data-Based Attacks • Recent thefts of credit card data from a credit card purchase processing firm are high profile data-based attacks. • The attackers stole large number of credit card numbers, and possibly other data that can be used for fraudulent purchases or possibly identity theft.
![Reconnaissance Reconnaissance](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-12.jpg)
Reconnaissance
![Attacking Networks Reconnaissance • Before mounting an exploit, an attacker needs reconnaissance - they Attacking Networks Reconnaissance • Before mounting an exploit, an attacker needs reconnaissance - they](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-13.jpg)
Attacking Networks Reconnaissance • Before mounting an exploit, an attacker needs reconnaissance - they need to know what attacks will work on their intended targets. – Or, viewed alternately, which servers are vulnerable to their chosen attack(s).
![Attacking Networks Port Scanning • Port scanning is part of that reconnaissance. • The Attacking Networks Port Scanning • Port scanning is part of that reconnaissance. • The](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-14.jpg)
Attacking Networks Port Scanning • Port scanning is part of that reconnaissance. • The purpose of port scanning is to see which, if any, services a computer is offering.
![Attacking Networks Port Scanning • In port scanning, 1. the attacker runs a program Attacking Networks Port Scanning • In port scanning, 1. the attacker runs a program](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-15.jpg)
Attacking Networks Port Scanning • In port scanning, 1. the attacker runs a program that attempts to open a connection on each of the ports of a potential victim machine. 2. The program sees which ports respond.
![Attacking Networks Port Scanning • Those ports that respond represent services that the computer Attacking Networks Port Scanning • Those ports that respond represent services that the computer](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-16.jpg)
Attacking Networks Port Scanning • Those ports that respond represent services that the computer is offering over the network.
![](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-17.jpg)
![](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-18.jpg)
![Attacking Networks Port Scanning • By knowing what services a potential victim machine is Attacking Networks Port Scanning • By knowing what services a potential victim machine is](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-19.jpg)
Attacking Networks Port Scanning • By knowing what services a potential victim machine is offering, that attacker can then determine potential vulnerabilities that they can exploit. • For example, perhaps they are running a version of the IIS web server that has a buffer -overrun vulnerability.
![Sniffing Sniffing](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-20.jpg)
Sniffing
![Attacking Networks Sniffing • One major security vulnerability is the digital network equivalent of Attacking Networks Sniffing • One major security vulnerability is the digital network equivalent of](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-21.jpg)
Attacking Networks Sniffing • One major security vulnerability is the digital network equivalent of eavesdropping or wiretapping - sniffing. • On many common types of networks, all of the computers on the local network see all of the packets on that network. • Ethernet, the most common type of non-wireless network, can have this property.
![Attacking Networks Sniffing • A computer on the local network can engage in sniffing. Attacking Networks Sniffing • A computer on the local network can engage in sniffing.](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-22.jpg)
Attacking Networks Sniffing • A computer on the local network can engage in sniffing. • Sniffing is capturing a copy of the packets that are on the local network. • The packets can then be analyzed for useful data, – User IDs and passwords, – Technical information that might be useful for an attack – Other valuable information, e. g. credit card numbers, keys for access to software.
![](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-23.jpg)
![Module Eight Worms Module Eight Worms](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-24.jpg)
Module Eight Worms
![Worms • As discussed previously, worms are malicious software that is used to attack Worms • As discussed previously, worms are malicious software that is used to attack](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-25.jpg)
Worms • As discussed previously, worms are malicious software that is used to attack computers. • Although a worm can be spread in other manners, they are most at home on computer networks.
![Worms Sniffing • Many modern worms install sniffers once they have taken over a Worms Sniffing • Many modern worms install sniffers once they have taken over a](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-26.jpg)
Worms Sniffing • Many modern worms install sniffers once they have taken over a victim computer.
![Worms Infecting New Machines • They can find other machines to infect, either – Worms Infecting New Machines • They can find other machines to infect, either –](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-27.jpg)
Worms Infecting New Machines • They can find other machines to infect, either – By targeting IP addresses at random, or – Attacking specific machines or networks. • The speed of modern computers and networks allow worms to target very large numbers of potential victims.
![](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-28.jpg)
![The Slammer Worm The Slammer Worm](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-29.jpg)
The Slammer Worm
![Worms Slammer Worm • The Slammer worm was first seen in January 2003. – Worms Slammer Worm • The Slammer worm was first seen in January 2003. –](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-30.jpg)
Worms Slammer Worm • The Slammer worm was first seen in January 2003. – It attacked computers running a Microsoft database server. – It exploited a buffer overflow in the database software to propagate.
![Worms Slammer Worm • Infected machines randomly scanned the Internet, looking for servers that Worms Slammer Worm • Infected machines randomly scanned the Internet, looking for servers that](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-31.jpg)
Worms Slammer Worm • Infected machines randomly scanned the Internet, looking for servers that responded to UDP port 1434. – When it found one, it sent the bufferoverflowing message.
![Worms Slammer Worm • Not only did the random scanning help the worm spread Worms Slammer Worm • Not only did the random scanning help the worm spread](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-32.jpg)
Worms Slammer Worm • Not only did the random scanning help the worm spread rapidly, all of the scanning traffic had the side-effect of causing denial of service attacks.
![](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-33.jpg)
![Worms Slammer Worm • The vulnerability the Slammer Worm exploited was not new at Worms Slammer Worm • The vulnerability the Slammer Worm exploited was not new at](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-34.jpg)
Worms Slammer Worm • The vulnerability the Slammer Worm exploited was not new at the time. – The vulnerability had been publicly known, and a patch available since the previous summer (2002). • Systems that were infected by the worm had not been patched. – Roughly speaking, patching is modifying the software to close the vulnerability.
![Worms Slammer Worm • The worm did not have a malicious payload. • But, Worms Slammer Worm • The worm did not have a malicious payload. • But,](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-35.jpg)
Worms Slammer Worm • The worm did not have a malicious payload. • But, it still had substantial effects – The worm infected computers at Ohio's Davis. Besse nuclear plant, disrupting plant safety systems. • Operators believed that a firewall would keep them safe. – Airline flights were cancelled. – ATM service was disrupted.
![Worms Slammer Worm • The Slammer worm spread through the entire Internet in 10 Worms Slammer Worm • The Slammer worm spread through the entire Internet in 10](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-36.jpg)
Worms Slammer Worm • The Slammer worm spread through the entire Internet in 10 minutes, infecting ~90% of all vulnerable servers.
![](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-37.jpg)
![](http://slidetodoc.com/presentation_image_h/dec6c22f742e4ffc9111f6e97e47eb91/image-38.jpg)
- Slides: 38