jan 2006 ppt

8/7/2019 Jan 2006 PPT

1/72

HACKED!!! RourkelaNetwork Security

Ritu Hooda

COMPUTER HACKING

8/7/2019 Jan 2006 PPT

2/72

How to become a Computer Security Expert?

THINGS TO DO :

Learn at least one Programming Language.

Become a Networking Guru.

Learn to work in the UNIX Shell.

Get the Hacking attitude.

Read, Read and Read as much as you can!!!!

8/7/2019 Jan 2006 PPT

3/72

Hacker VS Cracker

Qualities of a Hacker :

Lots of Knowledge & Experience.Good Guy.Strong Ethics.Never Indulges in Crime.Catches Computer Criminals.

Qualities of a C racker :

Lots of Knowledge & Experience.Bad Guy.Low Ethics.Mostly Indulges in Crime.Is a Computer Criminal himself.

8/7/2019 Jan 2006 PPT

4/72

TOP 5 C O R PO RA T E ES PION AGE A TT ACKS

TOP 5 Corporate Espionage Attacks:Privacy Attacks

Email Forging Attacks

Sniffer Attacks

Input Validation Attacks

DOS Attacks

8/7/2019 Jan 2006 PPT

5/72

In dividual In ter n et User

Mumb ai Lady Case

A lady based in Mumbai, India lived in a 1room apartment.

Was a techno-freak and loved chatting onthe Internet.

Attacker broke into her computer &switched her web camera on!

Biggest cyber crime involving privacyinvasion in the world!

8/7/2019 Jan 2006 PPT

6/72

Gover n me n t Sector

N ASA

The premier space research agency in theworld.

Had just finished a successful spaceshiplaunch, when the unexpected happened.

The path of the spaceship was changedremotely by a 11 year old Russian teenager.

Loss of money. Unnecessary Worry.

8/7/2019 Jan 2006 PPT

7/72

http://www.hackingmobil e phon es .com

P R IVACY ON T HE INT ER N E T: IP Addresses

Every system connected to a network has a unique Internet Protocol (IP)Address which acts as its identity on that network.

An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, 203.94.35.12

All data sent or received by a system will be addressed from or to the

system.

An IP Address it to your computer, what your telephone number is toyou!

An attacker s first step is to find out the IP Address of the target system.

8/7/2019 Jan 2006 PPT

8/72


IP Addresses : Fi n di ng a n IP Address

A remote IP Address can easily be found out by any of the following

methods:Through Instant Messaging Software

Through Internet Relay Chat

Through Your website

Through Email Headers

Through Message Board Postings

8/7/2019 Jan 2006 PPT

9/72


Fi n di ng a n IP Address via In sta n t Messe ng ers

INSTANT MESSENGERS

1. Ask your friend to come online and chat with you.

2 . Ca se I : If you are chatting on IC Q , then the following connectionexists between your system and your friend s system:

Your System------DIRECT CONNECTION---- Friends System

Friends System---------DIRECT CONNECTION------- Your System

Now, goto MSDOS or the command line and type:

C:\>n etstat -n

This command will give you the IP Address of your friend s computer.

8/7/2019 Jan 2006 PPT

10/72



3. Ca se 2 : If you are chatting on other messengers like MSN, YAHOO

etc. then the following indirect connection exists between yoursystem and your friend s system:

You r Sys tem ------ Ch at Server ---- F rie nd s Sys tem

F rie nd s Sys tem --------- Ch at Server ------- You r Sys tem

Thus in this case, you first have to establish a direct connection withyour friend s computer by either sending him a file or by using the callfeature.

Then, goto MSDOS or the command line and type:

C:\> n et s tat -n

This command will give you the IP Address of your friend s computer.

8/7/2019 Jan 2006 PPT

11/72



Count er m e a s ur es

Do not accept File transfers or calls from unknown people

Chat online ONLY after logging on through a Proxy Server.

8/7/2019 Jan 2006 PPT

12/72


P rotecti ng Your IP Address : P roxy Servers

PROXY SERVERS

Def inition:

A Proxy Server acts as a buffer between you and the Internet, hence it protects your identity.

