59
Different Types of Attacks Different Types of Attacks Information Security

Different types of attacks

Embed Size (px)

Citation preview

Page 1: Different types of attacks

Different Types of AttacksDifferent Types of AttacksInformation Security

Page 2: Different types of attacks

PARTPART -- II• Attack• Security Trends• Password guessing attack• Man in Middle attack• Coss -Site Scripting

By Koteshwar Rao

Page 3: Different types of attacks

AttackAttack

Act or action that exploits vulnerabilityin controlled system.

Vulnerability-◦ An information security "vulnerability" is a

mistake in software that can be directly usedby a hacker to gain access to a system ornetwork.

Page 4: Different types of attacks

Security TrendsSecurity Trends

Page 5: Different types of attacks

Password guessing attackPassword guessing attack

unauthorized user repeatedly tries to logon to a computer or network by guessingusernames and passwords.

PasswordGuessing

DictionaryattackBruteForce Attack

Page 6: Different types of attacks

Brute force attackBrute force attack Brute force attack is a

type of passwordguessing attack. In thistype of attack, attackerssystematically try everyconceivablecombination to find outthe password of a user.

Passwordguessingprogram

http://portswigger.net/burp/help/intruder.html

Download link :

Page 7: Different types of attacks

Dictionary attackDictionary attack This type of attack uses a

dictionary of commonwords to find out thepassword of a user. It canalso use common words ineither upper or lower caseto find a password. Thereare many programs availableon the Internet to automateand execute dictionaryattacks.

Page 8: Different types of attacks

Man in the middle attackMan in the middle attack

occur when an attacker successfullyinserts an intermediary software orprogram between two communicatinghosts.

Page 9: Different types of attacks

The MITM attack is very effective because of thenature of the http protocol and data transferwhich are all ASCII based. It’s possible to capturea session cookie reading the http header, but it’salso possible to change an amount of moneytransaction inside the application context,

Page 10: Different types of attacks

MITM Attack toolsMITM Attack tools

There are several tools to realize a MITM attack.These tools are particularly efficient in LAN networkenvironments, because they implement extrafunctionalities, like the arp spoof capabilities thatpermit the interception of communication betweenhosts.

1. PacketCreator2. Ettercap3. Dsniff4. Cain e Abel

Page 11: Different types of attacks

CrossCross--Site Scripting in a NutshellSite Scripting in a Nutshell Consider a web site that gathers user input User input is displayed back to user◦ Validate address, search results, etc.

Attacker crafts URL with a script in it and sends to victim◦ Victim clicks on link◦ Script in the URL is sent to server as user input◦ User input displayed; script "reflected" back to client◦ Script runs on client

Which state do I live in? I am a resident of:<SCRIPT LANGUAGE=Javascript>alert ("You are vulnerable to

cross-site scripting!");</SCRIPT>

Page 12: Different types of attacks

CrossCross--Site Scripting OverviewSite Scripting Overview Attacker intends to obtain sensitive data from

victim user that is only accessible from within avalid session with the target site

Attacker has analyzed the target site andidentified a vulnerable CGI script (one that doesnot properly filter user supplied input, such asHTML <SCRIPT> tags)◦ The site displays back to the user something the user

types in, such as a name, account number, or anything,really

Attacker has written a specialized browser script(most likely in JavaScript) that performs an actionas a victim user on the target site

Page 13: Different types of attacks

Ways of Launching CrossWays of Launching Cross--SiteSiteScripting AttacksScripting Attacks Attacker's script must be sent to the

victim◦ Inter-user communication within the target

site (i.e., message board, etc.)◦ URL provided on a third-party web site

(either clicked on by victim user orautomatically loaded when visiting a maliciousweb site)◦ URL embedded in an email or newsgroup

posting

Page 14: Different types of attacks

How CrossHow Cross--Site Scripting AttacksSite Scripting AttacksWorkWork1) Victim logs into the target site

Could occur through social engineering by attacker

Log in to your account to get this special offer!!!

