ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a...
-
Upload
charla-daisy-bryant -
Category
Documents
-
view
218 -
download
2
description
Transcript of ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a...
![Page 1: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/1.jpg)
ACM Conference on Computer and Communications Security 2006
Puppetnet: Misusing web browsers as a distributed attack infrastructure
Network SeminarPresenter: Chen Chih-Ming
![Page 2: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/2.jpg)
2
Outline
IntroductionTermDesign and AnalysisDefensesRelated workConcluding remarks
![Page 3: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/3.jpg)
3
Term
Puppetnet code Infected ServerPuppet clientVictim
![Page 4: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/4.jpg)
4
Introduction
To coerce web browsers to participate in malicious activities
Not heavily dependent on the exploitation of specific flaws
Not control over participating nodes completely
Dynamic, short live target Indirect attack
![Page 5: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/5.jpg)
5
Design and Analysis
DDoSWorm propagationReconnaissance probesProtocol other than HTTPExploiting cookie-authenticatedDistributed malicious computation
s
![Page 6: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/6.jpg)
6
DDoS
Hidden frameJavaScript loopEmbed objectCache
Add GETConnect limit of browser
Use different host name
![Page 7: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/7.jpg)
7
![Page 8: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/8.jpg)
8
![Page 9: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/9.jpg)
9
![Page 10: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/10.jpg)
10
![Page 11: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/11.jpg)
11
![Page 12: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/12.jpg)
12
Worm propagation
Code RedAttack IIS server
Infecting processServerViewerVictim
![Page 13: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/13.jpg)
13
![Page 14: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/14.jpg)
14
![Page 15: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/15.jpg)
15
![Page 16: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/16.jpg)
16
![Page 17: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/17.jpg)
17
Reconnaissance probes
Timing attack
![Page 18: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/18.jpg)
18
![Page 19: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/19.jpg)
19
![Page 20: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/20.jpg)
20
![Page 21: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/21.jpg)
21
Protocol other than HTTP
SMTP IRC
Trigging botnet
![Page 22: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/22.jpg)
22
Exploiting cookie-authenticated
Web mailSend victim’s mail to attacker
![Page 23: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/23.jpg)
23
Distributed malicious computations
JavaScript or AppletCrack password
![Page 24: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/24.jpg)
24
Defenses
Disabling JavaScriptCareful implementation of existing
defensesFiltering using attack signaturesClient-side behavioral controlsServer-side controls and puppetnet
tracingServer-directed client-side controls
![Page 25: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/25.jpg)
25
Disabling JavaScript
Most sites employ JavaScriptJust enable trusted siteReduce one order magnitude, but
not eliminateNot attractive
![Page 26: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/26.jpg)
26
Careful implementation of existing defenses
Connection rate limiterReduce one order magnitude, but
not eliminateStill insufficient
![Page 27: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/27.jpg)
27
Filtering using attack signatures
For spam is okDDoS is hard to makeNot like string matchingNeed additional HTML parserObfuscation of HTMLToo complex
![Page 28: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/28.jpg)
28
Client-side behavioral controls
DDoSImpose controls on foreign request fr
om a web pageAffect web viewing, not good enough
WormImpose limiting amount of objects fro
m different siteCan evading by dns
![Page 29: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/29.jpg)
29
![Page 30: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/30.jpg)
30
![Page 31: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/31.jpg)
31
Server-side controls and puppetnet tracing
Block referrer, but still waste bandFind referrer to take down
attackingNot effective
![Page 32: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/32.jpg)
32
Server-directed client-side controls
Embed access control token in headerRestrict requests per session
Need public key to verifyModify server & client
![Page 33: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/33.jpg)
33
![Page 34: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/34.jpg)
34
Related work
Web securityXSSX-flash attack, like puppetnets
![Page 35: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/35.jpg)
35
Concluding remark
New class of web-based attackNone of the strategies were
complete satisfyingOnly partial solution
![Page 36: ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ae17f8b9ab0599771e9/html5/thumbnails/36.jpg)
36
End
Bye~