W orking:

Ca se 1 : Your System------Proxy Server---- Friend s System

C a se 2 : Your System-----Proxy------Chat Server---- Friend s System

Good Proxy Se rv e rs :

Wingate & WinProxy (For Windows Platform)Squid (For Unix Platforms)

8/7/2019 Jan 2006 PPT

13/72


P rotecti ng Your IP Address : P roxy Servers

PROXY BOUN C ING

Def inition:

Proxy Bouncing is the phenomenon wherein you connect to several proxyservers and then connect to the actual destination.

W orking:

YOUR SYSTEM-------- PROXY 1--------- PROXY 2---------- PROXY 3---------------- PROXY 4---------- PROXY 5---------- Destination

Tool s :

MultiProxy

8/7/2019 Jan 2006 PPT

14/72


Fi n di ng a n IP Address via In ter n et Relay Chat

INTERNET RELAY C HAT

It is very easy to get the IP Address of your friend through IRC:

1. Ask your friend to chat with you on IRC.

2. Type the following command to get his IP Address:

/whois nicknameofvictim

If this does not work, then one can send a file to the friend and usethe netstat command to get his IP Address.

8/7/2019 Jan 2006 PPT

15/72


Fi n di ng a n IP Address via In ter n et Relay Chat

C ount e rm e a s ur es

One should connect to the IRC server through a proxy.

One should not accept any files or direct chat requests fromunknown people.

One can also use the below command to hide one s IP Address:

/mode your_nickname +xOR

/mode your_nickname +z

8/7/2019 Jan 2006 PPT

16/72


Fi n di ng a n IP Address via your website

W EBSITES

One can easily log the IP Addresses of all visitors to their website byusing simply JAVA applets or JavaScript code.

C ount e rm e a s ur es

One should surf the Internet through a Proxy Server.

One can also make use of the numerous Free Anonymous SurfingProxy Services.

For Example, www.anonymizer.com

8/7/2019 Jan 2006 PPT

17/72


Fi n di ng a n IP Address via Email Headers

EMAIL HEADERS

Hotmail.com along with numerous other Email Service Providers, addthe IP Address of the sender to each outgoing email.

A Typical excerpt of such a Header of an email sent from a Hotmailaccount is:

Return-Path: Received: from hotmail.com by delhi1.mtnl.net.in(8.9.1/1.1.20.3/26Oct99-0620AM)

id TAA0000032714; Sun, 23 Jan 2000 19:02:21 +0530 (IST)Message-ID: Received: from 202.54.109.174 by www.hotmail.com with HTTP;

Sun, 23 Jan 2000 05:30:14 PSTX-O rigi n ati n g -IP: [202 .xx.1 09 .174]

8/7/2019 Jan 2006 PPT

18/72


IP Addresses : Da ng ers & Co n cer n s

Dang e rs & C onc e rn s

DOS AttacksDisconnect from the Internet Trojans ExploitationGeographical Information: Click HereFile Sharing ExploitsInvades your Privacy

Spy on YouSteal your PasswordsSlow Your Internet Access Speed.

PRIVA C Y INVASION IS INDEED A REALITY!

8/7/2019 Jan 2006 PPT

19/72


T R OJ AN S

TROJANS

Def inition:

Trojans act as RATs or Remote Administration Tools that allow remotecontrol and remote access to the attacker.

W orking: See Demo.

Thr e at s :

Corporate Espionage, Password Stealing, IP Violation, Spying etc.

Tool s :

Netbus, Girlfriend, Back Orrifice and many others.

8/7/2019 Jan 2006 PPT

20/72


T R OJ AN S

C OUNTERMEASURES

Port Scan your own system regularly.

If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojaninstalled.

One can remove a Trojan using any normal Anti-Virus Software.A typical Key Logger automatically loads itself into the memory,each time the computer boots.

Hence, one should search all the start up files of the system andremove any references to suspicious programs.

8/7/2019 Jan 2006 PPT

21/72




E m ail Forging Attacks

Sniffer Attacks


DOS Attacks

8/7/2019 Jan 2006 PPT

22/72


Co n sumer Electro n ic Goods Sector

TV Gro up

One of the largest manufacturers of televisions and other electronic goods in theworld.

Attacker sent an abusive forged email to allinvestors, employees and partnersworldwide from the Chairmans account.

Tainted relations.

