Documente Academic
Documente Profesional
Documente Cultură
OUTLINE
Social Engineering
Network Attack
SOCIAL ENGINEERING
A Quote from Kevin Mitnick
Phishing
Impersonation on help desk calls
Physical access (such as tailgating)
Shoulder surfing
Dumpster diving
Stealing important documents
Phishing
Tailgating
Ultimately obtains unauthorize building access
Prevention
Require badges
Employee training
Security officers
No exceptions!
Shoulder surfing
10.0.0.1
00:00:00:00:00:01
10.0.0.3
00:00:00:00:00:03
IIT Indore Neminath Hubballi
How ARP Works?
10.0.0.2
00:00:00:00:00:02
10.0.0.1
00:00:00:00:00:01
10.0.0.3
00:00:00:00:00:03
IIT Indore Neminath Hubballi
ARP Cache Stores IP-MAC Pairs
10.0.0.2
00:00:00:00:00:02
10.0.0.1
00:00:00:00:00:01
ARP Spoofing
Man-in-the-Middle Attack
Denial-of-Service Attack
10.0.0.3
00:00:00:00:00:03 I have IP 10.0.0.3
My MAC is 00:00:00:00:00:02
Victim
Target
10.0.0.1 10.0.0.2
00:00:00:00:00:01 00:00:00:00:00:02
10.0.0.2
00:00:00:00:00:02
10.0.0.1
00:00:00:00:00:01
Attacker
10.0.0.3
00:00:00:00:00:03
IP MAC TYPE
IIT Indore 10.0.0.2
Neminath Hubballi 00:00:00:00:00:01 dynamic
23
Denial of Service Stops Legitimate
Communication
A malicious entry with a non-existent MAC address can lead to a
DOS attack
Victim
10.0.0.3 I have IP 10.0.0.3
00:00:00:00:00:03 My MAC is XX:XX:XX:XX:XX:XX
Target
Attacker
IP MAC TYPE
10.0.0.3 XX:XX:XX:XX:XX:XX dynamic
IIT Indore Neminath Hubballi 24
Denial of Service Stops Legitimate
Communication
Victim unable to reach the IP for which the forged packet was
sent by the attacker
Victim
10.0.0.1
10.0.0.2
00:00:00:00:00:01
00:00:00:00:00:02
Attacker
IP MAC TYPE
10.0.0.3 XX:XX:XX:XX:XX:XX dynamic IIT Indore Neminath Hubballi
MAC Flooding Degrades Network
Performance
Attacker bombards the switch with numerous forged ARP packets
at an extremely rapid rate such that its CAM table overflows
10.0.0.1
00:00:00:00:00:01
PORT MAC
Attacker 1 00:00:01:01:01:01
2 00:00:02:02:02:02
.
.. .
IIT Indore Neminath Hubballi 26
DoS by Spurious ARP Packets
Attacker sends numerous spurious ARP packets at the victim
such that it gets engaged in processing these packets
Victim
10.0.0.1
Spurious ARP Packets
00:00:00:00:00:01
Attacker
Busy
Processing
IIT Indore Neminath Hubballi
LABS TIME
Objectives
Each time a TCP message is sent the client or the server generates
a sequence number. The attacker intercepts and then responds
with a sequence number similar to the one used in the original
session. This attack can then hijack or disrupt a session. If a valid
sequence number is guessed the attacker can place himself
between the client and the server. The attacker gains the
connection and the data from the legitimate system.
TCP Hijacking
Ping for instance, that uses the ICMP protocol. sPing is a good
example of this type of attack, it overloads te server with more
bytes than it can handle, larger connections. Its ping flood.
SMURF ATTACK
ICMP can contain data about timing and routes. A packet can be
used to hold information that is different from the intended
information. This allows an ICMP packet to be used as a
communications channel between two systems. The channel can
be used to send a Trojan horse or other malicious packet. The
counter measure is to deny ICMP traffic on your network.
APPLICATION LAYER
Cookie protocol problems
Server is blind:
Does not see cookie attributes (e.g. secure, HttpOnly)
Does not see which domain set the cookie
<iframe src=x.com/B"></iframe>
alert(frames[0].document.cookie);
53
Session hijacking
Attacker waits for user to login
Client user agent: weak defense against theft, but doesnt hurt.
1. Launch Wireshark
2. From the wireshark menu bar,
select capture interfaces
(Ctrl+I)
3. In the Wireshark capture interfaces dialog box, find and select
the Ethernet Driver Interface that is connected to the system, and
then click start.
4. Switch to virtual machine and login to your email.
5. You may save the captured packets from file save as.
6. In Find by...
QUESTION