2) Victim then clicks on a URL or visits a web site that includes themalicious code

3) Victim user’s browser transmits malicious code to the vulnerablescript on the target site as a web request

4) Target site reflects the malicious code back to the victim user’sbrowser in the response to the request

5) Malicious code executes within victim user’s browser under thesecurity context of the target site

Page 15: Different types of attacks

How It WorksHow It Works (continued)(continued)

Page 16: Different types of attacks

When Will The Attack BeWhen Will The Attack BeSuccessful?Successful? User must be convinced to click on a URL or visit

a malicious web siteAND

User must be currently logged into the target siteand have a valid session (that has not timed out)

Both conditions can be accomplished throughsocial engineering via e-mail or telephone

Page 17: Different types of attacks

CrossCross--Site Scripting DefensesSite Scripting Defenses Remove from user input all characters that are meaningful in

scripting languages:◦ =<>"'();

◦ You must do this filtering on the server side

◦ You cannot do this filtering using Javascript on the client, because theattacker can get around such filtering

• More generally, on the server-side, your application must filter userinput to remove:◦ Quotes of all kinds (', ", and `)

◦ Semicolons (;), Asterisks (*), Percents (%), Underscores (_)

◦ Other shell/scripting metacharacters (=&\|*?~<>^()[]{}$\n\r )

Your best bet – define characters that are ok (alpha and numeric),and filter everything else out

Page 18: Different types of attacks

PARTPART -- IIII

1. Phishing2. DoS attack3. Spoofing

By Rohan Bharadwaj

Page 19: Different types of attacks

PhishingPhishing

Phishing is a type of deception designedto steal your valuable personal data, suchas credit card numbers, passwords,account data, or other information.

Con artists might send millions offraudulent e-mail messages that appear tocome from Web sites you trust, like yourbank or credit card company, and requestthat you provide personal information.

Page 20: Different types of attacks

History ofHistory of PhishingPhishing

Phreaking + Fishing = PhishingPhreaking = Experiment with telecommunication networksFishing = Use bait to lure the target

Phishing in 1995Target: AOL usersPurpose: getting account passwords for free timeThreat level: lowTechniques: Similar names ( www.ao1.com for www.aol.com ), socialengineering

Phishing in 2001Target: Ebayers and major banksPurpose: getting credit card numbers, accountsThreat level: mediumTechniques: Same in 1995, keylogger

Phishing in 2007Target: Paypal, banks, ebayPurpose: bank accountsThreat level: highTechniques: browser vulnerabilities, link obfuscation

Page 21: Different types of attacks

A bad dayA bad day phishinphishin’, beats a good day’, beats a good dayworkinworkin’’

• 2,000,000 emails are sent• 5% get to the end user – 100,000 (APWG)• 5% click on the phishing link – 5,000 (APWG)• 2% enter data into the phishing site –100 (Gartner)• $1,200 from each person who enters data (FTC)• Potential reward: $120,000

In 2005 David Levi made over $360,000 from 160 people using an eBayPhishing scam

Page 22: Different types of attacks

SpearSpear--PhishingPhishing: Improved: ImprovedTarget SelectionTarget Selection

• Socially aware attacks Mine social relationships from public data Phishing email appears to arrive from someone known to the

victim Use spoofed identity of trusted organization to gain trust Urge victims to update or validate their account Threaten to terminate the account if the victims not reply Use gift or bonus as a bait Security promises

• Context-aware attacks “Your bid on eBay has won!” “The books on your Amazon wish list are on sale!”

Page 23: Different types of attacks
Page 24: Different types of attacks

How To Tell If An EHow To Tell If An E--mailmailMessage is FraudulentMessage is Fraudulent

Here are a few phrases to look for if you think an e-mailmessage is a phishing scam.

• "Verify your account."Businesses should not ask you tosend passwords, login names, Social Security numbers, orother personal information through e-mail. If you receive an e-mail from anyone asking you to update your credit cardinformation, do not respond: this is a phishing scam.

• "If you don't respond within 48 hours, your accountwill be closed."These messages convey a sense of urgencyso that you'll respond immediately without thinking. Phishinge-mail might even claim that your response is requiredbecause your account might have been compromised.

Page 25: Different types of attacks

How To Tell If An EHow To Tell If An E--mail Message ismail Message isFraudulentFraudulent (cont’d)(cont’d)

• "Dear Valued Customer."Phishing e-mail messages areusually sent out in bulk and often do not contain your firstor last name.

• "Click the link below to gain access to youraccount."HTML-formatted messages can contain links orforms that you can fill out just as you'd fill out a form on aWeb site. The links that you are urged to click may containall or part of a real company's name and are usually"masked," meaning that the link you see does not take youto that address but somewhere different, usually a phonyWeb site.

• Notice in the following example that resting the mousepointer on the link reveals the real Web address, as shown inthe box with the yellow background. The string of crypticnumbers looks nothing like the company's Web address,which is a suspicious sign.

