0% found this document useful (0 votes)

842 views11 pages

Protocol Flaws

The document discusses various protocol flaws and impersonation attacks that can compromise the confidentiality and integrity of messages. It describes different types of impersonation attacks such as by guessing passwords, eavesdropping, circumventing authentication, exploiting lack of authentication, and exploiting trusted authentication. It also covers spoofing attacks like masquerading, session hijacking, and man-in-the-middle attacks. Common threats to message confidentiality and integrity are also outlined such as eavesdropping, misdelivery, exposure, traffic analysis, and message fabrication. Web site attacks like buffer overflows, dot-dot attacks, and exploiting application errors are also summarized.

Uploaded by

nehzzagarwal

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

842 views11 pages

Protocol Flaws

Uploaded by

nehzzagarwal

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

PROTOCOL FLAWS

PROTOCOL FLAWS:
DESIGN FLAWS
- PROPOSED INTERNET PROTOCOLS POSTED FOR PUBLIC SCRUTINY
- DOES NOT PREVENT PROTOCOL DESIGN FLAWS
IMPLEMENTAION FLAWS

TYPES OF ATTACKS
IMPERSONATION

IMPERSONATION = ATTACKER FOILS AUTHENTICATION AND ASSUMES IDENTITY OF A

VALID ENTITY IN A COMMUNICATION

IMPERSONATION ATTACK MAY BE EASIER THAN WIRETAPPING

TYPES OF IMPERSONATION ATTACKS (IA):

IA BY GUESSING
IA BY EAVESDROPPING/WIRETAPING
IA BY CIRCUMVENTING AUTHENTICATION
IA BY USING LACK OF AUTHENTICATION
IA BY EXPLOITING WELL-KNOWN AUTHENTICATION
IA BY EXPLOITING TRUSTED AUTHENTICATION
IMPERSONATION ATTACKS BY GUESSING

WAYS OF GUESSING:
COMMON WORD/DICTIONARY ATTACKS
GUESSING DEFAULT ID-PASSWORD PAIRS
E.G., GUEST-GUEST / GUEST-NULL / ADMIN-PASSWORD
GUESSING WEAK PASSWORDS
GUESSING CAN BE HELPED BY SOCIAL ENGG
E.G., GUESS WHICH ACCOUNT MIGHT BE DEAD/DORMANT
READ IN A COLLEGE NEWSPAPER ONLINE THAT PROF. RAMAMOORTHY IS ON SABBATICAL
=> GUESSSES THAT HIS ACCT IS DROMANT

SOCIAL ENGG: CALL TO HELP DESK TO RESET PASSWORD TO ONE GIVEN BY ATTACKER

IMPERSONATION ATTACKS BY EAVESDROPPING/WIRETAPING

USER-TO-HOST OR HOST-TO-HOST AUTHENTICATION MUST NOT TRANSMIT PASSWORD IN

THE CLEAR
INSTEAD, E.G., TRANSFER HASH OF A PASSWORD
CORRECT PROTOCOLS NEEDED
IMPERSONATION ATTACKS BY CIRCUMVENTING AUTHENTICATION

WEAK/FLAWED AUTHENTICATION ALLOWS BYPASSING IT

„CLASSIC” OS FLAW:
BUFFER OVERFLOW CAUSED BYPASSING PASSWORD COMPARISON
CONSIDERED IT CORRECT AUTHENTICATION!
CRACKERS ROUTINELY SCAN NETWORKS FOR OSS WITH WEAK/FLAWED AUTHENTICATION
SHARE THIS KNOWLEDGE WITH EACH OTHER

IMPERSONATION ATTACKS BY USING LACK OF AUTHENTICATION

LACK OF AUTHORIZATION BY DESIGN

EXAMPLE: UNIX FACILITATES HOST-TO-HOST CONNECTION BY USERS ALREADY
AUTHORIZED ON THEIR PRIMARY HOST
.RHOSTS - LIST OF TRUSTED HOSTS
.RLOGIN - LIST OF TRUSTED USERS ALLOWED ACCESS W/O AUTHENTICATION

ATTACKER WHO GAINED PROPER ID I1 ON ONE HOST H1, CAN ACCESS ALL HOSTS THAT
TRUST H1
LACK OF AUTHORIZATION DUE TO ADMINISTRATIVE DECISION
E.G., A BANK MAY GIVE ACCESS TO PUBLIC INFORMATION TO ANYBODY UNDER GUEST-NO
LOGIN ACCOUNT-PASWORD PAIR
„GUEST” ACCOUNT CAN BE A FOOTHOLD FOR ATTACKER
ATTACKER WILL TRY TO EXPAND GUEST PRIVILEGES TO EXPLOIT THE SYSTEM

IMPERSONATION ATTACKS BY EXPLOITING WELL-KNOWN AUTHENTICATION

EXAMPLE: A COMPUTER MANUFACTURER PLANNED TO USE SAME LOGIN-PASSWORD PAIR FOR

MAINTENANCE ACCOUNT FOR ANY OF ITS COMPUTERS ALL OVER THE WORLD
SYSTEM/NETWORK ADMINS OFTEN LEAVE DEFAULT PASSWORD UNCHANGED
EXAMPLE: „COMMUNITY STRING” DEAFULT PASSWORD IN SNMP PROTOCOL (FOR REMOTE
MGMT OF NETWORK DEVICES)
SOME VENDORS STILL SHIP COMPUTERS WITH ONE SYS ADMIN ACCOUNT INSTALLED WITH
A DEFAULT PASSWORD

IMPERSONATION ATTACKS BY EXPLOITING TRUSTED AUTHENTICATION

IDENTIFICATION DELEGATED TO TRUSTED SOURCE
E.G., ON UNIX WITH .RHOSTS/.RLOGIN (SEE 4A ABOVE)
EACH DELEGATION IS A POTENTIAL SECURITY HOLE!
CAN YOU REALLY TRUST THE „TRUSTED” SOURCE?

