Lecture Professional Practices in IT: Lecture 20

pdf
Số trang Lecture Professional Practices in IT: Lecture 20 15 Cỡ tệp Lecture Professional Practices in IT: Lecture 20 269 KB Lượt tải Lecture Professional Practices in IT: Lecture 20 0 Lượt đọc Lecture Professional Practices in IT: Lecture 20 3
Đánh giá Lecture Professional Practices in IT: Lecture 20
4.7 ( 9 lượt)
Nhấn vào bên dưới để tải tài liệu
Đang xem trước 10 trên tổng 15 trang, để tải xuống xem đầy đủ hãy nhấn vào bên trên
Chủ đề liên quan

Nội dung

Lecture 20 Hacking Modes of Hacker Attack • • • • • • Over the Internet Over LAN Locally Offline Theft Deception Spoofing Definition: An attacker alters his identity so that some one thinks he is some one else – Email, User ID, IP Address, … – Attacker exploits trust relation between user and networked machines to gain access to machines Types of Spoofing: 1. IP Spoofing: 2. Email Spoofing 3. Web Spoofing IP Spoofing – Flying-Blind Attack Definition: Attacker uses IP address of another computer to acquire information or gain access Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 • • • Attacker changes his own IP address to spoofed address Attacker can send messages to a machine masquerading as spoofed machine Attacker can not receive messages from that machine John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 Attacker 10.10.50.50 IP Spoofing – Source Routing Definition: Attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies Attacker intercepts packets as they go to 10.10.20.30 From Address: 10.10.20.30 To Address: 10.10.5.5 Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 • • Attacker 10.10.50.50 John 10.10.5.5 The path a packet may change can vary over time To ensure that he stays in the loop the attacker uses source routing to ensure that the packet passes through certain nodes on the network Email Spoofing Definition: Attacker sends messages masquerading as some one else What can be the repercussions? Types of Email Spoofing: 1. Create an account with similar email address – Sanjaygoel@yahoo.com: A message from this account can perplex the students 2. Modify a mail client – Attacker can put in any return address he wants to in the mail he sends 3. Telnet to port 25 – Most mail servers use port 25 for mails. Attacker logs on to this port and composes a message for the user. Web Spoofing • Basic – • Man-in-the-Middle Attack – – • Attacker acts as a proxy between the web server and the client Attacker has to compromise the router or a node through which the relevant traffic flows URL Rewriting – – • Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.com Attacker redirects web traffic to another site that is controlled by the attacker Attacker writes his own web site address before the legitimate link Tracking State – – When a user logs on to a site a persistent authentication is maintained This authentication can be stolen for masquerading as the user • • Web Spoofing – Tracking State Web Site maintains authentication so that the user does not have to authenticate repeatedly Three types of tracking methods are used: 1. Cookies: Line of text with ID on the users cookie file – Attacker can read the ID from users cookie file 2. URL Session Tracking: An id is appended to all the links in the website web pages. – Attacker can guess or read this id and masquerade as user 3. Hidden Form Elements – – ID is hidden in form elements which are not visible to user Hacker can modify these to masquerade as another user Session Hijacking Definition: Process of taking over an existing active session Modus Operandi: 1. User makes a connection to the server by authenticating using his user ID and password. 2. After the users authenticate, they have access to the server as long as the session lasts. 3. Hacker takes the user offline by denial of service 4. Hacker gains access to the user by impersonating the user Session Hijacking Bob telnets to Server Bob authenticates to Server Server Bob Die! Hi! I am Bob Attacker • Attacker can – – – monitor the session periodically inject commands into session launch passive and active attacks from the session
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.