Page 26: Different types of attacks

How To Tell If An EHow To Tell If An E--mailmailMessage is FraudulentMessage is Fraudulent (cont’d)(cont’d)

Con artists also use Uniform Resource Locators (URLs)that resemble the name of a well-known company but areslightly altered by adding, omitting, or transposing letters.

For example, the URL "www.microsoft.com" could appearinstead as:

www.micosoft.com www.mircosoft.com www.verify-microsoft.com

Page 27: Different types of attacks

• Never respond to an email asking forpersonal information

• Always check the site to see if it is secure.Call the phone number if necessary

• Never click on the link on the email. Retypethe address in a new window

• Keep your browser updated• Keep antivirus definitions updated• Use a firewall

Page 28: Different types of attacks

DoSDoS attackattack

It is also known as “networksaturation attack” or“bandwidth consumptionattack”.

Attackers make Denial-of-Service attacks by sending alarge number of protocolpackets to a network.

Page 29: Different types of attacks

Consequences ofConsequences of DoSDoS

Saturate network resources. Disrupt connections between two

computers, thereby preventingcommunication between services.

Disrupt services to a specific computer.

Page 30: Different types of attacks

CommonCommon DoSDoS AttacksAttacks

1. SYN attack2. PING flood3. Ping of death4. Teardrop attack5. Smurf attack

Page 31: Different types of attacks

SYN attack/SYN floodingSYN attack/SYN flooding A SYN attack affects computers running on the TCP/IP

protocol. an attacker sends multiple SYN packets to the target

computer. For each SYN packet received, the target computer allocates

resources and sends an acknowledgement (SYN-ACK) to thesource IP address. Since the target computer does notreceive a response from the attacking computer, it attemptsto resend the SYN-ACK.

This leaves TCP ports in a half-open state. When an attackersends TCP SYNs repeatedly, the target computer eventuallyruns out of resources and is unable to handle any moreconnections, thereby denying services to legitimate users.

Page 32: Different types of attacks

DiagramDiagram showinsshowins SYN floodSYN flood

Page 33: Different types of attacks

PING floodPING flood

It relies on the ICMP echo command,more popularly known as ping .

In legitimate situations the ping commandis used by network administrators to testconnectivity between two computers.

In the ping flood attack, it is used toflood large amounts of data packets tothe victim’s computer in an attempt tooverload it.

Page 34: Different types of attacks

Ping flood (contd..)Ping flood (contd..)

Page 35: Different types of attacks

Ping of deathPing of death The maximum size for a packet is 65,535

bytes. If one were to send a packet largerthan that, the receiving computer wouldultimately crash from confusion.

Sending a ping of this size is against the rulesof the TCP/IP protocol, but hackers canbypass this by cleverly sending the packets infragments. When the fragments areassembled on the receiving computer, theoverall packet size is too great. This willcause a buffer overlflow and crash thedevice.

Page 36: Different types of attacks

Ping of deathPing of death

Page 37: Different types of attacks

Software to ping attackSoftware to ping attack

Download Link:-http://www.softpedia.com/progScreenshots/AtTacK-PiNG-Screenshot-80794.html

Page 38: Different types of attacks

Teardrop attackTeardrop attack Teardrop attacks exploit the reassembly of fragmented

IP packets. Fragment offset indicates the startingposition of the data contained in a fragmented packetrelative to the data of the original unfragmented packet.

Page 39: Different types of attacks

Teardrop attack(contd..)Teardrop attack(contd..) When the sum of the offset and size of one fragmented

packet differ from that of the next fragmented packet, thepackets overlap, and the server attempting to reassemble thepacket can crash, especially if it is running an older operatingsystem that has this vulnerability.

Page 40: Different types of attacks

Smurf attackSmurf attack The attacker sends a large amount of ICMP

traffic to a broadcast address and uses avictim’s IP address as the source IP so thereplies from all the devices that respond tothe broadcast address will flood the victim.

Page 41: Different types of attacks

SpoofingSpoofing

Spoofing is a technique that makes atransmission appear to have come froman authentic source by forging the IPaddress.

In IP spoofing, a hacker modifies packetheaders by using someone else’s IPaddress to hide his identity.

Page 42: Different types of attacks
Page 43: Different types of attacks

PARTPART --IIIIII

1. Back Door attack2. Virus3. Worms4. Trojan horses

By Manohar Mantry

Page 44: Different types of attacks

Back DoorBack Door Back door is a program or account that allows

access to a system by skipping the securitychecks.

