SysSec 7 Network Security. Aurélien Francillon

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SysSec 7 Network Security. Aurélien Francillon"

Transcription

1 SysSec 7 Network Security Aurélien Francillon

2 News of the week 2

3

4 Overview Reconnaissance: discovering topology and servers Using network tools Fingerprinting Offensive Man In The Middle attacks, Bugs, Attacks on routing Bypassing network restrictions, Denial of service 4

5 Network Reconnaissance

6 Reconnaissance Network reconnaissance is always a first step Nmap, Hping2 Netcat Understanding open/filtered ports What services are running Discovering machines 6

7 Reconnaissance Network reconnaissance is always a first step Public databases always a good start whois iseclab.org dig iseclab.org whois Zone transfers? If very lucky: dig axfr See 7

8 Reconnaissance Robtex : the Internet swiss army knife GeoIP: approximate physical location of an IP address More accurate solutions exist Finger directory service to provide information about users Almost not used anymore 8

9 Scanning Basics : Send TCP Syn packet Closed port: reply with a RST Open port: reply with Syn/Ack Filtered port: nothing back or ICMP error packet nmap -A -T4 scanme.nmap.org Smarter techniques : OS Detection Idle Scan 9

10 Idle Scan 2 main purposes: Stealth Reconnaissance Port may be blocked for you on server Maybe not for the zombie? Idle scan allows to discover this 10

11 Scanning for vulnerabilities directly Nessus / OpenVAS Has a list of test for discovering daemon type, version, kind of service, options set etc Has a list of vulnerabilities associated Will check that automatically and generate reports Client/server side can be programmed to run regularly Useful for Network administrators to check for vulnerabilities on the network Lazy attackers to find an attack point! 11

12 Routing AS etc... Internet is a set of Autonomous Systems (AS) e.g. Renater, France Telecom, Proxad (free) They are interconnected by links between their routers BGP is the protocol that is used to know on which links to send packets depending on their destination Some of the BGP/AS information is publicly available Whois records Looking glass 12

13 Network Attacks

14 Denial of Service Attacks DoS is an attack that aims at disrupting a service such that none of the customers can enjoy the services The consequence of flooding or vulnerability attacks Flooding : an attack that consumes the application resources at such a rate that the service becomes unresponsive In a vulnerability attack, a vulnerability cause the application to crash or go to an infinite loop How common is DoS? Answer: Very common Research showed ~4,000 reported attacks in a week (and most attacks go unreported) How likely are you to be victim of DoS? A report showed 25% of large companies suffer DoS attacks at some point 14

15 Denial of Service Attacks DDoS Distributed Denial of Service Attacking machines are called daemons, slaves, zombies or agents. Zombies are usually poorly secured machines that are exploited Machines that control and command the zombies are called masters or handlers. Attacker would like to hide trace: He hides himself behind machines that are called stepping stones 15

16

17 Denial of Service Amplification A DoS attacker may look for Network reflectors: To hide source of the attack Prevent blocking it e.g. ICMP reply to forged source address Network amplifiers To perform efficient DoS Find a service that replies N packets when 1 packet is sent with forged source This will amplify the DoS 17

18 Denial of Service Amplification Examples SYN flood with forged source address Smurf attack : e.g. send a ping packet to a broadcast address (x.x.x.255) DNS can generate many requests when the server is asked about a record not in cache DNSSec packets much larger 18

19 Denial of Service Attacks Web applications are particularly susceptible to denial of service attacks A web application can t easily tell the difference between an attack and ordinary traffic Because there is no reliable way to tell from whom an HTTP request is coming from, it is very difficult to filter out malicious traffic. Slashdotted effect Most web servers can handle several hundred concurrent users under normal use, but a single attacker can still generate enough traffic from a single host to swamp many applications Defending against denial of service attacks is difficult and only a small number of limited solutions exist 19

20 Who are the attackers? Research has shown that the majority of attacks are launched by script-kiddies Such attacks are easier to detect and defend against Kids use readily available tools to attack E.g. LOIC tool Some DoS attacks, however, are highly sophisticated and very difficult to defend against 20

