ETE405 :: Lecture 22

Click Dr. Mashiur to edit Master ah!a"subtitle style

3/24/10

#$ tele%ho"y security

3/24/10

Tar&eti"& Layers o' #$ Tele%ho"y

Endpoints(%ho"es) clie"ts) a"d &ate*ays are susce%tible to distributed de"ial o' ser+ice attacks as hosts that e"able +iruses) toll 'raud) a"d ea+esdro%%i"&. Applications(like e"d%oi"ts) so't*are %roducts ru""i"& o" co!%uters ca" be +icti!s or hosts i" distributed de"ial o' ser+ice a"d +irus attacks or as s%a! tar&ets. Session Control(#$ tele%ho"y syste!s ha+e ce"trali,ed so't*are ser+ices to coordi"ate "et*ork resources 'or the i"teractio" o' a%%licatio"s a"d e"d%oi"ts. Network(*ireless access %oi"ts) s*itches) a"d routers are +ul"erable to %acket 'loods caused by +iruses a"d distributed de"ial o' ser+ice attacks.

3/24/10

Distributed De"ial o' -er+ice .DDo-/

Distributed De"ial o' -er+ice .DDo-/ attacks are desi&"ed to 'lood a tar&et co!%uter) "et*ork) or "et*ork li"k *ith a" o+er*hel!i"& "u!ber o' s%urious ser+ice re0uests or !al'or!ed %ackets) %re+e"ti"& the reaso"able ha"dli"& o' le&iti!ate %ackets a"d ser+ice re0uests. 1u"dreds or thousa"ds o' co!%uters co"tribute a ti"y %ortio" o' their %rocessi"& %o*er to this distributed assault) !aki"& detectio" o' the resulti"& !ayhe! di''icult. #" a&&re&ate) they 'or! a co"siderable threat. These attacks use a "et*ork o' u"sus%ecti"& a&e"ts .co!%uters/ to de%osit si!%le a&e"t %ro&ra!s that liste" 'or attack co!!a"ds o" i""ocuous #"ter"et elay Chat ser+ices) le+era&i"& ide"ti'ied o%erati"& syste! +ul"erabilities. 1a"dlers recruit a"d co"trol these "et*orks o' a&e"ts. 2" co!!a"d 'ro! the clie"t) they u"leash the! o"to the tar&et.

3/24/10

T$ -ecurity #ssues Call Ea+esdro%%i"&

3

Ca%turi"& T$ 'lo*s. T$ uses sta"dard codec to e"code audio data it carries. The !ai" *eak"ess o' T$ e4%loited i" this case is that i"'or!atio" o" the used codec is a+ailable i" the header o' e+ery T$ %acket) +ia the $T header 'ield. esult: Liste"/record co"+ersatio"s. Liste" DTM6 to"es to steal %ass*ords a"d $#7s.

Tools 'or co"ducti"& this attack are already 'reely a+ailable o" the #"ter"et) &reatly i"creasi"& the %ote"tial o' this ty%e o' attack.

3/24/10

T$ De"ial o' -er+ice .Do-/

T$ 'aces a collisio" situatio" *he" it tries to recei+e %ackets 'ro! 2 di''ere"t sources *ith sa!e -- C .-y"chro"i,atio" -ource/. Collisio" Ma"a&e!e"t $rocess by T$8 -ource : -e"d a" TC$ ;<E !essa&e to the recei+er a"d choose a "e* -- C. ecei+er8 Discard the %ackets 'ro! o"e source a"d kee% %ackets 'ro! other. 2 Do- attacks are $ossible8 >ttacker steals the -- C o' o"e o' the %eers a"d uses it 'or its o*" T$ !essa&es to other %eers. esult8 The recei+er has to select o"e o' sources a"d this selectio" ca" e''ecti+ely e?ect a @o#$ user 'ro! a sessio". >ttacker se"ds T$ !essa&e to a source *ith sa!e -- C *hat is usi"& by this source. esult8 The source has to sto% the sessio" a"d choose a "e* -- C 'or a+oidi"& 3/24/10 the collisio". This results the #"terru%tio" i" co"+ersatio".

=
5

T$ %lay8out

-a!e -- C) hi&her se0ue"ce "u!ber) hi&her ti!esta!% esult: The 'ake co"te"t *ill be %layed be'ore the real o"e

#' a" attacker k"o*s the -- C o' o"e o' the %eers) he should be able to 'or&e !essa&es *ith the sa!e -- C a"d #$ characteristics) but *ith hi&her timestamp a"d sequence "u!ber T$ +alues tha" the le&iti!ate o"es. >t the recei+er e"d) the T$ a%%licatio" *ill %rocess the attackers packets first and discard the legitimate packets since they have invalid, older, timestamps. This attack results i" the 'ake co"te"t bei"& %layed be'ore the real audio co"te"t. This attack ca" be see" as a ty%e o' De"ial o' -er+ice. 3/24/10

-#$ ;ased -ecurity #ssues

0
9

De"ial o' -er+ice .Do-/ >ttacks

#CM$ Error Messa&e .such as $ort A"reachable) $rotocol A"reachable) 7et*ork A"reachable or e+e" 1ost A"reachable/ se"t to the tar&et *here a caller is se"di"& -#$ .o+er AD$/ !essa&es. esult: #t *ill ter!i"ate the si&"ali"& a"d the call i" a"y state .AD$ is asy"chro"ous %rotocol/.

Asi"& -#$ C>7CEL !essa&e. $re+e"ti"& A>s 'ro! !aki"& a"d recei+i"& calls. Maki"& A>s dro% the call.

Asi"& -#$ ;<E !essa&e. Maki"& A>s dro% the call.

3/24/10

$re+e"ti"& -#$ Clie"t8> 'ro! !aki"& call.

-#$ Clie"t8> dro%s the call ?ust i"itiated.

The attacker !essa&es ca"cel a %e"di"& re0uest *ith the sa!e Call8#D) T2) 6ro!) a"d Cse0 'ields.

3/24/10

Call Hi acking >'ter #7@#TE !essa&e) a 301

BMo+ed $er!a"e"tlyC !essa&e *ould hi?ack the call to*ards *hoe+er the attacker decides .hi!sel' o' a"other clie"t/.

!dentity "heft e&isteri"& address i"stead o' other

.i' re0uires authe"ticatio" !i&ht use a"other ty%e o' attack/

3/24/10