SPOOFING

SPOOFING — ATTACKER (OR ATTACKER’S AGENT) PRETENDS TO BE A VALID ENTITY

WITHOUT FOILING AUTHENTICATION
SPOOF - TO DECEIVE. [...]
SPOOFING DOESNT EQUALIZE TO IMPERSONATION
IMPERSONATION — ATTACKER FOILS AUTHENTICATION AND ASSUMES IDENTITY OF A
VALID ENTITY

THREE TYPES OF SPOOFING:

MASQUERADING
SESSION HIJACKING
MAN-IN-THE MIDDLE (MITM)

MASQUERADING

= A HOST PRETENDS TO BE ANOTHER

REALLY: ATTACKER SETS UP THE HOST (HOST IS ATTACKER’S AGENT)

MASQUERADING - EXAMPLE 1:

REAL WEB SITE: [Link] FOR BLUE BANK CORP.

SIMILAR TYPICAL MASQUERADES:
[Link] AND [Link] MASQUERADE AS [Link]
[Link] MASQUERADES AS [Link]
[Link] MASQUERADES AS [Link]

MASQUERADING - EXAMPLE 2:
ATTACKER EXPLOITS WEB SERVER FLAW – MODIFIES WEB PAGES
MAKES NO VISIBLE CHANGES BUT „STEALS” CUSTOMERS
E.G., BOOKS-R-US WEB SITE COULD BE CHANGED IN A SNEAKY WAY:
PROCESSING OF BROWSING CUSTOMERS REMAINS UNCHANGED
BUT PROCESSING OF ORDERING CUSTOMERS MODIFIED:
(SOME) ORDERS SENT TO COMPETING BOOKS DEPOT
ONLY „SOME” TO MASK THE MASQUERADE

SESSION HIJACKING

ATTACKER INTERCEPTING & CARRYING ON A SESSION BEGUN BY A LEGITIMATE ENTITY

SESSION HIJACKING - EXAMPLE 1

BOOKS DEPOT WIRETAPS NETWORK AND INTERCEPTS PACKETS

AFTER BUYER FINDS A BOOK SHE WANTS AT BOOKS-R-US AND STARTS ORDERING IT,
THE ORDER IS TAKEN OVER BY BOOKS DEPOT

SESSION HIJACKING - EXAMPLE 2

SYSADMIN STARTS TELNET SESSION BY REMOTELY LOGGING IN TO HIS PRIVILEGED ACCT

ATTACKER USES HIJACKING UTILITY TO INTRUDE IN THE SESSION
CAN SEND HIS OWN COMMANDS BETWEEN ADMIN’S COMMANDS
SYSTEM TREATS COMMANDS AS COMING FROM SYSADMIN

MAN-IN-THE MIDDLE (MITM)

SIMILAR TO HIJACKING
DIFFERENCE: MITM PARTICIPATES IN A SESSION FROM ITS START
(SESSION HIJACKING OCCURS AFTER SESSION ESTABLISHED)

MITM – EXAMPLE: ALICE SENDS ENCRYPTED MSG TO BOB

CORRECT COMMUNICATION

ALICE REQUESTS KEY DISTRIBUTOR FOR KPUB-BOB

KEY DISTRIBUTOR SENDS KPUB-BOB TO ALICE
ALICE ENCRYPTS P: C = E (P, KPUB-BOB ) & SENDS C TO BOB
BOB RECEIVES C AND DECRYPTS IT: P = D (C, KPRIV-BOB )

MITM ATTACK

ALICE REQUESTS KEY DISTRIBUTOR FOR KPUB-BOB

MITM INTERCEPTS REQUEST & SENDS KPUB-MITM TO ALICE
ALICE ENCR. P: C = E (P, KPUB-MITM ) & SENDS C TO BOB
MITM INTERCEPTS C & DECRYPTS IT: P = D (C, KPRIV-MITM )
MITM REQUESTS KEY DISTRIBUTOR FOR KPUB-BOB
KEY DISTRIBUTOR SENDS KPUB-BOB TO MITM
MITM ENCR. P: C = E (P, KPUB-BOB ) & SENDS C TO BOB
BOB RECEIVES C AND DECRYPTS IT: P = D (C, KPRIV-BOB )

MESSAGE CONFIDENTIALITY THREATS

MESSAGE CONFIDENTIALITY THREATS INCLUDE:

EAVESDROPPING –
IMPERSONATION –

MISDELIVERY

MSG DELIVERED TO A WRONG PERSON DUE TO:

NETWORK FLAW
HUMAN ERROR
EMAIL ADDRESSES SHOULD NOT BE CRYPTIC
IWALKEY@[Link] BETTER THAN IW@[Link]
IWALKER@[Link] BETTER THAN 10064,30652@[Link]

