ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a...
36
ACM Conference on Computer and Communic ations Security 2006 Puppetnet: Misusing web browsers as a d istributed attack infrastructure Network Seminar Presenter: Chen Chih-Ming
-
Upload
charla-daisy-bryant -
Category
Documents
-
view
218 -
download
2
description
3 Term Puppetnet code Infected Server Puppet client Victim
Transcript of ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a...
ACM Conference on Computer and Communications Security 2006
Puppetnet: Misusing web browsers as a distributed attack infrastructure
Network SeminarPresenter: Chen Chih-Ming
2
Outline
IntroductionTermDesign and AnalysisDefensesRelated workConcluding remarks
3
Term
Puppetnet code Infected ServerPuppet clientVictim
4
Introduction
To coerce web browsers to participate in malicious activities
Not heavily dependent on the exploitation of specific flaws
Not control over participating nodes completely
Dynamic, short live target Indirect attack
5
Design and Analysis
DDoSWorm propagationReconnaissance probesProtocol other than HTTPExploiting cookie-authenticatedDistributed malicious computation
s
6
DDoS
Hidden frameJavaScript loopEmbed objectCache
Add GETConnect limit of browser
Use different host name
7
8
9
10
11
12
Worm propagation
Code RedAttack IIS server
Infecting processServerViewerVictim
13
14
15
16
17
Reconnaissance probes
Timing attack
18
19
20
21
Protocol other than HTTP
SMTP IRC
Trigging botnet
22
Exploiting cookie-authenticated
Web mailSend victim’s mail to attacker
23
Distributed malicious computations
JavaScript or AppletCrack password
24
Defenses
Disabling JavaScriptCareful implementation of existing
defensesFiltering using attack signaturesClient-side behavioral controlsServer-side controls and puppetnet
tracingServer-directed client-side controls
25
Disabling JavaScript
Most sites employ JavaScriptJust enable trusted siteReduce one order magnitude, but
not eliminateNot attractive
26
Careful implementation of existing defenses
Connection rate limiterReduce one order magnitude, but
not eliminateStill insufficient
27
Filtering using attack signatures
For spam is okDDoS is hard to makeNot like string matchingNeed additional HTML parserObfuscation of HTMLToo complex
28
Client-side behavioral controls
DDoSImpose controls on foreign request fr
om a web pageAffect web viewing, not good enough
WormImpose limiting amount of objects fro
m different siteCan evading by dns
29
30
31
Server-side controls and puppetnet tracing
Block referrer, but still waste bandFind referrer to take down
attackingNot effective
32
Server-directed client-side controls
Embed access control token in headerRestrict requests per session
Need public key to verifyModify server & client
33
34
Related work
Web securityXSSX-flash attack, like puppetnets
35
Concluding remark
New class of web-based attackNone of the strategies were
complete satisfyingOnly partial solution
36
End
Bye~
