Professional Documents
Culture Documents
Vulnerabilities
Ilya Chalyt
Nicholas Egebo
March 7 2005
Topics of Discussion
Reconnaissance
Gain information about a system
Vulnerabilities
Attributes of a system that can be maliciously
exploited
Attacks
Procedures to exploit vulnerabilities
Reference 1
Topics of Discussion
Reconnaissance
War Dialing
War Driving
Port Scanning
Probing
Packet Sniffing
War Dialing (Reconnaissance)
Method Detection
Dial a range of phone Detection impossible
numbers searching for outside of the
modem telephony
infrastructure
Motivation Defense
Locate potential targets Disconnect unessential
modems from
outgoing phone lines
Reference 2
War Driving (Reconnaissance)
Method Detection
Surveillance of wireless Can only be detected by
signals in a region physical surveillance
Motivation
Find wireless traffic Defense
Limit geographic access
to wireless signal
Reference 3
Port Scanning (Reconnaissance)
Method Detection
Send out a SYN packet, Traffic analysis
check for response
Motivation Defense
Find potential targets Close/silence ports
Reference 4
Probing (Reconnaissance)
Method Detection
Send packets to ports Traffic analysis
Motivation
Find specific port Defense
information Close/silence ports
Packet Sniffing (Reconnaissance)
Method Detection
Capture and analyze None
packets traveling
across a network
interface
Defense
Motivation
Use encryption to
Gain access to minimize cleartext on
information traveling the network
on the network
Reference 5
Topics of Discussion
Vulnerabilities
Backdoors
Code Exploits
Eavesdropping
Indirect Attacks
Social Engineering
Backdoors (Vulnerabilities)
Bypass normal means of authentication
Hidden from casual inspection
Installed separately or integrated into
software
Reference 6
Code Exploits (Vulnerabilities)
Use of poor coding practices left uncaught
by testing
Reference 7
Topics of Discussion
Attacks
Password Cracks
Web Attacks
Physical Attacks
Worms & Viruses
Logic Bomb
Buffer Overflow
Phishing
Bots, and Zombies
Spyware, Adware, and Malware
Hardware Keyloggers
Eavesdropping & Playback attacks
DDoS
Password Cracks: Brute Force
Method Detection
Trying all combinations Frequent attempts to
of legal symbols as authenticate
username/password
pairs
Defense
Motivation Lockouts – temporary
Gain access to system and permanent
Reference 8
Password Cracks: Dictionary Attack
Method Detection
Trying all entries in a Frequent attempts to
collection of strings authenticate
Motivation Defense
Gain access to system, Lockouts – temporary
faster than brute force and permanent
Complex passwords
Reference 8
Password Cracks: Hybrid Attack
Method Detection
Trying all entries in a Frequent attempts to
collection of strings adding authenticate
numbers and symbols
concatenating them with
each other and or numbers
Motivation
Defense
Gain access to system, faster
than brute force, more Lockouts – temporary and
likely than just dictionary permanent
attack
Reference 8
Password Cracks: l0phtcrack
Method Detection
Gain access to operating Detecting reading of
system’s hash table hash table
and perform cracking
remotely
Defense
Motivation Limit access to system
Gain access to system,
cracking elsewhere –
no lockouts
Reference 8
Web Attacks: Source Viewing
Method Detection
Read source code for None
valuable information
Motivation Defense
Find passwords or None
commented out URL
Web Attacks: URL Modification
Method Detection
Manipulating URL to find Check website URL logs
pages not normally
accessible
Defense
Motivation Add access
Gain access to normally requirements
private directories or
pages
Web Attacks: Post Data
Method Detection
Change post data to get None
desired results
Motivation Defense
Change information Verify post data on
being sent in your receiving end
favor
Web Attacks: Database Attack
Method Detection
Sending dangerous Check database for
queries to database strange records
Motivation Defense
Denial of service Filter database queries
Reference 9
Web Attacks: Database Insertion
Method Detection
Form multiple queries to Check database logs
a database through
forms
Defense
Motivation Filter database queries,
Insert information into a make them quotesafe
table that might be
unsafe
Reference 9
Web Attacks: Meta Data
Method Detection
Use meta characters to Website logs
make malicious input
Motivation Defense
Possibly reveal script or Filter input of meta
other useful characters
information
Reference 10
Physical Attack: Damage
Method Detection
Attack the computer with Video Camera
an axe
Motivation Defense
Disable the computer Locked doors and
placed security guards
Physical Attack: Disconnect
Method Detection
Interrupt connection Pings
between two elements
of the network
Defense
Motivation Locked doors and
Disable the network placed security guards
Physical Attack: Reroute
Method Detection
Pass network signal Camera
through additional
devices
Defense
Motivation Locked doors and
Monitor traffic or spoof a placed security guards
portion of the network
Physical Attack: Spoof MAC & IP
Method Detection
Identify MAC address of Monitoring ARP requests
target and replicate and checking logs
Motivation
Deny target from Defense