EXPOSURE

MSG CAN BE EXPOSED AT ANY MOMENT BETWEEN ITS CREATION AND DISPOSAL
SOME POINTS OF MSG EXPOSURE:
TEMPORARY BUFFERS
SWITCHES / ROUTERS / GATEWAYS / INTERMEDIATE HOSTS
WORKSPACES OF PROCESSES THAT BUILD / FORMAT / PRESENT MSG
(INCLUDING OS AND APP PGMS)
MANY WAYS OF MSG EXPOSURE:
PASSIVE WIRETAPPING
INTERCEPTION BY IMPERSONATOR AT SOURCE / IN TRANSIT / AT DESTINATION

TRAFFIC FLOW ANALYSIS

MERE EXISTENCE OF MSG (EVEN IF CONTENT UNKNOWN) CAN REVEAL STH IMPORTANT
E.G., HEAVY MSG TRAFFIC FORM ONE NODE IN A MILITARY NETWORK MIGHT INDICATE
IT’S HEADQUARTERS

MESSAGE INTEGRITY THREATS

MESSAGE INTEGRITY THREATS INCLUDE:

MSG FABRICATION
NOISE

1) MSG FABRICATION

RECEIVER OF FABRICATED MSG MAY BE MISLED TO DO WHAT MSG REQUESTS OR DEMANDS

SOME TYPES OF MSG FABRICATION:

CHANGING PART OF/ENTIRE MSG BODY

COMPLETELY REPLACING WHOLE MSG (BODY & HEADER)
REPLAY OLD MSG
COMBINE PIECES OF OLD MSGS
CHANGE APPARENT MSG SOURCE
DESTROY/DELETE MSG
MEANS OF MSG FABRICATION:
ACTIVE WIRETAP
TROJAN HORSE
IMPERSONATION
TAKING OVER HOST/WORKSTATION

2) NOISE

= UNINTENTIONAL INTERFERENCE
NOISE CAN DISTORT MSG
COMMUNICATION PROTOCOLS DESIGNED TO DETECT/CORRECT TRANSMISSION ERRORS
CORRECTED BY: 1. ERROR CORRECTING CODES
2. RETRANSMISSION

WEB SITE ATTACKS

WEB SITE ATTACKS – QUITE COMMON DUE TO:

VISIBILITY
E.G., WEB SITE DEFACEMENT – CHANGING WEB SITE APPEARANCE
EASE OF ATTACK
WEB SITE CODE AVAILABLE TO ATTACKER (MENU: VIEW>>SOURCE)
A LOT OF VULNERABILITIES IN WEB SERVER S/W
E.G., 17 SECURITY PATCHES FOR MS WEB SERVER S/W, IIS V. 4.0 IN 18 MONTHS

COMMON WEB SITE ATTACKS:

BUFFER OVERFLOWS
DOT-DOT ATTACKS
EXPLOITING APPLICATION CODE ERRORS
SERVER-SIDE INCLUDE

BUFFER OVERFLOWS

ATTACKER FEEDS PGM MUCH MORE DATA THAN IT EXPECTS (AS DISCUSSED)
IISHACK - BEST KNOWN WEB SERVER BUFFER OVERFLOW PROBLEM
PROCEDURE EXECUTING THIS ATTACK IS AVAILABLE

DOT-DOT ATTACKS

IN UNIX & WINDOWS: ‘..’ POINTS TO PARENT DIRECTORY

EXAMPLE ATTACK: ON [Link] FOR MS INDEX SERVER

PASS THE FOLLOWING URL TO THE SERVER
HTTP://URL/[Link]?CIWEBHITSFILE=/../../../../../WINNT/SYSTEM32/[Link]

RETURNS [Link] FILE – ATTACKER CAN MODIFY IT

SOLUTION TO (SOME) DOT-DOT ATTACKS:

HAVE NO EDITORS, XTERM, TELNET, UTILITIES ON WEB SERVER

NO S/W TO BE EXECUTED BY AN ATTACKER ON WEB SERVER TO HELP HIM
CREATE A FENCE CONFINING WEB SERVER

EXPLOITING APPLICATION CODE ERRORS

SOURCE OF PROBLEM:
WEB SERVER MAY HAVE K*1,000 TRANSACTIONS AT A TIME
MIGHT USE PARAMETER FIELDS (APPENDED TO URL) TO KEEP TRACK OF TRANSACTION
STATUS
EXAMPLE: EXPLOITING INCOMPLETE MEDIATION IN APP (CF. EARLIER)
URL GENERATED BY CLIENT’S BROWSER TO ACCESS WEB SERVER, E.G.:

HTTP://[Link]/ORDER/FINAL&CUSTID=101&PART=555A&QY=20&PRICE=10&SHIP=BOAT&SH
IPCOST=5&TOTAL=205
INSTEAD, USER EDITS URL DIRECTLY, CHANGING PRICE AND TOTAL COST AS FOLLOWS:

HTTP://[Link]/ORDER/FINAL&CUSTID=101&PART=555A&QY=20&PRICE=1&SHIP=BOAT&SHI
PCOST=5&TOTAL=25
USER SENDS FORGED URL TO WEB SERVER
THE SERVER TAKES 25 AS THE TOTAL COST

SERVER-SIDE INCLUDE

HTML CODE FOR WEB PAGE CAN CONTAIN INCLUDE COMMANDS

EXAMPLE
OPEN TELNET SESSION FROM SERVER (WITH SERVER’S PRIVILEGES)
<!-#EXEC CMD=/”USR/BIN/TELNET &”->

INCLUDE EXEX (# EXEC) COMMANDS CAN BE USED TO EXECUTE AN ARBITRARY FILE ON

THE SERVER
ATTACKER CAN EXECUTE, E.G., COMMANDS SUCH AS:
CHMOD – CHANGES ACCESS RIGHTS
SH – ESTABLISH COMMAND SHELL
CAT – COPY TO A FILE

DENIAL OF SERVICE (ATTACK OV AVAIL.)