21 Denial of Service Attacks: Defenses IP layer Drop IP connections from a list of IP addresses, Put in list those that send too many Syn Firewall : rate limiting, broadcast packets... Reroute BGP to a provider with lots of bandwidth; e.g. Spamhaus Event:

22 Denial of Service Attacks: Defenses HTTP layer Change the DNS to a CDN (Content Distribution Network) With a lot of bandwidth Caches HTTP requests Applies filtering rules (OWASP) e.g., Akamai: ml Limit complex requests in complexity per IP 22

23 Denial of Service Attacks: Other Defenses Use a CAPTCHA if a human is expected to interact But they are annoying and not that hard to guess by machines after all Use a Cryptographic Puzzle : Some challenges are slow to compute by the client fast but to verify by the Server Sent by the server to the client before handling any further request Not very efficient against DDoS Make sure your hosts are patched against DoS vulnerabilities Anomaly detection and behavioral models Ingress filtering Firewall : rate limiting, broadcast packets 23

24 TCP connection-hijacking A bit old-school Was used by Kevin Mitnick in 1995 Attack on RSH to gain access on a server With control of a computer on the network Principle of the attack: Impersonate a computer with IP spoofing TCP sequence number guessing to send packets while ignoring responses DoS the spoofed machine to avoid the spoofed machine to reset the connection 24

25 TCP connection-hijacking: RSH Remote Shell Ancestor of SSH Can be configured to allow/deny connection based on: Remote username IP address No crypto in place... but hijacking an IP address is not easy. 25

26 TCP connection-hijacking: TCP

27 TCP connection-hijacking: TCP 3-way handshake Establishing a connection Source: 27

28 TCP connection-hijacking: TCP Syn-flooding Server keeps a state for each opening connection in a buffer This buffer has a limited size Server Client SYN SYN/ACK 28

29 TCP connection-hijacking: IP Spoofing Sending packets with spoofed IP address is as simple as forging source IP in a crafted packet Usually requires root (raw socket) MAC / IP address forging May be blocked by the switch / ISP Called Ingress filtering Packets with forged IP address Easy to send But no response received Is it still possible to exploit it?

30 IP address spoofing Can be used directly to exploit stateless protocols e.g., based only on UDP But on TCP how do we perform the 3-way handshake? We don't receive the response packets As we don't control the return path... How to guess the seq nr / prevent spoofed host to respond

31 Mitnick attack DoS Server Send packets to target guessing sequence numbers If guess is OK packets are accepted Replies will go to server Not seen by attacker Server DoS'ed will not send an error msg Used to send command over RSH echo + + >>/.rhosts Access to target gained!

32

33 ARP Poisoning ARP is a protocol to map MAC address to IP address on Ethernet: Who has <IP>? <IP> is at <mac> Needed to know where to send IP packets over Ethernet This can be abused to inject a wrong MAC address <=> IP address association Perform a Man in the Middle on a switched Ethernet network

34 ARP Poisoning

35 Source routing The route taken by TCP/IP packets is determined by router's routing tables Source routing allows to bypass this Specify the path that packets should take E.g., Authorized host can specify path Auth host A C D Server Auth host A B D Server

36 Source routing This allows an attacker to Discover network Have its packets go trough a specific network path Bypass IP address rules (TCP wrappers ) Access computers behind a NAT / private address space Solution : always disallow source routing, works :)

37 DNS Domain Name Service Maps host names to IP addresses on the Internet Makes Internet more user friendly A distributed system Root servers are at fixed IP The hints file They provide IP addresses of TLD servers Top Level Domains (.com,.net,.org ) DNS servers provide IP addresses for domains Etc... 37

38 DNS Their security is very important Integrity of DNS responses Availability SSL certificates certifies hostnames not IP addresses No DNS no Internet :( Scalability Extensive Caching 38

