Post on 13-Apr-2017
Slide 1
Bahir Dar UniversityBahir Dar institute of technology
Faculty of computingDepartment of computer science 4th year Section B
Computer Security Assignment Presentation
BY:-Tesfahunegn Minwuyelet
S
Date of Submission: 09/11/2016 GC.
Slide 2
SQL injection and SYN AttackContents
SQL injection Types of SQL injection (SQLi)Parameters to protection SYN Attack SYN flood defence categories10 Hacks that made headlines
Slide 3
SQL Injection is a technique where malicious users can inject SQL commands
into an SQL statement, via web page input. Injected SQL commands can alter SQL statement and
compromise the security of a web application. is a code injection technique, used to attack data-driven
applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
consists of insertion or "injection" of a SQL query via the input data from the client to the application.
The risk of SQL injection exploits is on the rise because of automated tools. In the past, the danger was somewhat limited because an exploit had to be carried out manually: an attacker had to actually type their SQL statement into a text box.
Slide 4
Types of SQL injection SQL Injection can be used in a range of ways to cause
serious problems. By levering SQL Injection, an attacker could bypass authentication, access, modify and delete data within a database. In some cases, SQL Injection can even be used to execute commands on the operating system, potentially allowing an attacker to escalate to more damaging attacks inside of a network that sits behind a firewall.
There are three types of SQLI In-band SQLi(Classic SQLI) Inferential SQLI Out-of –band SQLI
Slide 5
In-band sqli(classic sql) is the most common and easy-to-exploit of SQL
Injection attacks. it occurs when an attacker is able to use the
same communication channel to both launch the attack and gather results.
The two most common types of in-band SQL Injection are Error-based SQLi Union-based SQLi
Slide 6
Error-based SQLi is an in-band SQL Injection technique that relies on error messages thrown by the database server to obtain information about the structure of the database.
In some cases, error-based SQL injection alone is enough for an attacker to enumerate an entire database.
While errors are very useful during the development phase of a web application, they should be disabled on a live site, or logged to a file with restricted access instead.
Slide 7
Union-based SQLi Union-based SQLi is an in-band SQL injection technique that leverages the UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response
Slide 8
Inferential sqli (Blind sqli) unlike in-band SQLi, may take longer for an
attacker to exploit, however, it is just as dangerous as any other form of SQL Injection
commonly referred to as “blind SQ , no data is actually transferred via the web application and the attacker would not be able to see the result of an attack in-band L Injection attacks” because
The two types of inferential SQL Injection are Blind-boolean-based SQLi Blind-time-based SQLi.
Slide 9
Blind-boolean-based SQLi technique that relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.
even though no data from the database is returned.
This attack is typically slow (especially on large databases) since an attacker would need to enumerate a database, character by character.
Slide 10
Blind-time-based SQLi that relies on sending an SQL query to the
database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE.
even though no data from the database is returned.
This attack is typically slow (especially on large databases) since an attacker would need to enumerate a database character by character.
Slide 11
Out-of-band SQLi is not very common, mostly because it depends on
features being enabled on the database server being used by the web application
It occurs when an attacker is unable to use the same channel to launch the attack and gather results.
would rely on the database server’s ability to make DNS or HTTP requests to deliver data to an attacker
Such is the case with Microsoft SQL Server’s xp_dirtree command, which can be used to make DNS requests to a server an attacker controls; as well as Oracle Database’s UTL_HTTP package, which can be used to send HTTP requests from SQL and PL/SQL to a server an attacker controls.
Slide 12
SQL Injection Based on 1=1 is Always True SQL Injection Based on ""="" is Always True SQL Injection Based on Batched SQL Statements Parameters for protection Some web developers use a "blacklist" of words or characters to
search for in SQL input, to prevent SQL injection attacks. This is not a very good idea. Many of these words (like delete or drop) and characters (like semicolons and quotation marks), are used in common language, and should be allowed in many types of input. (In fact, it should be perfectly legal to input an SQL statement in a database field.) The only proven way to protect a web site from SQL injection attacks, is to use SQL parameters. SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.
Slide 13
SYN Attack A SYN flood is a form of denial-of-service attack in
which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
A SYN attack is a type of denial-of-service (DoS) attack in which an attacker utilizes the communication protocol of the Internet
For each SYN packet received, the target machine allocates resources and sends an acknowledgement (SYN-ACK) to the source IP address.
Because the target machine doesn't receive a response from the attacking machine, it attempts to resend the SYN-ACK five times, at 3-, 6-, 12-, 24-, and 48-second intervals, before un allocating the resources 96 seconds after attempting the last retry
Slide 14
Continue… The SYN flood attack is the most common type of
flooding attack. The attack occurs when the attacker sends large number of SYN packets to the victim, forcing them to wait for replies that never come. The third part of the TCP three-way handshake is not executed
The source address of these SYN packets in a SYN flood attack is typically set to an unreachable host. As a result, it is impossible to find the attacking computer.
Slide 15
SYN flood defense categories Firewall based
• Examples: SYN Defender, SYN proxying• Filters packets and requests before router• Maintains state for each connection• Drawbacks: can be overloaded, extra delay for processing each packet
Slide 16
Continue… Server Based
• Examples: SYN Cache, SYN cookies• SYN cache receives packets first and then uses a hash table, to partially store states, • Removes the need to watch half open connections• Implemented in LINUX
Slide 17
Continue… SYN kill
SYN kill monitors the network and if it detects SYNs that are not being acknowledge.
It automatically generates RST packets to free
It automatically generates RST packets to free resources,
It classifies addresses as likely to be spoofed or legitimate…
Slide 18
Continue… MULTOPS
Monitors the packets going to and from a victim
Blocks IPs from outside of network… limiting IP range of attack.
Slide 19
Continue… Route-based Distributed Packet filtering
Uses packet information to determine if packet arriving at router has a spoofed Source /Destination addresses
Results show many packets can be filtered and those that can’t can be traced back easily
Slide 20
10 HACKS THAT MADE HEADLINES Markus Hess hacks on behalf of the KGB Robert Morris hacks the internet Vladimir Levin hacks Citibank Jonathon James hacks NASA Adrian Lamo hacks the New York Times Gary McKinnon hacks the US military Albert Gonzalez hacks TJX (and many more) Anonymous hacks HB Gary Lulzsec hacks Sony News of the World hacking scandal
Microsoft Word Document