Attacks and

Vulnerabilities
Ilya Chalyt
Nicholas Egebo

March 7 2005
 Topics of Discussion
Reconnaissance
Gain information about a system
Vulnerabilities
Attributes of a system that can be maliciously
exploited
Attacks
Procedures to exploit vulnerabilities

Reference 1
 Topics of Discussion
Reconnaissance
 War Dialing
 War Driving
 Port Scanning
 Probing
 Packet Sniffing
War Dialing (Reconnaissance)
Method Detection
Dial a range of phone Detection impossible
numbers searching for outside of the
modem telephony
infrastructure

Motivation Defense
Locate potential targets Disconnect unessential
modems from
outgoing phone lines

Reference 2
War Driving (Reconnaissance)
Method Detection
Surveillance of wireless Can only be detected by
signals in a region physical surveillance

Motivation
Find wireless traffic Defense
Limit geographic access
to wireless signal

Reference 3
Port Scanning (Reconnaissance)
Method Detection
Send out a SYN packet, Traffic analysis
check for response

Motivation Defense
Find potential targets Close/silence ports

Reference 4
 Probing (Reconnaissance)
Method Detection
Send packets to ports Traffic analysis

Motivation
Find specific port Defense
information Close/silence ports
Packet Sniffing (Reconnaissance)
Method Detection
Capture and analyze None
packets traveling
across a network
interface

Defense
Motivation
Use encryption to
Gain access to minimize cleartext on
information traveling the network
on the network

Reference 5
 Topics of Discussion
Vulnerabilities
 Backdoors
 Code Exploits
 Eavesdropping
 Indirect Attacks
 Social Engineering
 Backdoors (Vulnerabilities)
Bypass normal means of authentication
Hidden from casual inspection
Installed separately or integrated into
software

Reference 6
Code Exploits (Vulnerabilities)
Use of poor coding practices left uncaught
by testing

Defense: In depth unit and integration

testing
Eavesdropping (Vulnerability)
Data transmitted without encryption can be
captured and read by parties other than
the sender and receiver

Defense: Use of strong cryptography to

minimize cleartext on the network
Indirect Attacks (Vulnerabilities)
Internet users’ machines can be infected
with zombies and made to perform attacks
The puppet master is left undetected

Defense: Train internet users to prevent

zombies and penalize zombie owners
Social Engineering (Vulnerability)
Manipulate the weakest link of
cybersecurity – the user – to gain access
to otherwise prohibited resources

Defense: Train personnel to resist the

tactics of software engineering

Reference 7
 Topics of Discussion
Attacks
 Password Cracks
 Web Attacks
 Physical Attacks
 Worms & Viruses
 Logic Bomb
 Buffer Overflow
 Phishing
 Bots, and Zombies
 Spyware, Adware, and Malware
 Hardware Keyloggers
 Eavesdropping & Playback attacks
 DDoS
Password Cracks: Brute Force
Method Detection
Trying all combinations Frequent attempts to
of legal symbols as authenticate
username/password
pairs

Defense
Motivation Lockouts – temporary
Gain access to system and permanent

Reference 8
Password Cracks: Dictionary Attack
Method Detection
Trying all entries in a Frequent attempts to
collection of strings authenticate

Motivation Defense
Gain access to system,  Lockouts – temporary
faster than brute force and permanent
 Complex passwords

Reference 8
 Password Cracks: Hybrid Attack
Method Detection
Trying all entries in a Frequent attempts to
collection of strings adding authenticate
numbers and symbols
concatenating them with
each other and or numbers

Motivation
Defense
Gain access to system, faster
than brute force, more Lockouts – temporary and
likely than just dictionary permanent
attack

Reference 8
 Password Cracks: l0phtcrack
Method Detection
Gain access to operating Detecting reading of
system’s hash table hash table
and perform cracking
remotely

Defense
Motivation Limit access to system
Gain access to system,
cracking elsewhere –
no lockouts

Reference 8
 Web Attacks: Source Viewing
Method Detection
Read source code for None
valuable information

Motivation Defense
Find passwords or None
commented out URL
 Web Attacks: URL Modification
Method Detection
Manipulating URL to find Check website URL logs
pages not normally
accessible

Defense
Motivation Add access
Gain access to normally requirements
private directories or
pages
 Web Attacks: Post Data
Method Detection
Change post data to get None
desired results

Motivation Defense
Change information Verify post data on
being sent in your receiving end
favor
 Web Attacks: Database Attack
Method Detection
Sending dangerous Check database for
queries to database strange records

Motivation Defense
Denial of service Filter database queries

Reference 9
Web Attacks: Database Insertion
Method Detection
Form multiple queries to Check database logs
a database through
forms

Defense
Motivation Filter database queries,
Insert information into a make them quotesafe
table that might be
unsafe

Reference 9
 Web Attacks: Meta Data
Method Detection
Use meta characters to Website logs
make malicious input

Motivation Defense
Possibly reveal script or Filter input of meta
other useful characters
information

Reference 10
 Physical Attack: Damage
Method Detection
Attack the computer with Video Camera
an axe

Motivation Defense
Disable the computer Locked doors and
placed security guards
 Physical Attack: Disconnect
Method Detection
Interrupt connection Pings
between two elements
of the network

Defense
Motivation Locked doors and
Disable the network placed security guards
 Physical Attack: Reroute
Method Detection
Pass network signal Camera
through additional
devices