8/7/2019 Jan 2006 PPT

23/72


Email For g ing

Email Forging

Def inition:

Email Forging is the art of sending an email from the victim s email account without knowing the password.

W orking:

ATTACKER-----Sends Forged email----- FROM VICTIM

Tool s :

None required! DEMO

8/7/2019 Jan 2006 PPT

24/72


Email For g ing

C OUNTERMEASURES

NOTHING can stop the attacker.

Use Secure email systems like PGP.

Digitally sign your emails.

8/7/2019 Jan 2006 PPT

25/72





Sniffer Attacks


DOS Attacks

8/7/2019 Jan 2006 PPT

26/72


Healthcare Sector

H ealthcare Gro up

One of the largest shaving solutionscompanies in the world.

Attacker broke into network and cancelledapproximately 35 different orders of rawmaterials from supplier.

Loss of revenue. Delay in Product launch.

8/7/2019 Jan 2006 PPT

27/72


Gover n me n t Sector

B ARC Gro up

One of the most sensitive atomic andmissile research facilities in India.

Pakistani criminal organizations broke intonetwork and stole sensitive missile info.

Loss of sensitive data. Threat to nationalsecurity.

8/7/2019 Jan 2006 PPT

28/72


S NI FFERS

SNIFFERS

Def inition:

Sniffers are tools that can capture all data packets being sent across theentire network in the raw form.

W orking: ATTACKER-----Uses sniffer for spying----- VICTIM

Thr e at s :

Corporate Espionage, Password Stealing, IP Violation, Spying etc.

Tool s :

Tcpdump, Ethereal, Dsniff and many more.

8/7/2019 Jan 2006 PPT

29/72


S NI FFERS

C OUNTERMEASURES

Switch to Switching Networks. (Only the packets meant for that particular host reach the NIC)

Use Encryption Standards like SSL, SS H, IPSec.

8/7/2019 Jan 2006 PPT

30/72





Sniffer Attacks

I npu t V alidation Attacks

DOS Attacks

8/7/2019 Jan 2006 PPT

31/72


Fashio n E n tertai n me n t Sector

Fashion H ou se Gro up

One of the most successful fashiondesigners in Europe.

Stole all designs and marketing plans. Came out with the same range of

clothes a week before.

Loss of Revenue. R&D & Creativework down the drain.

8/7/2019 Jan 2006 PPT

32/72


In put Validatio n Attacks

Users input data into different software on an ongoing basis.

There is usually always some sort of program (software) that accepts theuser s input in order to either process it or store it.

However, a problem arises when a program accepts input from the userwithout validating/verifying it.

Such instances of lazy programming (i.e. programs where the input isNOT validated), can be exploited by attackers for malicious purposes andare called Input Validation Attacks.

Input Validation attacks are more reflective of poor programmingpractices than smart criminal techniques.

8/7/2019 Jan 2006 PPT

33/72



DANGERS

Most common dangers of such Input Validation attacks are:

Remote Execution of malicious commands.Gaining Access to Sensitive Files.Stealing Passwords.

Some of the most atrocious examples of Input Validation attacks are:

Enter 1000 random characters as the password and gain root access.Enter the path of the password file in the search box of a website

and actually get access to it!

8/7/2019 Jan 2006 PPT

34/72



EXAMPLES: Apach e W e b se rv e r

Apache Webserver (P HF Scripting Language)

http://www.abc.com/cgi-bin/phf? Qalias=x &0 a/bin/cat &20 / e tc/pa ss wd

This can be re-written as:

1. Enter the normal input: /cgi-bin/phf?Qalias=x

2. Goto the next line: &0a

3. Exploit the Input validation vulnerability and execute a maliciouscommand:

/bin/cat /etc/passwd

8/7/2019 Jan 2006 PPT

35/72



EXAMPLES: Hotmail

Hotmail Input Validation Attack

https://register.passport.net/emailpwdreset.srf?lc=1033&em=victim@ hotmail.com&id=&cb=&[email protected]&rst=1

8/7/2019 Jan 2006 PPT

36/72



EXAMPLES: Mail Machin e .cgi

MailMachine is a commonly used CGI script that handles online mailinglists.