SERVICE CAN BE DENIED:

DUE TO (NONMALICIOUS) FAILURES
EXAMPLES:
LINE CUT ACCIDENTALLY (E.G., BY A CONSTRUCTION CREW)
NOISE ON A LINE
NODE/DEVICE FAILURE (S/W OR H/W FAILURE)
DEVICE SATURATION (DUE TO NONMALICIOUS EXCESSIVE WORKLOAD/ OR TRAFFIC)
SOME OF THE ABOVE SERVICE DENIALS ARE SHORT-LIVED AND/OR GO AWAY
AUTOMATICALLY (E.G., NOISE, SOME DEVICE SATURATIONS)

DUE TO DENIAL-OF-SERVICE (DOS) ATTACKS = ATTACKS ON AVAILAB.

DOS ATTACKS INCLUDE:
PHYSICAL DOS ATTACKS
ELECTRONIC DOS ATTACKS

PHYSICAL DOS ATTACKS

LINE CUT DELIBERATELY

NOISE INJECTED ON A LINE
BRINGING DOWN A NODE/DEVICE VIA H/W MANIPULATION

ELECTRONIC DOS ATTACKS

(2A) CRASHING NODES/DEVICES VIA S/W MANIPULATION

(2B) SATURATING DEVICES (DUE TO MALICIOUS INJECTION OF EXCESSIVE WORKLOAD/ OR

TRAFFIC)
INCLUDES:
CONNECTION FLOODING
SYN FLOOD

(2C) REDIRECTING TRAFFIC

INCLUDES:
PACKET-DROPPING ATTACKS (INCL. BLACK HOLE ATTACKS)
DNS ATTACKS

CONNECTION FLOODING

= FLOODING A CONNECTION WITH USELESS PACKETS SO IT HAS NO CAPACITY TO HANDLE

(MORE) USEFUL PACKETS

ICMP (INTERNET CONTROL MSG PROTOCOL) - DESIGNED FOR INTERNET SYSTEM

DIAGNOSTIC (3RD CLASS OF INTERNET PROTOCOLS NEXT TO TCP/IP & UDP)

ICMP MSGS CAN BE USED FOR ATTACKS

SOME ICMP MSGS:

- ECHO REQUEST – SOURCE S REQUESTS DESTINATION D TO RETURN DATA SENT TO IT

(SHOWS THAT LINK FROM S TO D IS GOOD)
- ECHO REPLY – RESPONSE TO ECHO REQUEST SENT FROM D TO S
- DESTINATION UNREACHABLE – MSG TO S INDICATING THAT PACKET CAN’T BE
DELIVERED TO D
- SOURCE QUENCH – S TOLD TO SLOW DOWN SENDING MSGS TO D (INDICATES THAT D IS
BECOMING SATURATED)

NOTE: PING SENDS ICMP „ECHO REQUEST” MSG TO DESTINATION D.

IF D REPLIES WITH „ECHO REPLY” MSG, IT INDICATES THAT D IS
REACHABLE/FUNCTIONING (ALSO SHOWS MSG ROUND-TRIP TIME).

NOTE: TRY PING/ECHO ON MS WINDOWS:

START>>ALL PROGRAMS>>ACCESSORIES>>COMMAND PROMPT
PING [Link] (TRY: [Link], [Link])

EXAMPLE ATTACKS USING ICMP MSGS

ECHO-CHARGEN ATTACK

- CHARGEN PROTOCOL – GENERATES STREAM OF PACKETS; USED FOR TESTING NETWORK

- ECHO-CHARGEN ATTACK EXAMPLE 1:
ATTACKER USES CHARGEN ON SERVER X TO SEND
STREAM OF ECHO REQUEST PACKETS TO Y
Y SENDS ECHO REPLY PACKETS BACK TO X
THIS CREATES ENDLESS „BUSY LOOP” BEETW. X & Y

- ECHO-CHARGEN ATTACK EXAMPLE 2:

ATTACKER USES CHARGEN ON X TO SEND
STREAM OF ECHO REQUEST PACKETS TO X
X SENDS ECHO REPLY PACKETS BACK TO ITSELF

PING OF DEATH ATTACK, INCL. SMURF ATTACK

- PING OF DEATH EXAMPLE :
ATTACKER USES PING AFTER PING ON X TO FLOOD
Y WITH PINGS (PING USES ICMP ECHO REQ./REPLY)
X RESPONDS TO PINGS (TO Y)
THIS CREATES ENDLESS „BUSY LOOP” BEETW. X & Y

SMURF ATTACK EXAMPLE:

ATTACKER SPOOFS SOURCE ADDRESS OF PING
PACKET SENT FR. X – APPEARS TO BE SENT BY Z
ATT. BROADCASTS SPOOFED PKT TO N HOSTS
ALL N HOSTS ECHO TO Z – FLOOD IT