Many vendors and developers implement backdoors to save time and effort by skipping thesecurity checks while troubleshooting.

Back door is considered to be a security threatand should be kept with the highest security.

If a back door becomes known to attackers andmalicious users, they can use it to exploit thesystem.

Page 45: Different types of attacks

Backdoor is a secret or unauthorized channel for accessingBackdoor is a secret or unauthorized channel for accessingcomputer system. In an attack scenario, hackers installcomputer system. In an attack scenario, hackers installbackdoors on a machine, once compromised, to access itbackdoors on a machine, once compromised, to access itin an easier manner at later timesin an easier manner at later times

Page 46: Different types of attacks

VirusVirus

Definition◦ A virus is a small piece of software that

piggybacks on real programs in order to getexecuted◦ Once it’s running, it spreads by inserting

copies of itself into other executable code ordocuments

Page 47: Different types of attacks

Computer Virus TimelineComputer Virus Timeline 1949

Theories for self-replicating programs are first developed.-John von Newmann. 1981

Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild,” or in the public domain. Foundon the Apple II operating system, the viruses spread through Texas A&M via pirated computergames.

1983Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computerprogram that can affect other computer programs by modifying them in such a way as to include a(possibly evolved) copy of itself.”

1986Two programmers named Basit and Amjad replace the executable code in the boot sector of afloppy disk with their own code designed to infect each 360kb floppy accessed on any drive.Infected floppies had “© Brain” for a volume label.

1987The Lehigh virus, one of the first file viruses, infects command.com files.

1988One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13th, the virusaffects both .exe and .com files and deletes any programs run on that day.MacMag and the Scores virus cause the first major Macintosh outbreaks.

Page 48: Different types of attacks

General virus typesGeneral virus types While there are thousands of variations

of viruses, most fall into one of followinggenerl categories, each of which worksslightly differently.1. Boot sector virus2. Macro virus3. Multipartite virus4. Polymorphic virus5. Stealth virus6. E-mail viruses

Page 49: Different types of attacks

Boot Virus : Replaces or implants itself in theboot sector. This kind of virus can prevent youfrombeing able to boot your hard disk.

Macro Virus : Written using a simple macroprogramming language,these viruses affect MicrosoftOffice applicationssuch as word and excel. Adocument infected with a macro virus generallymodifies a pre-existing, common command(such assave) to triggerto trigger its payload upon execution of thatcommand.

Page 50: Different types of attacks

MultiparatiteVirus :Infects both files andboot sector--a double whammy that canreinfect your system dozen times before it'scaught.

Polymorphic Virus :Changes code whenever it passes to anothermachine

Page 51: Different types of attacks

Stealth Virus:Hides in presence by making an infectedfile not appear infected.

E-mail Virus :An e-mail virus moves around in e-mailmessages, and usually replicates itself byautomatically mailing itself dozens ofpeople in victims e-mail address book.

Page 52: Different types of attacks

Case studyCase study--Melissa VirusMelissa Virus March 1999 the Melissa virus was the fastest-

spreading virus ever seen Someone created the virus as a Word

document uploaded to an Internetnewsgroup

People who downloaded the documentand opened it would trigger the virus

The virus would then send the documentin an e-mail message to the first 50people in the person's address book

Page 53: Different types of attacks

Case studyCase study--Melissa VirusMelissa Virus

Took advantage of the programminglanguage built into Microsoft Word calledVBA (Visual Basic for Applications)

Page 54: Different types of attacks

PreventionPrevention

Updates Anti-Viruses More secure operating systems

e.g. UNIX

Page 55: Different types of attacks

WormsWorms

Worm – A worm is a computerprogram that has ability to copy itselffrom machine to machine. Wormsnormally move around and infect othermachines through computer networks.Worms eat up storage space and slowsdown the computer. But worms don’talter or delete files.

Page 56: Different types of attacks

Trojan horsesTrojan horses

A Trojean horse is simply a computerprogram that claims to do one thing (itmay claim to be a game) but instead doesdamage when you run it (it may eraseyour hard disk).

When loaded onto your machine, a Trojanhorse can capture information from yoursystem.

Page 57: Different types of attacks

Trojan horses(contd..)Trojan horses(contd..)

It allows a malicious hacker to remotelycontrol your computer.

Trojan horse has no way to replicateautomatically.

Page 58: Different types of attacks

ConclusionConclusion

Always use Anti-virus software. Scan external devices when connected to

computer. Enable firewall. Read carefully and then click a link.

Page 59: Different types of attacks

Queries???Queries???