Unfortunately, due to poor programming it contains numerous Input Validation attacks:

Subscribe/Unsubscribe Anyone YOU want.

http://www.abc.com/cgi-bin/mailmachine.cgi?EMAIL

8/7/2019 Jan 2006 PPT

37/72



SQL I nj e ction Attack s

SQL injection attacks are a form of input validation attacks whereinthe attacker uses specially crafted S QL queries or commands to carryout malicious activities on the target system.

This vulnerability exists due to a lack of validation of input when adatabase query is made on the Internet.

The best part about S QL injection attacks like most other input validation attacks is that they can easily be executed with the helpof only a browser.

8/7/2019 Jan 2006 PPT

38/72

8/7/2019 Jan 2006 PPT

39/72



SQL I nj e ction Attack s : Bypa ss ing Se curity

A number of systems use authentication systems in conjunction withSQL database queries. For example, if the user enters TOM as theusername and TOM123 as the password, then the following query isprocessed:

SELECT PEOPLE from databaseWHERE Username= TOM AND Password= TOM123'

IF {Authorize User} ELSE {User not authorized}

8/7/2019 Jan 2006 PPT

40/72



SQL I nj e ction Attack s : Bypa ss ing Se curity

However, when an attacker enters TOM OR 1=1 -- as the usernameand BLANK as the password, then the following query gets processed:

SELECT PEOPLE from databaseW HE RE U sername= TOM OR 1 = 1 --AND Password= '

IF < A bov e S ELECT c ommand evaluat e s to tru e> { Authoriz e U s e r } ELSE { U s e r not authoriz ed }

Since -- is used to denote the start of comments, hence the abovequery becomes:

SELECT

P EO P LE

from databaseWH ERE U sername = TOM OR 1=1 // ALW AYS TRUE

8/7/2019 Jan 2006 PPT

41/72



C OUNTERMEASURES

There are a variety of countermeasures that one must keep in mind toprotect against Input Validation attacks:

Restrict User Access and File Access.Untrusted applications should NOT be allowed to access trustedapplications.Programmers should:

Should keep security in mind.Make sure that your software validates input.Anticipate & test unexpected input situations.

Adopt a pro-active approach rather than a re-active one.

8/7/2019 Jan 2006 PPT

42/72





Sniffer Attacks


DO S Attacks

8/7/2019 Jan 2006 PPT

43/72


De n ial of Services (D O S) Attacks

DOS ATTA CK S

Def inition:

Such an attack clogs up so much bandwidth on the target system that it cannot serve even legitimate users.

W orking:

ATTACKER-----Infinite/ Malicious Data----- VICTIM

Tool s :

Ping of Death, SYN Flooding, Teardrop, Smurf, Land [ TYPES]Trin00, Tribal Flood Network etc [ TOOLS]

8/7/2019 Jan 2006 PPT

44/72


De n ial of Services (D O S) Attacks : Steps In volved.

St e p s involv e d in DOS A ttack s

1. Attacker---------Infinite/ Malicious Data-- Target Network

2. Target Network gets choked or cannot handle the malicious data andhence crashes.

3. As a result, even legitimate clients/ people cannot connect to thetarget network.

4. This results in loss of revenue, disrupt in services, inconvenience,customer dissatisfaction and many other problems.

8/7/2019 Jan 2006 PPT

45/72


DO S Attacks : P ing of Death Attack

PING OF DEATH

The maximum packet size allowed to be transmitted by TCP\IP on anetwork is 65 536 bytes.

In the Ping of Death Attack, a packet having a size greater than thismaximum size allowed by TCP\IP, is sent to the target system.

As soon as the target system receives a packet exceeding the allowablesize, then it crashes, reboots or hangs.

This attack can easily be executed by the pi n g command as follows:

pi n g -l 655 4 0 h o s t n ame

8/7/2019 Jan 2006 PPT

46/72


DO S Attacks : Tear Drop Attack

TEAR DRO P ATTA CK S

Data sent from the source to the destination system, is broken downinto smaller fragments at the source system and then reassembledinto larger chunks at the destination system.

For Exampl e,

Say data of 4000 bytes is to be sent across a network, then it is

broken down into three chunks:

1 . C HUN K A contains Bytes 1 to 1500.2 . C HUN K B contains Bytes 1501 to 30003. C HUN K C contains Bytes 3001 to 4000

In this example the range of C HUNK A is 1 to 1500, range of C HUNK B

is 1501 to 3000 while the range of C HUNK C is 3001 to 4000.