SYN FLOOD DOS ATTACK

ATTACK IS BASED ON PROPERTIES/IMPLEMENTATION OF A SESSION IN TCP PROTOCOL
SUITE
SESSION = VIRTUAL CONNECTION BETWEEN PROTOCOL PEERS
SESSION ESTABLISHED WITH THREE-WAY HANDSHAKE (S = SOURCE, D = DESTINATION)
AS FOLLOWS:
S TO D: SYN
D TO S: SYN+ACK
S TO D: ACK
NOW SESSION BETWEEN S AND D IS ESTABLISHED
D KEEPS SYN_RECV QUEUE WHICH TRACKS CONNECTIONS BEING ESTABLISHED FOR WHICH
IT HAS RECEIVED NO ACK
NORMALLY, ENTRY IS IN SYN_RECV FOR A SHORT TIME
IF NO ACK RECEIVED WITHIN TIME T (USU. K MINUTES), ENTRY DISCARDED
(CONNECTION ESTABL. TIMES OUT)

NORMALLY, SIZE OF SYN_RECV (10-20) IS SUFFICIENT TO ACCOMMODATE ALL

CONNECTIONS UNDER ESTABLISHMENT

SYN FLOOD ATTACK SCENARIO

ATTACKER SENDS MANY SYN REQUESTS TO D (AS IF STARTING 3-WAY HANDSHAKE)

ATTACKER NEVER REPLIES TO D’S SYN+ACK PACKETS
D PUTS ENTRY FOR EACH UNANSWERED SYN+ACK PACKET INTO SYN_RECV QUEUE
WITH MANY UNANSWERED SYN+ACK PACKETS, SYN_RECV QUEUE FILLS UP
WHEN SYN_RECV IS FULL, NO ENTRIES FOR LEGITIMATE UNANSWERED SYN+ACK PACKETS
CAN BE PUT INTO SYN_RECV QUEUE ON D
NOBODY CAN ESTABLISH LEGITIM. CONNECTION WITH D

MODIFICATION 1 OF SYN FLOOD ATTACK SCENARIO:

ATTACKER SPOOFS SENDER’S ADDRESS IN SYN PACKETS SENT TO D
QUESTION: WHY?
MODIFICATION 1 OF SYN FLOOD ATTACK SCENARIO:
ATTACKER SPOOFS SENDER’S ADDRESS IN SYN PACKETS SENT TO D
QUESTION: WHY?
ANSWER:
TO MASK PACKET’S REAL SOURCE, TO COVER HIS TRACKS

MODIFICATION 2 OF SYN FLOOD ATTACK SCENARIO:

ATTACKER MAKES EACH SPOOFED SENDER’S ADDRESS IN SYN PACKETS DIFFERENT
QUESTION: WHY?

MODIFICATION 2 OF SYN FLOOD ATTACK SCENARIO:

ATTACKER MAKES EACH SPOOFED SENDER’S ADDRESS IN SYN PACKETS DIFFERENT
QUESTION: WHY?
ANSWER:
IF ALL HAD THE SAME SOURCE, DETECTION OF ATTACK WOULD BE SIMPLER (TOO MANY
INCOMPLETE CONNECTION REQUESTS COMING FROM THE SAME SOURCE LOOK SUSPICIOUS)

REDIRECTING TRAFFIC (INCL. DROPPING REDIRECTED PACKETS)

REDIRECTING TRAFFIC BY ADVERTISING A FALSE BEST PATH

ROUTERS FIND BEST PATH FOR PASSING PACKETS FROM S TO D
ROUTERS ADVERTISE THEIR CONECTIONS TO THEIR NEIGHBORS
ROUTER R TAKEN OVER BY ATTACKER
R ADVERTISES (FALSELY) TO ALL NEIGHBORS THAT IT HAS THE BEST (E.G.,
SHORTEST) PATH TO HOSTS H1, H2, ..., HN
HOSTS AROUND R FORWARD TO R ALL PACKETS ADDRESSED TO H1, H2, ..., HN
R DROPS SOME OR ALL THESE PACKETS
DROPS SOME => PACKET-DROPPING ATTACK
DROPS ALL => BLACK HOLE ATTACK
(BLACK HOLE ATTACK IS SPEC. CASE OF PKT-DROP. ATTACK)

REDIRECTING TRAFFIC BY DNS ATTACKS

FUNCTION: RESOLVING DOMAIN NAME
= CONVERTING DOMAIN NAMES INTO IP ADDRESSES
E.G., [Link] à [Link]
DNS QUERIES OTHER DNSS (ON OTHER HOSTS) FOR INFO ON UNKNOWN IP ADDRESSES
DNS CACHES QUERY REPLIES (ADDRESSES) FOR EFFICIENCY

MOST COMMON DNS IMPLEMENTATION:

BIND S/W (BIND = BERKELEY INTERNET NAME DOMAIN)
A.K.A. NAMED (NAMED = NAME DAEMON)
NUMEROUS FLAWS IN BIND INCLUDING BUFFER OVERFLOW

ATTACKS ON DNS (E.G., ON BIND)

OVERTAKING DNS / FABRICATING CACHED DNS ENTRIES
USING FABRICATED ENTRY TO REDIRECT TRAFFIC

DISTRIBUTED DENIAL OF SERVICE-(ATTACK ON AVAILABILITY)

DDOS = DISTRIBUTED DENIAL OF SERVICE

ATTACK SCENARIO:
STAGE 1:
ATTACKER PLANTS TROJANS ON MANY TARGET MACHINES
TARGET MACHINES CONTROLLED BY TROJANS BECOME ZOMBIES