39 Recursive DNS Request 39

40 Recursive DNS Request 40

41 Recursive DNS Request 41

42 Recursive DNS Request 42

43 Recursive DNS Request 43

44 Recursive DNS Request 44

45 Recursive DNS Request 45

46 Recursive DNS Request 46

47 Recursive DNS Requests Record obtained from DNS architecture the first time Will remain in cache until TTL timeout This record must not be corrupted 47

48 Kaminsky Attack I 2007 Dan Kaminsky found a serious issue Almost all DNS servers implementations were vulnerable to cache poisoning Allow to insert malicious information in a cache server Attacker controlled glue records Allows to forge DNS server for a domain in the cache 48

49 Cache poisoning attacks How do we know the response received is actually received as a reply to a query? Rely on transaction serial number Can be predicted by attacker? 49

50 Normal DNS Request 50

51 Basic Poisoning Attack Overview

52 DNS Cache poisoning Query ID can be guessed... Solution? So they should be random? with good random number generators! Randomize the Query ID 16-bit field 64k possibilities An attacker has large chances to fail When it fails the targeted record is loaded in cache 52

53 Glue records There is a chicken and Egg problem in the DNS System, e.g.: Q: Who is the NS for domain.com? R: ns.domain.com We need a Glue record Glue records are used when name server is a host of that domain and provide IP address Q: Who is the NS for domain.com? R: ns.domain.com and it is at a.b.c.d 53

54 Kaminsky Attack Glue records are cached as well, What if we poison a glue record? Completely owns the domain, can forge any hostname of that domain. Query ID randomization? A failed attempt is not a problem, so we can try many times! 54

55 Kaminsky Attack Wrap-up

56 DNS cache poisoning Very damaging attacks, Mitigations: Cache servers should not face the Internet e.g. not be at the same time a cache server and an authoritative server for a domain Randomize : Query ID Source port Host name capitalization DNSsec : authenticated DNS records

57 The Border Gateway Protocol :: The art of building the Internet The Internet is divided into thousands of smaller networks called Autonomous Systems (ASes) administered by a single entity (e.g., an Internet Service Provider, a company, a university) AS3 AS1 AS5 AS4 AS2

58 The Border Gateway Protocol :: The art of building the Internet Each AS owns or is responsible for managing a set of network IP addresses (e.g., AS3 is responsible for the IP address block /16) / / /16 AS3 AS1 AS5 AS4 AS / / / /24

59 The Border Gateway Protocol :: The art of building the Internet The Border Gateway Protocol (BGP) allows ASes to interconnect with each other by exchanging network IP address block reachability information BGP glues ASes together to form the Internet / / /16 AS3 AS1 AS5 AS4 AS /8 physical link BGP message / / /24

60 The Border Gateway Protocol :: The art of building the Internet The Border Gateway Protocol (BGP) allows ASes to interconnect with each other by exchanging network IP address block reachability information BGP glues ASes together to form the Internet AS3 to AS1,AS4: I am AS3 and I am responsible for /16! / / /16 AS3 AS1 AS5 AS4 AS /8 physical link BGP message / / /24

61 The Border Gateway Protocol :: The art of building the Internet The Border Gateway Protocol (BGP) allows ASes to interconnect with each other by exchanging network IP address block reachability information BGP glues ASes together to form the Internet / / /16 AS3 AS1 AS5 AS1 to AS2: AS3 told me he is responsible for /16! AS4 AS /8 physical link BGP message / / /16 AS4 to AS2,AS5: AS3 told me he is responsible for /16!

62 The Border Gateway Protocol :: The art of building the Internet The Border Gateway Protocol (BGP) allows ASes to interconnect with each other by exchanging network IP address block reachability information BGP glues ASes together to form the Internet / / /16 AS3 AS1 AS5 AS4 AS / / / /8 All networks on the Internet can eventually talk to each other!