receiving traffic None as of now
Worms & Virus: File Infectors
Method Detection
Infects executables by Virus scan or strange
inserting itself into computer behavior
them
Motivation Defense
Damage files and spread Antivirus, being cautious
on the internet
Reference 10
Worms & Virus: Partition-sector Infectors
Method Detection
Moves partition sector Virus scan or strange
Replaces with self computer behavior
On boot executes and
calls original
information
Defense
Motivation Antivirus, being cautious
Damage files and spread on the internet
Reference 10
Worms & Virus: Boot-sector virus
Method Detection
Replaces boot loader, Virus scan or strange
and spreads to hard computer behavior
drive and floppies
Motivation Defense
Damage files and spread Antivirus, being cautious
on the internet
Reference 10
Worms & Virus: Companion Virus
Method Detection
Locates executables and Virus scan or strange
mimics names, computer behavior
changing the
extensions
Defense
Motivation Antivirus, being cautious
Damage files and spread on the internet
Reference 10
Worms & Virus: Macro Virus
Method Detection
Infects documents, when Virus scan or strange
document is accessed, computer behavior
macro executes in
application
Defense
Motivation Antivirus, being cautious
Damage files and spread on the internet
Reference 10
Worms & Virus: Worms
Method Detection
Replicates Virus scan or strange
computer behavior
Motivation Defense
Variable motivations Antivirus, being cautious
on the internet
Reference 11
Logic Bomb
Method Detection
Discreetly install “time bomb” Strange computer behavior
and prevent detonation if
necessary
Defense
Motivation Keep and monitor logs
Revenge, synchronized Monitor computer systems
attack, securing get away closely
Buffer Overflow
Method Detection
Pass too much information to Logs
the buffer with poor
checking
Defense
Motivation Check input size before
Modify to information and/or copying to buffer
execute arbitrary code Guard return address
against overwrite
Invalidate stack to execute
instructions
Reference 12 & 13
Phishing
Method Detection
Request information from a Careful examination of
mass audience, collect requests for information
response from the gullible
Motivation Defense
Gain important information Distribute on a need to know
basis
Bots & Zombies
Method Detection
Installed by virus or worm, Network analysis
allow remote unreserved Virus scans
access to the system Notice unusual behavior
Motivation Defense
Gain access to additional Install security patches and
resources, hiding your be careful what you
identity download
Spyware, Adware, and Malware
Method Detection
Installed either willingly by the Network analysis
user via ActiveX or as part Abnormal computer
of a virus package behavior
Motivation Defense
Gain information about the Virus / adware / spyware /
user malware scans
Serve users
advertisements
Hardware Keyloggers
Method Detection
Attach it to a computer Check physical
connections
Motivation Defense
Record user names, Cameras and guards
passwords, and other
private information
Eavesdropping
Method Detection
Record packets to the None
network
Attempt to decrypt
encrypted packets
Motivation Defense
Gain access to user data Strong cryptography
Playback Attack
Method Detection
Record packets to the Network analysis
network
Resend packets without
decryption
Motivation Defense
Mimic legitimate commands Time stamps
DDoS: CPU attack
Method Detection
Send data that requires Network analysis
cryptography to process
Motivation Defense
Occupy the CPU preventing None
normal operations
Reference 14
DDoS: Memory attack
Method Detection
Send data that requires the Network analysis
allocation of memory
Motivation Defense
Take up resources, crashing None
the server when they are
exhausted
Reference 14
References
1. Amoroso, Edward. Intrusion Detection. Sparta, New Jersey: AT&T Laboratories, 1999.
2. Gunn, Michael. War Dialing. SANS Institute, 2002.
3. Schwarau, Winn. “War-driving lessons,” Network World, 02 September 2002.
4. Bradley, Tony. Introduction to Port Scanning. 2005.
<http://netsecurity.about.com/cs/hackertools/a/aa121303.htm> (04 March 2005).
5. Bradley, Tony. Introduction to Packet Sniffing. 2005.
<http://netsecurity.about.com/cs/hackertools/a/aa121403.htm> (05 March 2005).
6. Thompson, Ken. “Reflections on Trusting Trust.” Communications of the ACM, Vol. 27, No. 8,
August 1985.
7. Mitnick, Kevin. The Art of Deception. Indianapolis, Indiana, 2002.
8. Coyne, Sean. Password Crackers: Types, Process and Tools. ITS Research Labs, 2004
9. Friel, Steve. SQL Injection Attacks by Example. 2005 <http://www.unixwiz.net/techtips/sql-
injection.html> (05 March 2005)
10. Lucas, Julie. The Effective Incident Response Team. Chapter 4. 2003
11. Worms versus Viruses. 2004. <http://viruses.surferbeware.com/worms-vs-viruses.htm> (06
March 2005)
12. Grove, Sandeep. “Buffer Overflow Attacks and Their Countermeasures.” Linux Journal. 10
March 2003
13. Levy, Elias. “Smashing the Stack for Fun and Profit”. Phrack Magazine Issue 49, Fall 1997.
14. Distributed Denial of Service. 2002 <http://www.tla.org/talks/ddos-ntua.pdf> (05 March 2005)