STAGE 2:
ATTACKER CHOOSES VICTIM V, ORDERS ZOMBIES TO ATTACK V
EACH ZOMBIE LAUNCHES A SEPARATE DOS ATTACK

DIFFERENT ZOMBIES CAN USE DIFFERENT DOS ATTACKS

E.G., SOME USE SYN FLOODS, OTHER SMURF ATTACKS

THIS PROBES DIFFERENT WEAK POINTS

ALL ATTACKS TOGETHER CONSTITUTE A DDOS
V BECOMES OVERWHELMED AND UNAVAILABLE
DDOS SUCCEEDS

THREATS TO ACTIVE OR MOBILE CODE

ACTIVE CODE / MOBILE CODE = CODE PUSHED BY SERVER S TO A CLIENT C FOR EXECUTION ON
C
WHY S DOESN’T EXECUTE ALL CODE ITSELF? FOR EFFICIENCY.
EXAMPLE: WEB SITE WITH ANIMATION
IMPLEMENTATION 1 — S EXECUTING ANIMATION
EACH NEW ANIMATION FRAME MUST BE SENT FROM S TO C FOR DISPLAY ON C
USES NETWORK BANDWIDTH
IMPLEMENTATION 2 — S SENDS ANIMATION CODE FOR EXECUTION TO C
C EXECUTES ANIMATION
EACH NEW ANIMATION FRAME IS AVAILABLE FOR DISPALY LOCALLY ON C

IMPLEMENTATION 2 IS BETTER: SAVES S’S PROCESSOR TIME AND NETWORK BANDWIDTH

ISN’T ACTIVE/MOBILE CODE A THREAT TO CLIENT’S HOST?

IT DEFINITELY IS A THREAT (TO C-I-A)!

KINDS OF ACTIVE CODE:

COOKIES
SCRIPTS
ACTIVE CODE
AUTOMATIC EXECUTION BY TYPE

= DATA OBJECT SENT FROM SERVER S TO CLIENT C THAT CAN CAUSE UNEXPECTED DATA
TRANSFERS FROM C TO S
NOTE: COOKIE IS DATA FILE NOT REALLY ACTIVE CODE!
COOKIES TYPICALLY ENCODED USING S’S KEY (C CAN’T READ THEM)

TYPES OF COOKIES:
1) PER-SESSION COOKIE
2) STORED IN MEMORY, DELETED WHEN C’S BROWSER CLOSED
3) PERSISTENT COOKIE
4) STORED ON DISK, SURVIVE TERMINATION OF C’S BROWSER

COOKIE CAN STORE ANYTHING ABOUT CLIENT C THAT BROWSER RUNNING ON C CAN
DETERMINE, INCLUDING:
USER’S KEYSTROKES
MACHINE NAME AND CHARACTERISTICS
CONNECTION DETAILS (INCL. IP ADDRESS)

LEGITIMATE ROLE FOR COOKIES:

PROVIDING C’S CONTEXT TO S
DATE, TIME, IP ADDRESS
DATA ON CURRENT TRANSACTION (INCL. ITS STATE)
DATA ON PAST TRANSACTIONS (E.G., C USER’S SHOPPING PREFERENCES)

ILLEGITIMATE ROLE FOR COOKIES:

SPYING ON C
COLLECTING INFO FOR IMPERSONATING USER OF C WHO IS TARGET OF COOKIE’S INFO
GATHERING
ATTACKER WHO INTERCEPTS X’S COOKIE CAN EASILY IMPERSONATE X IN INTERACTIONS
WITH S

PHILOSOPHY BEHIND COOKIES:

TRUST US, WE KNOW WHAT’S GOOD FOR YOU!
HMM... THEY DON’T TRUST YOU (ENCODE COOKIE) BUT WANT YOU TO TRUST THEM.

