uzair ppt
TRANSCRIPT
![Page 1: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/1.jpg)
Data Attacks Using Network
By Uza!R_Ahmed
![Page 2: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/2.jpg)
Data Attack
In computer and computer networks an attack is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.
![Page 3: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/3.jpg)
Tools used in Network Attacks
Sniffing Spoofing Session hijacking Netcat
![Page 4: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/4.jpg)
Sniffer Allows attacker to see everything sent across the
network, including userIDs and passwords Tcpdump http://www.tcpdump.org Windump http://netgroup-serv.polito.it/windump Snort http://www.snort.org Ethereal http://www.ethereal.com Sniffit
http://reptile.rug.ac.be/~coder/sniffit/sniffit.html Dsniff http://www.monkey.org/~dugsong/dsniff
![Page 5: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/5.jpg)
Island Hopping Attack
Attacker initially takes over a machine via some exploit
Attacker installs a sniffer to capture userIDs and passwords to take over other machines
![Page 6: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/6.jpg)
Figure An island hopping attack
![Page 7: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/7.jpg)
Passive Sniffers
Sniffers that passively wait for traffic to be sent to them
Well suited for hub environment Snort Sniffit
![Page 8: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/8.jpg)
Figure A LAN implemented with a hub
![Page 9: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/9.jpg)
Sniffit in Interactive Mode
Useful for monitoring session-oriented applications such as telnet and ftp
Activated by starting sniffit with “-i” option Sorts packets into sessions based on IP addresses
and port numbers Identifies userIDs and passwords Allows attacker to watch keystrokes of victim in
real time.
![Page 10: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/10.jpg)
Switched Ethernet LANs
Forwards network packets based on the destination MAC address in the Ethernet header
![Page 11: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/11.jpg)
Figure A LAN implemented with a switch
![Page 12: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/12.jpg)
Active Sniffers
Effective in sniffing switched LANs Injects traffic into the LAN to redirect
victim’s traffic to attacker
![Page 13: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/13.jpg)
Figure In a person-in-the-middle attack, the attacker can grab or alter traffic between Alice and Bob
![Page 14: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/14.jpg)
Sniffing Defenses
Use HTTPS for encrypted web traffic Use SSH for encrypted login sessions
– Avoid using Telnet Use S/MIME or PGP for encrypted email Pay attention to warning messages on your
browser and SSH client
![Page 15: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/15.jpg)
Network-based Session Hijacking Attack based on sniffing and spoofing Occurs when attacker steals user session such as
telent, rlogin, or FTP.– Innocent user thinks that his session was lost, not stolen
Attacker sits on a network segment where traffic between victim and server can be seen
Attacker injects spoofed packets contain source IP address of victim with proper TCP sequence numbers
If hijack is successful, server will obey all commands sent by attacker.
![Page 16: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/16.jpg)
Figure A network-based session hijacking scenario
![Page 17: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/17.jpg)
Session Hijacking Defenses
Use SSH or VPN for securing sessions– Attackers will not have the keys to encrypt or
decrypt traffic– Pay attention to warning messages about any
change of public key on server since this may be a person-in-the-middle attack
![Page 18: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/18.jpg)
Netcat Network version of “cat” utility Allows user to move data across a network using
any TCP or UDP port Runs on both Unix and Windows NT Netcat executable “nc” operates in two modes
– Client mode allows user to initiate connection to any TCP or UDP on a remote machine and to take input data from standard input (eg keyboard or output of pipe)
– Listen mode (-l option) opens any specified TCP or UDP port on local system and waits for incoming connection and data through port. Data collected is sent to standard output (eg. Screen or input of pipe)
![Page 19: Uzair ppt](https://reader033.vdocuments.us/reader033/viewer/2022042607/556527bfd8b42a767f8b4a75/html5/thumbnails/19.jpg)