NS03 - Network Attacks
-
Upload
adi-wahyu-saputra -
Category
Documents
-
view
219 -
download
0
Transcript of NS03 - Network Attacks
-
7/29/2019 NS03 - Network Attacks
1/43
NETWORK
SECURITY03 NETWORK ATTACKS
-
7/29/2019 NS03 - Network Attacks
2/43
Contents
3.1 Network Vulnerabilities
3.1.1 Media-Based
3.1.2 Network Device
3.2 Categories of Attacks
3.3 Methods of Network Attacks
03NETWORKATTACKS 2
-
7/29/2019 NS03 - Network Attacks
3/43
3.1 Network Vulnerabilities
Two broad categories of networkvulnerabilities:
those found in network transport media, andnetwork devices.
03NETWORKATTACKS 3
-
7/29/2019 NS03 - Network Attacks
4/43
3.1 Network Vulnerabilities
3.1.1 Media-Based Vulnerabilities
Monitoring traffic can be done in two ways: Byport mirroringon a manageable switch, that
allow traffic redirection from all or some ports to a
designated port and analyze by a protocol analyzer
(also called a sniffer)
A second method for monitoring traffic is to install anetwork tap
03NETWORKATTACKS 4
-
7/29/2019 NS03 - Network Attacks
5/43
3.1 Network Vulnerabilities
03NETWORKATTACKS 5
-
7/29/2019 NS03 - Network Attacks
6/43
3.1 Network Vulnerabilities
03NETWORKATTACKS 6
-
7/29/2019 NS03 - Network Attacks
7/43
3.1 Network Vulnerabilities
Just as network taps and protocol analyzerscan be used for legitimate purposes, they also
can be used by attackers to intercept andview network traffic.
By default, a switch sends packets only to theintended recipient.
However, there are several techniques thatcan be used to circumvent this limitation.
03NETWORKATTACKS 7
-
7/29/2019 NS03 - Network Attacks
8/43
3.1 Network Vulnerabilities
03NETWORKATTACKS 8
-
7/29/2019 NS03 - Network Attacks
9/43
3.1 Network Vulnerabilities
3.1.2 Network Device Vulnerabilities
Common network device vulnerabilitiesinclude:
some factors cause many network administratorsto use weak passwords, or those that
compromise security.
default accounts, is a user account on a devicethat is created automatically by the device insteadof by an administrator.
03NETWORKATTACKS 9
-
7/29/2019 NS03 - Network Attacks
10/43
3.1 Network Vulnerabilities
a back door , an account that is secretly set upwithout the administrators knowledge or
permission.
privilege escalation, it is possible to exploit avulnerability in the network devices software to
gain access to resources.
03NETWORKATTACKS 10
-
7/29/2019 NS03 - Network Attacks
11/43
3.2 Categories of Attacks
There are a number of different categoriesof attacks that are conducted against
networks.
These categories include denial of service,spoofing, man-in-the-middle, and replay
attacks.
03NETWORKATTACKS 11
-
7/29/2019 NS03 - Network Attacks
12/43
3.2 Categories of Attacks
3.2.1 Denial of Service (DoS)
A DoS attack attempts to consume networkresources so that the network or its devices
cannot respond to legitimate requests.DoS attacks can take several forms:
Overwhelm a network Overwhelm a server Bring down a server
03NETWORKATTACKS 12
-
7/29/2019 NS03 - Network Attacks
13/43
3.2 Categories of Attacks
SYN Flood Attacks
The earliest DoS attacks were launched froma single source computer.
The attacker launches packets from his or hermachine that compromise the victim.
One of the earliest to appear was the SYNflood attackwhich takes advantage of the
TCP three-way handshake.
03NETWORKATTACKS 13
-
7/29/2019 NS03 - Network Attacks
14/43
3.2 Categories of Attacks
The general technique of the attack is to senda flood of SYN segments to the victim with
spoofedand usually invalidsource IP
addresses.
As a result, the victim slows down and canthandle legitimate traffic in an acceptable time
frame.
03NETWORKATTACKS 14
-
7/29/2019 NS03 - Network Attacks
15/43
-
7/29/2019 NS03 - Network Attacks
16/43
3.2 Categories of Attacks
Ping of Death
A simple way to mount a DoS attack is toflood the victim system with multiple,
oversized ping requests.The attacker sends a ping in a packet that has
too much data in its data field, creating a
packet that is too long (more than 65,536
octets).
The victim receives these oversized packetsand is likely to crash, hang, or even reboot.
03NETWORKATTACKS 16
-
7/29/2019 NS03 - Network Attacks
17/43
-
7/29/2019 NS03 - Network Attacks
18/43
3.2 Categories of Attacks
The router sends the packet to all systems on itsnetwork.
Each system that received the echo requestpacket responds to the victim, flooding the victimwith packets that tie up its network bandwidth.
03NETWORKATTACKS 18
-
7/29/2019 NS03 - Network Attacks
19/43
3.2 Categories of Attacks
UDP Flood Attacks
A UDP flood attack (sometimes calledpingpong) takes advantage of the chargen
(useless) service, which is used legitimately totest hosts and networks.
