Network Attacks. Common Network Attacks and Exploits



Similar documents
CYBERTRON NETWORK SOLUTIONS

Course Content: Session 1. Ethics & Hacking

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

Certified Ethical Hacker Exam Version Comparison. Version Comparison

CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE

Detailed Description about course module wise:

WiFi Security Assessments

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

CRYPTUS DIPLOMA IN IT SECURITY

Kali Linux Cookbook. Willie L. Pritchett David De Smet. Chapter No. 9 "Wireless Attacks"

Monitoring mobile communication network, how does it work? How to prevent such thing about that?

CS5008: Internet Computing

WIRELESS SECURITY TOOLS

MITM Man in the Middle

Wireless Networks. Welcome to Wireless

Ethical Hacking Course Layout

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Wireless Security: Secure and Public Networks Kory Kirk

Malicious Network Traffic Analysis

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

CEH Version8 Course Outline

Packet Sniffing on Layer 2 Switched Local Area Networks

Securing Cisco Network Devices (SND)

WEP WPA WPS :: INDEX : Introduction :

How To Classify A Dnet Attack

Network Security Fundamentals

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

Technical Brief. Wireless Intrusion Protection

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Hole196 Vulnerability in WPA2

Topics in Network Security

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Securing end devices


Building secure wireless access point based on certificate authentication and firewall captive portal

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Own your LAN with Arp Poison Routing

Enumerating and Breaking VoIP

Attacking Automatic Wireless Network Selection. Dino A. Dai Zovi and Shane A. Macaulay

Authentication in WLAN

Security Awareness. Wireless Network Security

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Chapter 8 Phase3: Gaining Access Using Network Attacks

TCP/IP Security Problems. History that still teaches

Man in the middle attacks

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

New Avatars of Honeypot Attacks on WiFi Networks

TIES327 Network Security (3-5 ECTS)

Section 12 MUST BE COMPLETED BY: 4/22

Sniffing in a Switched Network

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY

Penetration Test JSPLC. Contact: James, APS (CCNA, CEH) mail.biz

Course Outline: Certified Ethical Hacker v8. Learning Method: Instructor-led Classroom Learning

Threat Events: Software Attacks (cont.)

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Wireless LAN Pen-Testing. Part I

SONDRA SCHNEIDER JOHN NUNES

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA

Exam Questions SY0-401

COSC 472 Network Security

Ethical Hacking v7 40 H.

WIRELESS NETWORKING SECURITY

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

[CEH]: Ethical Hacking and Countermeasures

INFORMATION SECURITY TRAINING

FSP-201: Ethical Hacking & IT Security

Ethical Hacking and Countermeasures 5.0 Course ECEH5.0 5 Days COURSE OVERVIEW AUDIENCE OBJECTIVES OUTLINE

Chapter 8 Security Pt 2

1. LAB SNIFFING LAB ID: 10

Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems

SS7 & LTE Stack Attack

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security

hacking protocol insecurities

Audience. Pre-Requisites

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Certified Wireless Security Professional (CWSP) Course Overview

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

RMAR Technologies Pvt. Ltd.

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

Certified Ethical Hacker (CEH)

WLAN Security Networking with Confidence

Attack Frameworks and Tools

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Transcription:

Common and Exploits

AGENDA A Few Observations Hacker Resources Attack Categories Some Common Attacks Wireless Specific Attacks Wireless

Observations Because of Common Network Layers, Most of the Attacks in the Wired network will also Work against Wireless Clients Because of the nature of Radio, Locating a Hacker, a Rogue Access, or an Infected machine that is on wireless can be difficult Because of the nature of Radio, Preventing Access or Attacks can be difficult Rogue AP s and Rogue DHCP Servers Are Common Problems, but not necessarily malicious attacks Managing Access Points is Critical Wireless

Attack Categories DOS Attacks Denial of Service (Hard to Prevent, But These Draw Immediate Attention To The Attacker) Example: Flooding Attacks, Disassociation Attacks Disclosure Attacks Reading/Revealing Information Example: MITM Attacks Modification Attacks Changing Information Example: We just modified your HomePage! Destructive Attacks Escalation of Privilege Wireless

Attack Categories Network Security Architectures p.65 Sniffing: password grabbing Brute Force: password attempts Buffer Overflows: httpd, ftpd, rpc/dcom Spoofing Attacks: forging IP/MAC/Etc. Flooding: SYN, UDP, ICMP Flooding Redirection: using ICMP, ARP, STP, MITM Attacks Anti-Virus: Worms, Viruses, Trojans Masquerading Social Engineering Wireless

We ll Look at Some of These In Detail Later Wireless

Hacker Resources Conferences Blackhat: http://www.blackhat.com/html/bh-media-archives/bharchives-2007.html DefCon: https://www.defcon.org/html/links/dc-archives.html ShmooCon: http://www.shmoocon.org/2007/presentations.html Magazines Hakin9: http://hakin9.org/prt/view/pdf-articles.html 2600, The Hacker Quarterly http://www.2600.com/ Wireless