Network Security Essentials
No ratings yet
Network Security Essentials
60 pages
Security Fundamentals
No ratings yet
Security Fundamentals
23 pages
Introduction to Network Security
No ratings yet
Introduction to Network Security
43 pages
Intro To CCNA Security
No ratings yet
Intro To CCNA Security
52 pages
Network Security Essentials
No ratings yet
Network Security Essentials
46 pages
Internet Attacks
No ratings yet
Internet Attacks
28 pages
Common Security Threats Overview
No ratings yet
Common Security Threats Overview
3 pages
Common Attacks
No ratings yet
Common Attacks
16 pages
Internet Attacks: - Social Engineering - Impersonation - Exploits
No ratings yet
Internet Attacks: - Social Engineering - Impersonation - Exploits
37 pages
W8 - Network Security Fundamentals-S22
No ratings yet
W8 - Network Security Fundamentals-S22
40 pages
Lecture 8
No ratings yet
Lecture 8
52 pages
Cybersecurity: Attacks & Defenses
No ratings yet
Cybersecurity: Attacks & Defenses
70 pages
Detailed Network Security Attacks Requested Table
No ratings yet
Detailed Network Security Attacks Requested Table
4 pages
Week 11
No ratings yet
Week 11
61 pages
Network Attacks
No ratings yet
Network Attacks
35 pages
Lec21 Security
No ratings yet
Lec21 Security
51 pages
PMPBT01 2 5 179
No ratings yet
PMPBT01 2 5 179
42 pages
Attacks and Malicious Software
No ratings yet
Attacks and Malicious Software
55 pages
Unit 2 NSAC
No ratings yet
Unit 2 NSAC
25 pages
Computer Architecture
No ratings yet
Computer Architecture
6 pages
Network Security & Malicious Code
No ratings yet
Network Security & Malicious Code
44 pages
Ccidf Unit - 2
No ratings yet
Ccidf Unit - 2
127 pages
Cisa Last Minute Revision LDR
No ratings yet
Cisa Last Minute Revision LDR
5 pages
Network Security
No ratings yet
Network Security
26 pages
Athipathy Network Security
No ratings yet
Athipathy Network Security
12 pages
Chapter One Lecture Two
No ratings yet
Chapter One Lecture Two
56 pages
Network Security Design Overview
No ratings yet
Network Security Design Overview
43 pages
Introduction To Information Systems and Network Vulnerabilities
No ratings yet
Introduction To Information Systems and Network Vulnerabilities
17 pages
Security Threats MMJ
No ratings yet
Security Threats MMJ
24 pages
Lec 07,08 - Security Attacks
No ratings yet
Lec 07,08 - Security Attacks
32 pages
Network Security: By: Sukhdeep Singh IT-IV Year (0702913108)
No ratings yet
Network Security: By: Sukhdeep Singh IT-IV Year (0702913108)
30 pages
Understanding DoS Attacks
No ratings yet
Understanding DoS Attacks
20 pages
Lec21 Security
No ratings yet
Lec21 Security
51 pages
Physical & Network Security
No ratings yet
Physical & Network Security
24 pages
Chapter Four
No ratings yet
Chapter Four
19 pages
Week 12 - Network Security Part 1 19092023 014707pm
No ratings yet
Week 12 - Network Security Part 1 19092023 014707pm
28 pages
Chapter 1
No ratings yet
Chapter 1
24 pages
Understanding Cybersecurity Threats & Attacks
100% (1)
Understanding Cybersecurity Threats & Attacks
26 pages
Information Security Week 01
No ratings yet
Information Security Week 01
17 pages
DNS & Network Security Guide
No ratings yet
DNS & Network Security Guide
6 pages
Security Problems in TCP-IP
No ratings yet
Security Problems in TCP-IP
18 pages
Network &amp Security PP
No ratings yet
Network &amp Security PP
7 pages
CompTIA Security+
No ratings yet
CompTIA Security+
75 pages
Honeypots, Essentially Decoy Network-Accessible Resources, Could Be Deployed in A
No ratings yet
Honeypots, Essentially Decoy Network-Accessible Resources, Could Be Deployed in A
6 pages
Network Security Concepts Guide
No ratings yet
Network Security Concepts Guide
47 pages
Chapter 4 - Network Vulnerabilities
100% (1)
Chapter 4 - Network Vulnerabilities
24 pages
Attack Methods: Ap/index - SHTML
No ratings yet
Attack Methods: Ap/index - SHTML
50 pages
Cyber Security
No ratings yet
Cyber Security
22 pages
Network Security Objectives Overview
No ratings yet
Network Security Objectives Overview
54 pages
Lecture01 - Security Fundamental
No ratings yet
Lecture01 - Security Fundamental
51 pages
Network Security
No ratings yet
Network Security
68 pages
Cybersecurity Essentials Guide
No ratings yet
Cybersecurity Essentials Guide
4 pages
A Deliberate Attempt To Compromise A System - Exploits Vulnerabilities
No ratings yet
A Deliberate Attempt To Compromise A System - Exploits Vulnerabilities
11 pages
Cyber Security Management Overview
No ratings yet
Cyber Security Management Overview
16 pages
Malicious Attacks Threats and Impact in
No ratings yet
Malicious Attacks Threats and Impact in
28 pages
Lecture 3
No ratings yet
Lecture 3
21 pages
Firewall
No ratings yet
Firewall
17 pages
Communication Network Security Overview
No ratings yet
Communication Network Security Overview
27 pages
Master Tongs Acupuncture
100% (19)
Master Tongs Acupuncture
232 pages
Acupuncture Anatomy. Regional Micro-Anatomy and System
100% (19)
Acupuncture Anatomy. Regional Micro-Anatomy and System
900 pages
Acupuncture Desk Reference
97% (29)
Acupuncture Desk Reference
418 pages
Introduction To Tungs Acupuncture PDF
96% (54)
Introduction To Tungs Acupuncture PDF
323 pages
The Fundamentals of Acupuncture
100% (19)
The Fundamentals of Acupuncture
754 pages
Chinese Scalp Acupuncture PDF
100% (26)
Chinese Scalp Acupuncture PDF
216 pages
The Art and Practice of Diagnosis in Chinese Medicine. NIGEL CHING
