Internet Attacks

7/29/2019 Internet Attacks

1/28

Internet AttacksBY:

Piyush Mittal


2/28

What is internet?

The Internet is a worldwide IP

network, that links collection

of different networks from

various sources,governmental, educational

and commercial.


3/28

Problem regarding internet----

Identification problem.

identify network (most complicated):

logical addressing

identify host within the network :physical addressing

identify the process within the host:

service point addressing


4/28

Types of attacks

Social engineering

Impersonation Stealing access rights of authorized users

Transitive trust Exploiting host-host or network-network trust

Data driven

Trojans, viruses

Infrastructure Taking advantage of protocol or infrastructure features or bugs

Denial of service Preventing system from being used

Magic

New things nobody has seen yet bugs


5/28

Social engineering

Fooling the victim for fun and profit

ExampleAttacker calls switchboard and impersonates employee this is Dr. XXX

trying to reach the data center.Calls data center this is Dr. XXX my modem is not working, has

the modem pool ## changed?

Gets modem pool phone ## and name of system manager from

data center operator

Calls computer room, this is - Ive accidentally

locked myself , can you do the following on the console for

me?...

Dials in and logs in


6/28

Very hard to protect against itHow to protect against it:

Educate staff

Have well-known mechanisms for problem reporting and handling

Identify transactions that must be done in person.


7/28

Impersonation

Stealing access rights of authorized users

Example :-College students place tap on serial lines between modem closet

and computer room-Late-night monitoring set up at cross-wired terminal

- System manager logs in and sets privilege

- Attacker later logs into system with stolen passwords


8/28

Transitive trust

A trust that can extend beyond two domains to other

trusted domains in the forest.

Example : Network of workstations share files via NFSAttacker compromises a client workstations administrator account

Attacker can create privileged executables on file systems exported from

server

Attacker creates privileged executable on server then logs in as normal user

Attacker executes privileged program and gains privilege on file server


9/28

Prevention

Current software suites do not have adequate mechanisms for trust

delegation and containment

System admins must carefully map out trust relationships between hosts

on networks

Consider internal firewalls


10/28

Data driven attacks

Trojans, viruses.

Example : Attacker on IRC (Internet Relay Chat) tells users to obtain a utility program

that will help them use system better Users download program and run it

Program deletes all users files and emails a copy of password file to

attacker


11/28

Prevention

-Firewall can help screen out.

-Restricting services can help reduce potential for attack.

-Educate users about not just executing anything they are given.


12/28

Infrastructure attacks

Example : (Source Routing)

-IP protocol specifies that source-routed traffic should return on the reverse

route from which it came

-Attacker selects a trusted host within the target network and knocks it off

the air using ICMP bombing

-Attacker sets address of his system to that of the trusted host

-Attacker uses rlogin with source routed packets

-Target host sees packets coming from trusted machine and may permit

better access


13/28


14/28

Prevention

-Defeat source routing with firewalls that block and log source

routed packets

-Many routers can block source routed packets


15/28

Example : (TCP sequence guessing)

- TCP connections rely on an increasing sequence number to

correctly order traffic over connection.

-If an attacker knows the sequence numbers of a connectionstream he can generate correct-looking packets even though

the response packets do not reach him.

In order for attack to work ,response packets must not reach

the correct destination.


16/28


17/28


18/28


19/28

Example : (TCP splicing)

Attacker between networks watches for a legitimateconnection

Waits until after user has logged in

Steals connection and becomes user


20/28


21/28


22/28


23/28

Denial of service attacks

Denial of service(DoS) is very common attack . it may slow

down or totally interrupt the service of a system . The attacker

can use several strategies to achieve this she might send so

many bogus request s to a server that the server crashes

because of the heavy load .

The attacker might intercept and delete a servers response

to a client making the client to believe that the server is not

responding.

The attacker may also intercept requests from the clients ,causing the clients to send request many times and overload

the system.


24/28

Magic attacks

-We dont know what these will look like

-Theyre the attack that someone hasnt thought of yet

-Attack will be utterly mysterious in origin and will surprise

everyone

-Hopefully it will be easy to fix


25/28

What does the future hold?

-Host-based software will continue to be buggy and unreliable

from a security standpoint

-Vendors will continue to add security as an afterthought rather

than designing it in from the beginning

-Encryption will be more widely deployed in spite of government

restrictions


26/28

Summary

-Attackers are performing active R&D to figure out how to break

into networks

-Some attacks very technical

-Some attacks very low tech


27/28

Refrences

www.wikkipedia.com

Cryptography and Network Security by

Behrouz A. Forouzan

www.Siemens.com/Answers

www.us-cert.gov
http://www.wikkipedia.com/http://www.siemens.com/Answershttp://www.us-cert.gov/http://www.us-cert.gov/http://www.us-cert.gov/http://www.us-cert.gov/http://www.siemens.com/Answershttp://www.wikkipedia.com/http://www.wikkipedia.com/


28/28

Thanks

Internet Attacks

Documents