Hacker Resources WebSites http://insecure.org/ The Home of NTOP packetstorm.offensive-security.com http://wirelessdefence.org/ The Home of AIRCRACK-NG http://80211.ninja.net AirJack/WlanJack The Websites in the Network Security Lecture! Wireless

Attacks In Detail Eavesdropping Attacks -- get MAC Address -- get IP Address -- get BaseStation Address -- sniff cleartext passwords and keys -- crack password hashes -- crack wep keys -- get SSIDs Wireless

Attacks In Detail DOS -- Denial of Service Attacks -- Radio Signal Interference -- AP Interference, example: steal MAC, steal IP -- Channel Hogging -- Disassociation Attacks -- Flooding Packets -- ARP Poising -- RST Packets -- Window Size Changes -- UDP Flooding -- ICMP Flooding -- BROADCAST Flooding Wireless

Attacks In Detail -- Masquerade Attacks Pretending that You are Someone Else! -- MAC Address Spoofing -- IP/MAC Address Spoofing -- DNS Attacks -- WPAD Web Proxy Hi-Jacking -- Website Spoofing -- Portal Spoofing Wireless

Attacks in Detail -- Social Engineering Attacks -- Phishing URLs, Type your Password Here -- E-mail Scams -- Telephone Scams -- Cell Phone SMS Scams Examples: A Fake Version of the University of Oregon Account Login Page SMS Phone Messages, saying: Call This Number At Once About Your Bank Account! Wireless

Common Attacks So What Kind of Attacks are We Seeing? Phishing Attacks, E-mail and Phone SMS XSS - Cross-Site-Scripting Attacks SQL Insertion Attacks PHP File Include Attacks Buffer Overflows P2P File Sharing Attacks Botnets SPAM Mail Relays Wireless

Common Attacks Phishing at the University of Oregon E-mail sent to 1000 s of users pointing to a Fake Version of the University of Oregon Account Login Page, Please Change your Account Information Immediately SMS Phone Messages, saying: Call This Number At Once About Your Bank Account! Wireless

Here s the Real Website Wireless

Here s The Phishing Website Wireless

Attacks In Detail Wireless

Attack Details I just got an SMS E-mail From My Bank!?! Wireless

Layer 2 Attacks ARP Poisoning Send an ARP with Forged MAC Address Wireless

MITM Attacks Man-in-the-Middle Attacks Usually a combination of more than one type of attack at once Can involve ARP Poisoning, ARP Masquerading, and Forwarding Can also include Masquerading as a Website, as an SSL Website, or an SSH Host Wireless

MITM Attacks See Also: Ettercap Authors, BlackHat 2003 Alberto Ornaghi <alor@antifork.org> Marco Valleri <naga@antifork.org> Man in the middle attacks Demos Blackhat Conference - USA 2003 1 Wireless

MITM Step 1: Get the Victim Talking To You Step 2: Get the Target Talking To You Step 3: Sniff the Traffic and Forward the Packets You receive on Each Side Sometimes the goal is just to sniff traffic. Other times, the goal is to Masquerade as a real service, and capture username/password credentials Wireless

MITM There Are Tools that Do All of This For You dsniff arpspoof sshmitm webmitm ettercap it s built for this, with extra bells as well we will try this in our lab Windows: Cain & Abel A Windows Version MITM Tool Wireless

AIRCRACK Active Development Going On Here Tools for Cracking WEP, LEAP, Etc. Generalized Tools for Packet Forgery Multiple Tools Aircrack, Airodump, Aireplay, Airdecap Wireless

AirCrack Airodump Captures the Initialization Vectors (IV) of WEP Keys IVs are fed to Aircrack for WEP Key cracking % airodump wlan0 capture1 10 (Interface=wlan0, filename=capture1, channel=10) % airodump eth1 testfile 6 1 (Interface=eth1, filename=testfile, channel=6, only captured IVs saved) % airodump ath0 alpha 0 (Interface=ath0, filename=alpha, channel hopping mode) Aircrack Using input from Airodump, crack WEP keys % aircrack -a 1 -n 64 capture1-01.cap % aircrack -q -b 00:06:25:BF:46:06 -n 128 -f 4 testfile-01.cap % aircrack -a 2 -w passwords.txt capture1-01.ca Wireless

AirCrack Aireplay Disassociate Clients/APs to discover SSID Capture with Airodump during attack Requires 1 Disassocation Packet to get SSID Can also Produce WPA Handshake Capture % airodump [interface] [filename] [channel] % aireplay -0 1 -a 11:11:11:11:11:11 -c 22:22:22:22:22:22 [interface] % aireplay -0 15 -a 11:11:11:11:11:11 -c 22:22:22:22:22:22 [interface] Airedecap Decrypt WEP data file captures Decrypt WPA data file captures % airdecap -w 866578388f517be0b4818a0db1 WEP-capture-01.cap % airdecap -e cuckoo -p sausages wpa-test.cap Arpforge Wireless

AP Attacks Attacking the Lower Layer of the AP Association This is the Layer Underneath the MAC Layer Sending Disassociate Frames to the Client These are called Radio Managment Frames This is part of the WEP Key Attacks We ll do this in our Lab using % aireplay See also: % void11, % airjack, % wlanjack Wireless

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information