An attacker mounts it in the following manner: The attacker spoofs the return IP address of a
UDP datagram that makes a request of thechargen service. Typically, the spoofed return
address will point to a host on the victim network.
03NETWORKATTACKS 19
-
7/29/2019 NS03 - Network Attacks
20/43
-
7/29/2019 NS03 - Network Attacks
21/43
3.2 Categories of Attacks
DoS attacks can be used against wirelessnetworks as well.
An attacker can flood the radio frequency (RF)spectrum with enough radiomagneticinterference.
However, these attacks generally are notwidespread because sophisticated and
expensive equipment is necessary
03NETWORKATTACKS 21
-
7/29/2019 NS03 - Network Attacks
22/43
3.2 Categories of Attacks
03NETWORKATTACKS 22
-
7/29/2019 NS03 - Network Attacks
23/43
3.2 Categories of Attacks
Most successful wireless DoS attacks take adifferent approach.
Attackers can take advantages ofCSMA/CAand explicit frame ACKto perform a wirelessDoS.
Another wireless DoS attack usesdisassociation frames. A disassociation
frame is sent to a device to force it totemporarily disconnect from the wireless
network.
03NETWORKATTACKS 23
-
7/29/2019 NS03 - Network Attacks
24/43
3.2 Categories of Attacks
03NETWORKATTACKS 24
-
7/29/2019 NS03 - Network Attacks
25/43
3.2 Categories of Attacks
A variant of the DoS is the distributed denialof service (DDoS) attack.
Instead of using one computer, a DDoS mayuse hundreds or thousands of zombiecomputers in a botnet to flood a device with
requests.
This makes it virtually impossible to identifyand block the source of the attack.
03NETWORKATTACKS 25
-
7/29/2019 NS03 - Network Attacks
26/43
3.2 Categories of Attacks
03NETWORKATTACKS 26
-
7/29/2019 NS03 - Network Attacks
27/43
-
7/29/2019 NS03 - Network Attacks
28/43
3.2 Categories of Attacks
03NETWORKATTACKS 28
-
7/29/2019 NS03 - Network Attacks
29/43
3.2 Categories of Attacks
TrinooSimilar to that of TFN (the attacker
communicating with daemons on a
compromised host).However, it is used to launch UDP flood
attacks from multiple sources.
03NETWORKATTACKS 29
-
7/29/2019 NS03 - Network Attacks
30/43
3.2 Categories of Attacks
StacheldrahtA variation of TFN and Trinoo.The client communicates with handlers using
encrypted communication from a commandline.
Handlers are password protected.
Stacheldraht uses both TCP and ICMP tomount attacks.
03NETWORKATTACKS 30
-
7/29/2019 NS03 - Network Attacks
31/43
-
7/29/2019 NS03 - Network Attacks
32/43
-
7/29/2019 NS03 - Network Attacks
33/43
3.2 Categories of Attacks
03NETWORKATTACKS 33
-
7/29/2019 NS03 - Network Attacks
34/43
3.2 Categories of Attacks
DNS SpoofingA method for redirecting users to a Web site
other than the one to which a domain name is
actually registered.The most common variation is malicious
cache poisoning, which involves the
modification of data in the cache of a domain
name server. Any name server thatspecifically isnt protected against this type of
attack is vulnerable.
03NETWORKATTACKS 34
-
7/29/2019 NS03 - Network Attacks
35/43
3.2 Categories of Attacks
03NETWORKATTACKS 35
-
7/29/2019 NS03 - Network Attacks
36/43
3.2 Categories of Attacks
03NETWORKATTACKS 36
-
7/29/2019 NS03 - Network Attacks
37/43
-
7/29/2019 NS03 - Network Attacks
38/43
3.2 Categories of Attacks
Web SpoofingWeb spoofing involves tricking a user into
thinking he or she is interacting with a trusted
Web site.Spoofed Web sites look very much like the
site they are imitating.
03NETWORKATTACKS 38
-
7/29/2019 NS03 - Network Attacks
39/43
3.2 Categories of Attacks
3.2.3 Man-in-the-MiddleThis type of attack makes it seem that two
computers are communicating with each
other,
when actually they are sending and receivingdata with a computer between them, or the
man-in-the-middle.
03NETWORKATTACKS 39
-
7/29/2019 NS03 - Network Attacks
40/43
-
7/29/2019 NS03 - Network Attacks
41/43
3.2 Categories of Attacks
Man-in-the-middle attacks can be active orpassive.
In a passive attack, the attacker captures the datathat is being transmitted, records it, and then
sends it on to the original recipient without hispresence being detected.
In an active attack, the contents are interceptedand altered before they are sent on to the
recipient.
03NETWORKATTACKS 41
-
7/29/2019 NS03 - Network Attacks
42/43
-
7/29/2019 NS03 - Network Attacks
43/43
3.3 Methods of Net. Attacks
next week .. be there :D