63 The Border Gateway Protocol :: The art of building the Internet BGP messages record the path of ASes they go through to avoid routing loops INTERNET Network: /24 AS path : AS702,AS35289 Network: /24 AS path : AS5466,AS35289 AS5466 Eircom Ltd Network: /24 AS path : AS35289 BGP message AS702 Verizon AS35289 Symantec Ltd /24 Network: /24 AS path : AS35289

64 The Border Gateway Protocol :: The art of building the Internet Inter-AS links reflect the business relationships between their respective owner (e.g., some provide transit connectivity to the Internet to their customers) INTERNET (UPSTREAM) TRANSIT AS5466 AS702 Eircom Ltd Verizon PROVIDERS CUSTOMER AS35289 Symantec Ltd /24

65 BGP hijacking :: The art of breaking the Internet CAUSES The injection of erroneous network reachability information into BGP Trust-based exchange of network reachability information No widely deployed security mechanism yet EFFECTS Blackhole (e.g., Youtube hijack by Pakistan Telecom) Impersonation (e.g., Spamhaus hijack) MITM (e.g., BGP MITM [1]) of the victim network EXPLANATIONS Router misconfiguration, operational fault (e.g., AS7007 incident [2]) Malicious intent? [1] Stealing The Internet An Internet-Scale Man In The Middle Attack (Defcon 2008) [2]

66 BGP hijack incidents that made the headlines

67 BGP hijack incidents that made the headlines RENESYS 1,500 MITM (TRAFFIC INTERCEPTION) HIJACKS IN 2013

68 BGP hijack incidents that made the headlines RENESYS 1,500 MITM (TRAFFIC INTERCEPTION) HIJACKS IN 2013 ISC SEVERAL BANKS TARGETED BY BGP HIJACKS

69 BGP hijack incidents that made the headlines RENESYS 1,500 MITM (TRAFFIC INTERCEPTION) HIJACKS IN 2013 ISC SEVERAL BANKS TARGETED BY BGP HIJACKS BGPmon.net BGP HIJACK ATTACK AGAINST ANTI-SPAM COMPANY SPAMHAUS

70 BGP hijack incidents that made the headlines? MALICIOUS! BENIGN!

71 BGP hijacks :: Separate the wheat from the chaff Identifying BGP hijacks is challenging BGP hijacks look similar to some legitimate BGP engineering practices lack of ground truth information, only the owner of a network can precisely diagnose routing events related to his network

72 Case I :: BGP blackhole DoS of the victim network similar to Youtube hijack Here is an example INTERNET Network: /25 Network: /25 AS path : ASX,AS35289 AS5466 Eircom Ltd ASX ispam Inc BGP message AS702 Verizon AS35289 SYMANTEC Symantec Ltd NETWORK IS /24 BLACKHOLED

73 Case II : BGP impersonation Fly-by spammers CONJECTURE Spammers would use BGP hijacking to send spam from the stolen IP space and evade spam sender blacklists BGP spectrum agility : short-lived (< 1 day) spam networks [3] POTENTIAL EFFECTS Misattribute attacks launched from hijacked networks due to hijackers stealing IP identity Spam filters heavily rely on IP reputation as a first layer of defense [3] Understanding the Network-level Behavior of Spammers (SIGCOMM 2006)

74 Fly-by spammers :: Hijack signature Hijacked networks are dormant IP address blocks, i.e., by the time the networks are hijacked they have been left unadvertised by their owner advertised for a rather short period of time AS hijack: prefix is advertised in BGP from an apparently legitimate AS but via a presumably illegitimate upstream provider AS Prefix hijack: prefix is advertised in BGP from an apparently rogue AS but via a presumably legitimate upstream provider AS

75 Fly-by spammers :: AS hijack illustration spam spam INTERNET Network: A.B.C.D/E AS path : ASX,ASY BGP message A.B.C.1 A.B.C.255 ASX ispam Inc ILLEGITIMATE (UPSTREAM) TRANSIT PROVIDER AS ASY Owner of A.B.C.0/24 LEGITIMATE AS A.B.C.0/24

76 Fly-by spammers :: case study IP prefixes are only announced when spam is received! Few blacklisted spam sources at the time of the BGP announcements!