8/7/2019 Jan 2006 PPT

47/72


DO S Attacks : Tear Drop Attack Co n td.

TEAR DRO P ATTA CK S

However, in case of a Teardrop attack, these ranges of data chunksare overlapping. For Example, in case of a T ear d r o p attack, the same4000 bytes would be broken down into the below three chunks:

1 . C HUN K A contains Bytes 1 to 1500.2 . C HUN K B contains Bytes 1499 to 30003. C HUN K C contains Bytes 2999 to 4000

In this example the range of C HUNK A is 1 to 1500, range of C HUNK Bis 1499 to 3000 while the range of C HUNK C is 2999 to 4000. Thus,the ranges are overlapping.

Since here the ranges are overlapping, the target system getsDOS ed!!!

8/7/2019 Jan 2006 PPT

48/72


DO S Attacks : SMURF Attacks

SMURF ATTA CK S

In S MURF Attacks, a huge number of Ping Requests are sent to thebroadcast address of the target network, using Spoofed IP Addressesfrom within the target network.

Due to infinite loops thus generated and due to the large number of Ping Requests, the target network will crash, restart or hang up.

Countermeasure

Filter out all incoming packets which either:

Has its source address same as any internal system.Has its target address as the broadcast address. There is NO reason

why external systems need to send data to the broadcast address.

8/7/2019 Jan 2006 PPT

49/72

8/7/2019 Jan 2006 PPT

50/72


DO S Attacks : SY N Floodi ng

SYN F looding

Normally, each TCP/IP connection is established in the classic 3-wayhandshake or process:

1. Client---- SYN Packet----- Host 2. Host----- SYN\ACK Packet-- Client 3. Client---- ACK Packet--- Host

SYN Flooding exploits this classic 3-way TCP/IP handshake. Here, theattacker sends infinite SYN Packets to the victim computer fromspoofed IP Addresses. This creates infinite threads in the followinghalf-open state:

Spoofed Address--- SYN Packet---- Host Host------- SYN/ACK Packet------ Spoofed Address

8/7/2019 Jan 2006 PPT

51/72


DO S Attacks : SY N Floodi ng

SYN F looding

The Spoofed Address used by the attacker, can lead to 3 different scenarios:

The Spoofed IP Address does NOT exist.The Spoofed IP Address exists.The Spoofed IP Address is a system within the victim network.

8/7/2019 Jan 2006 PPT

52/72


Distributed De n ial of Service Attacks (dD O S Attacks)

1 . DOS A ttack s VS D is tribut e d DOS A ttack s

DOS A ttack s Dis tribut e d- DOS A ttack s

Only ONE Attacker. Several attackers.Not that effective. More Effective.

8/7/2019 Jan 2006 PPT

53/72



STEPS INVOLVED IN d DOS ATTA CK S

Attacker takes control of a less secure network say X.

Let us assume that there are 100 systems in X s network.

Attacker uses all these 100 systems to attack the actual target T.

Hence, instead of one attacker, there are 100 attackers.

8/7/2019 Jan 2006 PPT

54/72



Tool s : Tribal Flood Ne twork (TFN)

Attacker----------------- Clients--------------- Daemons

Allows TCP Floods, SYN Floods or UDP floods on the target system.

No authorization required to use TFN clients.

Communicates using ICMP, TCP and UDP protocols. Hence difficult toblock without affecting regular traffic.

TFN2K uses random ports for communication purposes makingdetection all the more difficult.

8/7/2019 Jan 2006 PPT

55/72



Tool s : Trin 00

Attacker----------------- Masters--------------- Daemons

Allows UDP floods on the target system.

Trin00 clients are password protected and do not allow illicit usage.However, the password is stored in plaintext in the source code itself.

All communication takes place on specific UDP and TCP ports.

Allows multiple layered Masters.

8/7/2019 Jan 2006 PPT

56/72



Tool s : Stach e ldraht (B arb e d W ir e )

Attacker--------- Masters( Handlers)------- Daemons (Agents)

Combines the best features of both TFN and Trin00.

All communication is encrypted using single key encryption.

Communicates using the ICMP protocol. Hence, difficult to blockwithout affecting regular traffic.