Defense
Motivation Locked doors and
Monitor traffic or spoof a placed security guards
portion of the network
Physical Attack: Spoof MAC & IP
Method Detection
Identify MAC address of Monitoring ARP requests
target and replicate and checking logs

Motivation
Deny target from Defense
receiving traffic None as of now
 Worms & Virus: File Infectors
Method Detection
Infects executables by Virus scan or strange
inserting itself into computer behavior
them

Motivation Defense
Damage files and spread Antivirus, being cautious
on the internet

Reference 10
Worms & Virus: Partition-sector Infectors

Method Detection
 Moves partition sector Virus scan or strange
 Replaces with self computer behavior
 On boot executes and
calls original
information
Defense
Motivation Antivirus, being cautious
Damage files and spread on the internet

Reference 10
 Worms & Virus: Boot-sector virus

Method Detection
Replaces boot loader, Virus scan or strange
and spreads to hard computer behavior
drive and floppies

Motivation Defense
Damage files and spread Antivirus, being cautious
on the internet

Reference 10
Worms & Virus: Companion Virus
Method Detection
Locates executables and Virus scan or strange
mimics names, computer behavior
changing the
extensions

Defense
Motivation Antivirus, being cautious
Damage files and spread on the internet

Reference 10
 Worms & Virus: Macro Virus
Method Detection
Infects documents, when Virus scan or strange
document is accessed, computer behavior
macro executes in
application

Defense
Motivation Antivirus, being cautious
Damage files and spread on the internet

Reference 10
 Worms & Virus: Worms
Method Detection
Replicates Virus scan or strange
computer behavior

Motivation Defense
Variable motivations Antivirus, being cautious
on the internet

Reference 11
 Logic Bomb
Method Detection
Discreetly install “time bomb” Strange computer behavior
and prevent detonation if
necessary

Defense
Motivation  Keep and monitor logs
Revenge, synchronized  Monitor computer systems
attack, securing get away closely
 Buffer Overflow
Method
Pass too much information to
the buffer with poor
checking
Motivation
Modify to information and/or
execute arbitrary code
Detection
Logs
Defense
 Check input size before
copying to buffer
 Guard return address
against overwrite
 Invalidate stack to execute
instructions
Reference 12 & 13
 Phishing
Method Detection
Request information from a Careful examination of
mass audience, collect requests for information
response from the gullible

Motivation Defense
Gain important information Distribute on a need to know
basis
 Bots & Zombies
Method Detection
Installed by virus or worm,  Network analysis
allow remote unreserved  Virus scans
access to the system  Notice unusual behavior

Motivation Defense
Gain access to additional Install security patches and
resources, hiding your be careful what you
identity download
 Spyware, Adware, and Malware

Method Detection
Installed either willingly by the  Network analysis
user via ActiveX or as part  Abnormal computer
of a virus package behavior

Motivation Defense
 Gain information about the Virus / adware / spyware /
user malware scans
 Serve users
advertisements
 Hardware Keyloggers
Method Detection
Attach it to a computer Check physical
connections

Motivation Defense
Record user names, Cameras and guards
passwords, and other
private information
 Eavesdropping
Method Detection
 Record packets to the None
network
 Attempt to decrypt
encrypted packets

Motivation Defense
Gain access to user data Strong cryptography
 Playback Attack
Method Detection
 Record packets to the Network analysis
network
 Resend packets without
decryption

Motivation Defense
Mimic legitimate commands Time stamps
 DDoS: CPU attack
Method Detection
Send data that requires Network analysis
cryptography to process

Motivation Defense
Occupy the CPU preventing None
normal operations

Reference 14
 DDoS: Memory attack
Method Detection
Send data that requires the Network analysis
allocation of memory

Motivation Defense
Take up resources, crashing None
the server when they are
exhausted

Reference 14
 References
1. Amoroso, Edward. Intrusion Detection. Sparta, New Jersey: AT&T Laboratories, 1999.
2. Gunn, Michael. War Dialing. SANS Institute, 2002.
3. Schwarau, Winn. “War-driving lessons,” Network World, 02 September 2002.
4. Bradley, Tony. Introduction to Port Scanning. 2005.
<http://netsecurity.about.com/cs/hackertools/a/aa121303.htm> (04 March 2005).
5. Bradley, Tony. Introduction to Packet Sniffing. 2005.
<http://netsecurity.about.com/cs/hackertools/a/aa121403.htm> (05 March 2005).
6. Thompson, Ken. “Reflections on Trusting Trust.” Communications of the ACM, Vol. 27, No. 8,
August 1985.
7. Mitnick, Kevin. The Art of Deception. Indianapolis, Indiana, 2002.
8. Coyne, Sean. Password Crackers: Types, Process and Tools. ITS Research Labs, 2004
9. Friel, Steve. SQL Injection Attacks by Example. 2005 <http://www.unixwiz.net/techtips/sql-
injection.html> (05 March 2005)
10. Lucas, Julie. The Effective Incident Response Team. Chapter 4. 2003
11. Worms versus Viruses. 2004. <http://viruses.surferbeware.com/worms-vs-viruses.htm> (06
March 2005)
12. Grove, Sandeep. “Buffer Overflow Attacks and Their Countermeasures.” Linux Journal. 10
March 2003
13. Levy, Elias. “Smashing the Stack for Fun and Profit”. Phrack Magazine Issue 49, Fall 1997.
14. Distributed Denial of Service. 2002 <http://www.tla.org/talks/ddos-ntua.pdf> (05 March 2005)