77 Case III :: BGP Man-In-The-Middle Step 1: discover path between AS_Mallory (attacker) and AS_Alice (victim) AS_Mallory AS_D AS_A AS_Alice Step 2: advertise more specific prefix /24 and secure backup route (P) Step 3: adjust TTLs (ultimate stealth!) Stealing The Internet An Internet-Scale Man In The Middle Attack (Defcon 2008)

78 Securing BGP? Security extensions to BGP e.g., RPKI, ROVER Similar to DNSSEC for DNS Deployment is expansive BGP monitoring Analyze BGP updates and trigger alarm upon abnormal routing change, e.g., BGP hijack e.g., BGPmon.net, Renesys (Dyn), UCLA Cyclops BGP best current practices e.g., Customer routes filtering Seldom followed by network operators

79 Conclusion Network attack and defense Can be surprisingly easy Many countermeasures known already And many are in place on most networks Still some very difficult attacks to solve and countermeasures to deploy DoS DNSsec

A1.1.1.11.1.1.2 1.1.1.3S B

A1.1.1.11.1.1.2 1.1.1.3S B CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security

More information

CS 356 Lecture 16 Denial of Service. Spring 2013

CS 356 Lecture 16 Denial of Service. Spring 2013 CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

co Characterizing and Tracing Packet Floods Using Cisco R

co Characterizing and Tracing Packet Floods Using Cisco R co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1

More information

Security of IPv6 and DNSSEC for penetration testers

Security of IPv6 and DNSSEC for penetration testers Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto, Ramin Sadre Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attack Taxonomy Many different kind of

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

Denial of Service Attacks

Denial of Service Attacks 2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,

More information

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright

More information

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Keyur Chauhan 1,Vivek Prasad 2 1 Student, Institute of Technology, Nirma University (India) 2 Assistant Professor,

More information

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7

20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7 20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic

More information

A Very Incomplete Diagram of Network Attacks

A Very Incomplete Diagram of Network Attacks A Very Incomplete Diagram of Network Attacks TCP/IP Stack Reconnaissance Spoofing Tamper DoS Internet Transport Application HTTP SMTP DNS TCP UDP IP ICMP Network/Link 1) HTML/JS files 2)Banner Grabbing

More information

DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008

DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008 DNS Cache Poisoning Vulnerability Explanation and Remedies Viareggio, Italy October 2008 Kim Davies Internet Assigned Numbers Authority Internet Corporation for Assigned Names & Numbers Agenda How do you

More information

OSI Transport layer. Dr. Luca Allodi - Network Security - University of Trento, DISI (AA 2015/2016)

OSI Transport layer. Dr. Luca Allodi - Network Security - University of Trento, DISI (AA 2015/2016) OSI Transport layer Dr. Luca Allodi - Network Security - University of Trento, DISI (AA 2015/2016) 1 Transmission Control Protocol (TCP) IP can only be used to send datagrams chunks or streams of information

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013 the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point

More information

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:

More information

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

Content Distribution Networks (CDNs)

Content Distribution Networks (CDNs) 229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno CSE 490K Lecture 14 Botnets and Spam Tadayoshi Kohno Some slides based on Vitaly Shmatikov s Botnets! Botnet = network of autonomous programs capable of acting on instructions Typically a large (up to

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto (with material from Ramin Sadre) Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attacks! Many different

More information

SECURING APACHE : DOS & DDOS ATTACKS - I

SECURING APACHE : DOS & DDOS ATTACKS - I SECURING APACHE : DOS & DDOS ATTACKS - I In this part of the series, we focus on DoS/DDoS attacks, which have been among the major threats to Web servers since the beginning of the Web 2.0 era. Denial

More information

ICMP Protocol and Its Security

ICMP Protocol and Its Security Lecture Notes (Syracuse University) ICMP Protocol and Its Security: 1 ICMP Protocol and Its Security 1 ICMP Protocol (Internet Control Message Protocol Motivation Purpose IP may fail to deliver datagrams

More information

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic

More information

Security: Attack and Defense

Security: Attack and Defense Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at

Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will

More information

Denial Of Service. Types of attacks

Denial Of Service. Types of attacks Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service