Uses default TCP ports (16660, 65000) for communication. Can bechanged.

8/7/2019 Jan 2006 PPT

57/72


De n ial of Services (D O S) Attacks

BUSINESS THREATS

All services unusable.

All users Disconnected.

Loss of revenue.

Deadlines can be missed.

Unnecessary Inefficiency and Downtime.

Share Values go down. Customer Dissatisfaction.

8/7/2019 Jan 2006 PPT

58/72


DO S Attacks

C OUNTERMEASURES

Separate or compartmentalize critical services.Buy more bandwidth than normally required to count for suddenattacks.Filter out USELESS/MALICIOUS traffic as early as possible.Disable publicly accessible services.Balance traffic load on a set of servers.Regular monitoring and working closely with ISP will always help!Patch systems regularly.IPSec provides proper verification and authentication in the IPprotocol.Use scanning tools to detect and remove DOS tools.

8/7/2019 Jan 2006 PPT

59/72


Recomme n datio n s a n d Cou n termeasures

National CERTS and Cyber Cops. Security EDUCATION and

TRAINING.

Increase Security budgets. Invest on a dedicated security team. Security by obscurity?

8/7/2019 Jan 2006 PPT

60/72


T HE F IN AL W O RD

THE FINAL W ORD

The biggest threat that an organization faces continues to be from .

THEIR O W N EM PLOYEES!

8/7/2019 Jan 2006 PPT

61/72


Is In ter n et Ba n ki ng Safer tha n AT M Machi n es?

ATM MA C HINES VS INTERNET BAN K ING

ATM M achin es I nt e rn e t Banking

Easier to crack. Difficult to crack, if latest SSL used.

Soft Powdery Substance. Earlier SSL standards quite weak.

Unencrypted PIN Number.Software/ Hardware Sniffer.

Fake ATM Machine

h // h ki bil h

8/7/2019 Jan 2006 PPT

62/72


AT M Hacki ng

h // h ki bil h

8/7/2019 Jan 2006 PPT

63/72


AT M Hacki ng

8/7/2019 Jan 2006 PPT

64/72

htt // h ki bil h

8/7/2019 Jan 2006 PPT

65/72


AT M Hacki ng

http:// hackingmobil phon com

8/7/2019 Jan 2006 PPT

66/72


Mobile P ho n e Hacki ng

Mobil e Phon e Attack s

Different Types:

BlueJackingBlueSnarfingBlueBug AttacksFailed Authentication AttacksMalformed OBEX AttackMalformed SMS Text Message AttackMalformed MIDI File DOS AttackJammingViruses and WormsSecret Codes: *#92702689# or #3370*

http://www hackingmobil e phon es com

8/7/2019 Jan 2006 PPT

67/72


AN E T HCAL GU IDE TO HACK IN G M O B ILE P H ON ESAn kit Fadia

Titl e : An Ethical Hacking Guide toHacking Mobile Phones

Author: Ankit Fadia

Publi s h e r: Macmillan India Ltd.


8/7/2019 Jan 2006 PPT

68/72


T HE U NO FF IC IAL GU IDE TO E T H ICAL HACK IN GAn kit Fadia

Titl e : The Unofficial Guide To EthicalHacking

Author: Ankit Fadia



8/7/2019 Jan 2006 PPT

69/72


N E T WO RK SECUR IT Y: A HACKERS P ERS P EC TI VEAn kit Fadia

Titl e : Network Security: A Hacker sPerspective

Author: Ankit Fadia



8/7/2019 Jan 2006 PPT

70/72


T HE E T H ICAL HACK IN G GU IDE TO C O R PO RA T E SECUR IT YAn kit Fadia

Titl e : The Ethical Hacking Guide toCorporate Security

Author: Ankit Fadia



8/7/2019 Jan 2006 PPT

71/72


T HE E T H ICAL HACK IN G SER IESAn kit Fadia

Titl e : Email Hacking

Author: Ankit Fadia

Publi s h e r: Vikas Publications

Titl e : Windows Hacking

Author: Ankit Fadia

Publi s h e r: Vikas Publications


8/7/2019 Jan 2006 PPT

72/72


HACKED!!! RourkelaNetwork Security

An kit FadiaIntelligence Consultant cum Author

[email protected]

Questions?

jan 2006 ppt

Documents