100% (18)
The Art and Practice of Diagnosis in Chinese Medicine. NIGEL CHING
794 pages
100 Diseases Treated by Single Point of Acupuncture
100% (35)
100 Diseases Treated by Single Point of Acupuncture
209 pages
Meridians and Acupoints PDF
97% (61)
Meridians and Acupoints PDF
354 pages
Clinical Handbook of Yamamoto New Scalp Acupuncture
100% (13)
Clinical Handbook of Yamamoto New Scalp Acupuncture
262 pages
Shanghai College of Traditional Medicine - Acupuncture - A Comprehensive Text PDF
92% (25)
Shanghai College of Traditional Medicine - Acupuncture - A Comprehensive Text PDF
763 pages
Sinew Channels by J Yuen001
92% (25)
Sinew Channels by J Yuen001
85 pages
TCM Cases - Pain
100% (12)
TCM Cases - Pain
671 pages
Interactive Medical Acupuncture Anatomy. 2016 Narda G. Robinson
100% (17)
Interactive Medical Acupuncture Anatomy. 2016 Narda G. Robinson
1,167 pages
Michael Tierra - Chinese Traditional Herbal Medicine (Vol I)
98% (55)
Michael Tierra - Chinese Traditional Herbal Medicine (Vol I)
411 pages
David Zhang, Hongzhi Zhang, Bob Zhang (Auth.) - Tongue Image Analysis-Springer Singapore (2017) PDF
92% (12)
David Zhang, Hongzhi Zhang, Bob Zhang (Auth.) - Tongue Image Analysis-Springer Singapore (2017) PDF
335 pages
Acupuncture For Treating Hiden Roots
100% (10)
Acupuncture For Treating Hiden Roots
726 pages
James Tin Yau So - Treatment of Disease With Acupuncture
97% (31)
James Tin Yau So - Treatment of Disease With Acupuncture
397 pages
Advanced Acupuncture Ann Cecil Sterman Ykudgx Şifresiz
100% (11)
Advanced Acupuncture Ann Cecil Sterman Ykudgx Şifresiz
466 pages
Neuropuncture A Clinical Handbook of Neuroscience Acupuncture Second Edition
97% (31)
Neuropuncture A Clinical Handbook of Neuroscience Acupuncture Second Edition
170 pages
Mastering The Art of Abdominal - Dave Shipsey PDF
98% (40)
Mastering The Art of Abdominal - Dave Shipsey PDF
262 pages
Holding The Tigers Tail - Acupuncture Techniques Manual
100% (34)
Holding The Tigers Tail - Acupuncture Techniques Manual
262 pages
8 Extras by JYuen001
85% (20)
8 Extras by JYuen001
86 pages
Dr. Tan's Balance Method
90% (20)
Dr. Tan's Balance Method
0 pages
Energetics in Acupuncture
97% (29)
Energetics in Acupuncture
481 pages
Acupuncture .127
91% (11)
Acupuncture .127
162 pages
Insights of A Senior Acupuncturist - One Combination of Points Can Treat Manny Diseases PDF
100% (16)
Insights of A Senior Acupuncturist - One Combination of Points Can Treat Manny Diseases PDF
159 pages
Master Tung
92% (83)
Master Tung
73 pages
Li Shi-Zhens Pulse Studies
100% (33)
Li Shi-Zhens Pulse Studies
193 pages
Basic Theories of Traditional Chinese Medicine PDF
100% (35)
Basic Theories of Traditional Chinese Medicine PDF
194 pages
Online Live Sex Video Chat
No ratings yet
Online Live Sex Video Chat
2 pages
Blockchain in Healthcare
No ratings yet
Blockchain in Healthcare
10 pages
Informatica PowerCenter 9.x Level 1 Developer DS
No ratings yet
Informatica PowerCenter 9.x Level 1 Developer DS
4 pages
Wargame Magazine Issue - 6
100% (8)
Wargame Magazine Issue - 6
100 pages
Company Profile PT Nara PPT v1
No ratings yet
Company Profile PT Nara PPT v1
7 pages
Rig - Drilling Instrumentation
100% (1)
Rig - Drilling Instrumentation
10 pages
Technological Advances
No ratings yet
Technological Advances
8 pages
Semantic Web Service Discovery
No ratings yet
Semantic Web Service Discovery
11 pages
Best WhatsApp Stickers - Funny, Memes, Animated, and More - TechPP
No ratings yet
Best WhatsApp Stickers - Funny, Memes, Animated, and More - TechPP
1 page
Microsoft Select Plus Dell Price List 2018 03
No ratings yet
Microsoft Select Plus Dell Price List 2018 03
26 pages
Meta Digital Marketing Exam Guide
No ratings yet
Meta Digital Marketing Exam Guide
3 pages
BizRate.com: E-commerce & Research Insights
No ratings yet
BizRate.com: E-commerce & Research Insights
45 pages
Online Advertising: A Test of Recall Among Modern Styles of Advertising
No ratings yet
Online Advertising: A Test of Recall Among Modern Styles of Advertising
29 pages
ICM 7.0 Scripting Guide
No ratings yet
ICM 7.0 Scripting Guide
269 pages
Cell Cycle Webquest - PDF NEW
No ratings yet
Cell Cycle Webquest - PDF NEW
3 pages
The Digital Self
80% (10)
The Digital Self
47 pages
Social Media Awareness
No ratings yet
Social Media Awareness
25 pages
eSSL eTimeTrackLite Login Guide
100% (1)
eSSL eTimeTrackLite Login Guide
78 pages
MMUP Engineer Registration
No ratings yet
MMUP Engineer Registration
6 pages
The Truth About Email Marketing
100% (1)
The Truth About Email Marketing
224 pages
International Trade and Logistics
No ratings yet
International Trade and Logistics
11 pages
Case Folder
No ratings yet
Case Folder
3 pages
EngHub Placement Test
No ratings yet
EngHub Placement Test
4 pages
Intent in Android
No ratings yet
Intent in Android
35 pages
HC120119014 USG Firewall Dual System and Configuration
No ratings yet
HC120119014 USG Firewall Dual System and Configuration
36 pages
Sinhala Unicode Adoption Issues
No ratings yet
Sinhala Unicode Adoption Issues
4 pages
Airtel Fiber Monthly Statement Summary
No ratings yet
Airtel Fiber Monthly Statement Summary
3 pages
Chapter 2
No ratings yet
Chapter 2
9 pages
Fortios v6.2.4 Release Notes
No ratings yet
Fortios v6.2.4 Release Notes
58 pages
The Case of The 22nd World Scout Jamboree in Sweden
No ratings yet
The Case of The 22nd World Scout Jamboree in Sweden
30 pages