More information

TDC s perspective on DDoS threats

TDC s perspective on DDoS threats TDC s perspective on DDoS threats DDoS Dagen Stockholm March 2013 Lars Højberg, Technical Security Manager, TDC TDC in Sweden TDC in the Nordics 9 300 employees (2012) Turnover: 26,1 billion DKK (2012)

More information

Secure Software Programming and Vulnerability Analysis

Secure Software Programming and Vulnerability Analysis Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview

More information

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security

More information

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Signature based IDS systems use these fingerprints to verify that an attack is taking place. The problem with this method

More information

Outline. Outline. Outline

Outline. Outline. Outline Network Forensics: Network Prefix Scott Hand September 30 th, 2011 1 What is network forensics? 2 What areas will we focus on today? Basics Some Techniques What is it? OS fingerprinting aims to gather

More information

TCP/IP Security Problems. History that still teaches

TCP/IP Security Problems. History that still teaches TCP/IP Security Problems History that still teaches 1 remote login without a password rsh and rcp were programs that allowed you to login from a remote site without a password The.rhosts file in your home

More information

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce 18/02/15 Networks: DNS attacks 1 Domain Name System The domain name system (DNS) is an applica>on- layer protocol

More information

CSE 127: Computer Security. Network Security. Kirill Levchenko

CSE 127: Computer Security. Network Security. Kirill Levchenko CSE 127: Computer Security Network Security Kirill Levchenko December 4, 2014 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties

More information

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad

More information

Lecture 6: Network Attacks II. Course Admin

Lecture 6: Network Attacks II. Course Admin Lecture 6: Network Attacks II CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Adopted from previous lectures by Keith Ross, and Gene Tsudik Course Admin HW/Lab 1 We are grading (should return

More information

CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE

CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE Due to the encouraging feedback this series of articles has received, we decided to explore yet another type of cyber intrusionthe Man In The Middle (MITM)

More information

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance

More information

Denial of Service Attacks

Denial of Service Attacks (DoS) What Can be DoSed? First Internet DoS Attack The TCP State Diagram SYN Flooding Anti-Spoofing Better Data Structures Attacking Compact Data Structures Generic Solution SYN Cookies It s Not Perfect

More information

DDoS Protection Technology White Paper

DDoS Protection Technology White Paper DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of

More information

Acquia Cloud Edge Protect Powered by CloudFlare

Acquia Cloud Edge Protect Powered by CloudFlare Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....

More information

DNS Best Practices. Mike Jager Network Startup Resource Center mike@nsrc.org

DNS Best Practices. Mike Jager Network Startup Resource Center mike@nsrc.org DNS Best Practices Mike Jager Network Startup Resource Center mike@nsrc.org This document is a result of work by the Network Startup Resource Center (NSRC at http://www.nsrc.org). This document may be

More information

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service

More information

CloudFlare advanced DDoS protection

CloudFlare advanced DDoS protection CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com

More information

Gaurav Gupta CMSC 681

Gaurav Gupta CMSC 681 Gaurav Gupta CMSC 681 Abstract A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing Denial of Service for users of the

More information

Complete Protection against Evolving DDoS Threats

Complete Protection against Evolving DDoS Threats Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant What infrastructure security really means? Infrastructure Security is Making sure that your system services are always running

More information

Networks: IP and TCP. Internet Protocol

Networks: IP and TCP. Internet Protocol Networks: IP and TCP 11/1/2010 Networks: IP and TCP 1 Internet Protocol Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments

More information

How Cisco IT Protects Against Distributed Denial of Service Attacks

How Cisco IT Protects Against Distributed Denial of Service Attacks How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN

More information

MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN

MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN Kanika 1, Renuka Goyal 2, Gurmeet Kaur 3 1 M.Tech Scholar, Computer Science and Technology, Central University of Punjab, Punjab, India

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

Abstract. Introduction. Section I. What is Denial of Service Attack?

Abstract. Introduction. Section I. What is Denial of Service Attack? Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss

More information

Firewalls. Chapter 3

Firewalls. Chapter 3 Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border

More information

Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing CSEC 640

Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing CSEC 640 Contents Topic 1: Analogy... 2 TCP/IP: Understanding the Layers... 2 Topic 2: Module Introduction... 4 Topic 3: Domain Name System Basics... 5 Introduction to Domain Name System... 5 DNS Zones... 6 DNS

More information

Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering.

