Scribd Logo
Upload

Welcome to Scribd!

  • CSCE 790 Internet Security Attacks

    Uploaded by

    Sachin Marathe
    44 views33 pages
    This document summarizes a lecture on internet security attacks. It describes four main categories of attacks: interruption that destroys availability, interception that compromises confidentiality, modification that impacts integrity, and fabrication that challenges authenticity. It then focuses on passive attacks like sniffing that obtain information and active attacks like denial of service that disrupt systems. Specific attack types are defined, such as masquerading, replaying intercepted data, spoofing, and hijacking sessions. Methods to detect and mitigate these threats are also outlined, including cryptography, traffic padding, switch technology, and traceback capabilities.

    Original Description:

    attacks

    Original Title

    CSCE790-lect3

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes a lecture on internet security attacks. It describes four main categories of attacks: interruption that destroys availability, interception that compromises confidentiality, modification that impacts integrity, and fabrication that challenges authenticity. It then focuses on passive attacks like sniffing that obtain information and active attacks like denial of service that disrupt systems. Specific attack types are defined, such as masquerading, replaying intercepted data, spoofing, and hijacking sessions. Methods to detect and mitigate these threats are also outlined, including cryptography, traffic padding, switch technology, and traceback capabilities.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    44 views33 pages

    CSCE 790 Internet Security Attacks

    Uploaded by

    Sachin Marathe
    This document summarizes a lecture on internet security attacks. It describes four main categories of attacks: interruption that destroys availability, interception that compromises confidentiality, modification that impacts integrity, and fabrication that challenges authenticity. It then focuses on passive attacks like sniffing that obtain information and active attacks like denial of service that disrupt systems. Specific attack types are defined, such as masquerading, replaying intercepted data, spoofing, and hijacking sessions. Methods to detect and mitigate these threats are also outlined, including cryptography, traffic padding, switch technology, and traceback capabilities.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 33

    CSCE 790 Internet Security Lecture 3 Attacks

    Reading Assignment

    Reading assignments for January 22: Required: Oppliger: Ch 3. Attacks Recommended: Maximum Security: Ch. 15 Sniffers
    Reading assignments for January 24: Required: Oppliger: Ch 5. Cryptographic Tecniques

    5.1, 5.2, 5.3

    Internet Security

    Attack
    RFC 2828: An assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of the system.
    Internet Security 3

    Normal Flow

    Information source

    Information destination

    Internet Security

    Interruption
    Information source Information destination

    Asset is destroyed of becomes unavailable - Availability Example: destruction of hardware, cutting communication line, disabling file management system, etc.
    Internet Security 5

    Interception
    Information source Information destination

    Unauthorized party gains access to the asset Confidentiality Example: wiretapping, unauthorized copying of files

    Internet Security

    Modification
    Information source Information destination

    Unauthorized party tampers with the asset Integrity Example: changing values of data, altering programs, modify content of a message, etc.
    Internet Security 7

    Fabrication
    Information source Information destination

    Unauthorized party insets counterfeit object into the system Authenticity Example: insertion of offending messages, addition of records to a file, etc.
    Internet Security 8

    Passive Attack
    Attempts to learn or make use of information from the system but does not affect system resources (RFC 2828)

    Sniffer

    Internet Security

    Sniffers
    All machines on a network can hear ongoing traffic A machine will respond only to data addressed specifically to it Network interface: promiscuous mode able to capture all frames transmitted on the local area network segment

    Internet Security 10

    Risks of Sniffers

    Serious security threat Capture confidential information


    Authentication information Private data

    Capture network traffic information

    Internet Security

    11

    Passive attacks

    Interception (confidentiality)

    Release of message contents

    Traffic analysis

    Internet Security

    12

    Release of message content

    Intruder is able to interpret and extract information being transmitted Highest risk:authentication information
    Can be used to compromise additional system

    resources

    Internet Security

    13

    Traffic Analysis

    Intruder is not able to interpret and extract the transmitted information Intruder is able to derive (infer) information from the traffic characteristics

    Internet Security

    14

    Protection against passive attacks

    Shield confidential data from sniffers: cryptography Disturb traffic pattern: NRL
    Traffic padding Onion routing

    Modern switch technology: network traffic is directed to the destination interfaces Detect and eliminate sniffers
    Internet Security 15

    Detection of sniffer tools

    Difficult to detect: passive programs Tools: Snifftest SunOS and Solaris: can detect sniffers even if the network interface is not in promiscuous mode Nitwitt Network Interface Tap: can detect sniffers even if the network interface is not in promiscuous mode Promisc Linux cmp SunOS 4.x: detects promiscuous mode AntiSniff (L0pht Heavy Industries, Inc. ): remotely detects computers that are packet sniffing, regardless of the OS

    Internet Security

    16

    Active attacks
    Attempts to alter system resources of affect their operation (RFC 2828)

    Internet Security

    17

    Active attacks

    Interruption (availability)

    Modification (integrity)

    Fabrication (integrity)

    Internet Security

    18

    Active Attacks

    Masquerade Replay Modification of messages Denial of service Degradation of service Spoofing attacks Session hijacking
    Internet Security 19

    Masquerade

    One entity pretends to be a different entity Usually involves additional attacks, e.g.,
    Authentication sequences captured and replay

    Internet Security

    20

    Replay

    Passive capture of data unit and its retransmission

    Internet Security

    21

    Modification of messages

    Some portion of the legitimate message is altered or Message is delayed or reordered

    Internet Security

    22

    Denial of service

    Prevents of inhibits the normal use or management of resources May range from blocking a particular resource or the entire network Past attacks: aim to crash systems of a victim

    Internet Security

    23

    DoS attacks

    E-mail bombing attack: floods victims mail with large bogus messages
    Popular Free tools available

    Smurf attack:
    Attacker multicast or broadcast an Internet Control

    Message Protocol (ICMP) with spoofed IP address of the victim system Each receiving system sends a respond to the victim Victims system is flooded
    Internet Security 24

    DoS attacks

    TCP SYN flooding


    Client (initiator) Server

    Half-open connection: server is waiting for clients ACK


    Internet Security 25

    TCP SYN flooding

    Server: limited number of allowed halfopen connections Backlog queue:


    Existing half-open connections Full: no new connections can be established Time-out, reset

    Internet Security

    26

    TCP SYN flooding

    Attack:
    Attacker: send SYN requests to server with IP source

    that unable to response to SYN-ACK Servers backlog queue filled No new connections can be established Keep sending SYN requests

    Does not affect


    Existing or open incoming connections Outgoing connections
    Internet Security 27

    Distributed denial of service (DDoS)

    Use additional systems (zombies) on the Internet to lounge a coordinated attack

    Internet Security

    28

    Protection against DoS, DDoS

    Hard to provide full protection Some of the attacks can be prevented


    Filter out incoming traffic with local IP address

    as source Avoid established state until confirmation of clients identity

    Internet trace back: determine the source of an attack


    Internet Security 29

    Degradation of Service

    Do not completely block service just reduce the quality of service

    Internet Security

    30

    Spoofing attacks

    IP spoofing DNS spoofing Sequence number guessing

    Internet Security

    31

    Sequence number guessing


    Weaknesses:

    TCP/IP host does not verify the authenticity of the source IP x,y are not randomly generated => attacker may guess value of y with good accuracy
    Client (initiator) Server

    Internet Security

    32

    Sequence number guessing


    C

    1. SYN(X) ID(B)

    3. ACK(Y)

    2. SYN(Y), ACK(X) A
    Internet Security

    33

    You might also like