Today s outline. CSE 127 Computer Security. NAT, Firewalls IDS DDoS. Basic Firewall Concept. TCP/IP Protocol Stack. Packet Filtering. CSE 127 Computer Security Fall 2011 More on network security Todays outline NAT, Firewalls IDS DDoS Chris Kanich (standing in for Hovav) [some slides courtesy Dan Boneh & John Mitchell] TCP/IP Protocol

More information

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015 Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan April 23, 2015 1 / 24 Secure networks Before the advent of modern telecommunication network,

More information

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)

APNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10) APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &

More information

General Network Security

General Network Security 4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those

More information

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding? Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against

More information

CIT 480: Securing Computer Systems. TCP/IP Security

CIT 480: Securing Computer Systems. TCP/IP Security CIT 480: Securing Computer Systems TCP/IP Security Topics 1. Internet Protocol (IP) 2. IP Spoofing and Other Vulnerabilities 3. ICMP 4. Transmission Control Protocol (TCP) 5. TCP Session Hijacking 6. UDP

More information

DDoS Overview and Incident Response Guide. July 2014

DDoS Overview and Incident Response Guide. July 2014 DDoS Overview and Incident Response Guide July 2014 Contents 1. Target Audience... 2 2. Introduction... 2 3. The Growing DDoS Problem... 2 4. DDoS Attack Categories... 4 5. DDoS Mitigation... 5 1 1. Target

More information

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Rocky K. C. Chang The Hong Kong Polytechnic University Presented by Scott McLaren 1 Overview DDoS overview Types of attacks

More information

Network Security Fundamentals

Network Security Fundamentals APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6

More information

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS Eric Vyncke (@evyncke) Cisco Session ID: ARCH W01 Session Classification: Advanced Agenda Status of WorldWide IPv6 Deployment IPv6 refresher:

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business & Preventing (Distributed Denial of Service) A Report For Small Business According to a study by Verizon and the FBI published in 2011, 60% of data breaches are inflicted upon small organizations! Copyright

More information

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS 2002 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor

More information

DRDoS Attacks: Latest Threats and Countermeasures. Larry J. Blunk Spring 2014 MJTS 4/1/2014

DRDoS Attacks: Latest Threats and Countermeasures. Larry J. Blunk Spring 2014 MJTS 4/1/2014 DRDoS Attacks: Latest Threats and Countermeasures Larry J. Blunk Spring 2014 MJTS 4/1/2014 Outline Evolution and history of DDoS attacks Overview of DRDoS attacks Ongoing DNS based attacks Recent NTP monlist

More information

Seminar Computer Security

Seminar Computer Security Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example

More information

Network Security Workshop

Network Security Workshop Network Security Workshop Threat Pragmatics Fakrul (Pappu) Alam bdhub Limited fakrul@bdhub.com Targets Many sorts of targets: Network infrastructure Network services Application services User machines

More information

DOMAIN NAME SECURITY EXTENSIONS

DOMAIN NAME SECURITY EXTENSIONS DOMAIN NAME SECURITY EXTENSIONS The aim of this paper is to provide information with regards to the current status of Domain Name System (DNS) and its evolution into Domain Name System Security Extensions

More information

Announcements. No question session this week

Announcements. No question session this week Announcements No question session this week Stretch break DoS attacks In Feb. 2000, Yahoo s router kept crashing - Engineers had problems with it before, but this was worse - Turned out they were being

More information

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals Denial of Service Attacks Notes derived from Michael R. Grimaila s originals Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident

More information

Denial of Service. Tom Chen SMU tchen@engr.smu.edu

Denial of Service. Tom Chen SMU tchen@engr.smu.edu Denial of Service Tom Chen SMU tchen@engr.smu.edu Outline Introduction Basics of DoS Distributed DoS (DDoS) Defenses Tracing Attacks TC/BUPT/8704 SMU Engineering p. 2 Introduction What is DoS? 4 types

More information

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS

DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS : DDOS ATTACKS DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS 1 DISTRIBUTED DENIAL OF SERVICE OBSERVATIONS NTT is one of the largest Internet providers in the world, with a significant share of the world s

More information

The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0)

The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0) The Continuing Denial of Service Threat Posed by DNS Recursion (v2.0) US-CERT Summary US-CERT has been alerted to an increase in distributed denial of service (DDoS) attacks using spoofed recursive DNS

More information

Distributed Denial of Service (DDoS)

Distributed Denial of Service (DDoS) Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by

More information

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc. TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...

More information

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks Enabling Precise Defense against New DDoS Attacks 1 Key Points: DDoS attacks are more prone to targeting the application layer. Traditional attack detection and defensive measures fail to defend against

More information

9/15: Security problems with TCP/IP

9/15: Security problems with TCP/IP 9/15: Security problems with TCP/IP Scribe: Derek Leung The TCP and IP protocols have been a classic area of focus for network security owing to their ubiquity, age, and importance. Designed at a time

More information

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Agenda A couple of examples of network protocols that

More information

Network Security. Mobin Javed. October 5, 2011

Network Security. Mobin Javed. October 5, 2011 Network Security Mobin Javed October 5, 2011 In this class, we mainly had discussion on threat models w.r.t the class reading, BGP security and defenses against TCP connection hijacking attacks. 1 Takeaways

More information

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important Presented By: Holes in the Fence Dave Engebretson, Contributing Technology writer, SDM Magazine Industry Instructor in Fiber and Networking Prevention of Security System breaches of networked Edge Devices

More information

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24 Introduction to Computer Networks Lecture24 Network security (continued) Key distribution Secure Shell Overview Authentication Practical issues Firewalls Denial of Service Attacks Definition Examples Key

More information

Network Security. Computer Security & Forensics. Security in Compu5ng, Chapter 7. l Network Defences. l Firewalls. l Demilitarised Zones

Network Security. Computer Security & Forensics. Security in Compu5ng, Chapter 7. l Network Defences. l Firewalls. l Demilitarised Zones Network Security Security in Compu5ng, Chapter 7 Topics l Network AAacks l Reconnaissance l AAacks l Spoofing l Web Site Vulnerabili5es l Denial of Service l Network Defences l Firewalls l Demilitarised

More information

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services Firewalls What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services only authorized traffic is allowed Auditing and

More information

BREAKING HTTPS WITH BGP HIJACKING. Artyom Gavrichenkov R&D Team Lead, Qrator Labs ag@qrator.net

BREAKING HTTPS WITH BGP HIJACKING. Artyom Gavrichenkov R&D Team Lead, Qrator Labs ag@qrator.net BREAKING HTTPS WITH BGP HIJACKING Artyom Gavrichenkov R&D Team Lead, Qrator Labs ag@qrator.net ABSTRACT OVERVIEW OF BGP HIJACKING GLOBAL AND LOCAL HIJACKING HIJACKING A CERTIFICATE AUTHORITY MITIGATIONS

More information

CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems CIT 380: Securing Computer Systems Scanning CIT 380: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting 5. Vulnerability Scanning

More information

Strategies to Protect Against Distributed Denial of Service (DD

Strategies to Protect Against Distributed Denial of Service (DD Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics

More information

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software CEN 448 Security and Internet Protocols Chapter 19 Malicious Software Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

DNS security: poisoning, attacks and mitigation

DNS security: poisoning, attacks and mitigation DNS security: poisoning, attacks and mitigation The Domain Name Service underpins our use of the Internet, but it has been proven to be flawed and open to attack. Richard Agar and Kenneth Paterson explain

More information

Denial of Service (DoS) Technical Primer

Denial of Service (DoS) Technical Primer Denial of Service (DoS) Technical Primer Chris McNab Principal Consultant, Matta Security Limited chris.mcnab@trustmatta.com Topics Covered What is Denial of Service? Categories and types of Denial of

More information