Full HTML for

Basic foilset Computer Crimes: Examples of Network Security attacks

Given by Roman Markowski at Tango Group Internal Technology Seminars on April 23 99. Foils prepared May 19 99
Outside Index Summary of Material

Examples and Typical attack weopens
Denial of Service, DNS Cache Poisoning, Port Scanners, Back Orifice
Web and Java
UNIX is better than NT

Table of Contents for full HTML of Computer Crimes: Examples of Network Security attacks

 Denote Foils where Image Critical
Denote Foils where HTML is sufficient
1 Computer Crimes Examples of Network Security Attacks
2 Computer crimes (1)
3 Computer crimes (2)
4 Computer crimes (3)
5 Typical Scenario
6 Typical Scenario - collecting tools
7 Typical Scenario - data gathering
8 Typical Scenario - research
9 Threats
10 Trends
11 Denial of Service Attacks (1)
12 Denial of Service Attacks (2)
13 Denial of Service Attacks (3)
14 Denial of Service Attacks (4)
15 Denial of Service Attacks (5)
16 Denial of Service Attacks (6)
17 Denial of Service Attacks (7)
18 DNS Cache Poisoning (1)
19 DNS Cache Poisoning (2)
20 DNS Cache Poisoning (3)
21 Port Scanners (1)
22 Port Scanners (2)
23 Port Scanners (3)
24 Port Scanners (4)
25 Port Scanners (5)
26 Back Orifice (1)
27 Back Orifice (2)
28 Back Orifice (3)
29 Back Orifice (4)
30 Back Orifice (5)
31 Session Hijacking (1)
32 Session Hijacking (2)
33 A Social Engineering Attack
34 Web Spoofing
35 Frame Spoofing
36 Web Exposures
37 Sneakin
38 Loki
39 Crack / L0phtCrack
40 Java-based attacks
41 Cookies
42 Unix vs. Windows NT
43 Can I try Intrusion Tools ?

Outside Index Summary of Material

HTML version of Basic Foils prepared May 19 99

Foil 1 Computer Crimes Examples of Network Security Attacks

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Roman Markowski
IS Manager
Northeast Parallel Architectures Center
Syracuse University
April 23 1999
http://www.npac.syr.edu/users/roman/
HTML version of Basic Foils prepared May 19 99

Foil 2 Computer crimes (1)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Computer crimes
  • First network attack: 1988 (Worm; Robert Morris, Cornell)
  • Attackers: hackers vs. crackers (vandals, spies)
  • hacker are proud of what they are doing and publish their achievements; crackers - hacking for profit
  • US companies lose $7.5 billion annually
Attacks
  • Social engineering method (obtaining username and password from another person)
  • Trojan Horses and system modifications (modified login, su, telnet, in.telnetd, ftp, ls, ps, netstat, ifconfig, find, du, df, libc, sync, inetd, and syslogd)
HTML version of Basic Foils prepared May 19 99

Foil 3 Computer crimes (2)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Attacks
  • Denial of service - some servers or services stop running
    • SYNC Flood, Ping o'Death
  • IP Spoofing - a hacker poses as a legitimate host using a fabricated IP address
  • Session hijacking - stealing sessions
  • Web spoofing - creating fake Web sites
  • DNS hijacking - redirect DNS
  • Password Sniffing - there are some tools like TCP Grab or Passfinder;
  • CGI PHF (Packet Handling Function) can be used to extract password file (Crack)
  • Holes in commercial and public domain software (sendmail, flexlm, yppasswd, ftpd, various servers)
HTML version of Basic Foils prepared May 19 99

Foil 4 Computer crimes (3)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Attacks
  • Hostile Java applets
  • Invasion of privacy - access and modification to private data
  • viruses (for Windows and Unix)- annoying, destructive
There is no such thing as a 100% secure computer network
Only 5% of crackers write their own code; most cracker tools is publicly available
Large majority of attacks are INTERNAL ( altering data; stealing source code; damaging computer systems; revealing confidential information)
HTML version of Basic Foils prepared May 19 99

Foil 5 Typical Scenario

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
gain access to an account
  • default or ease to guess passwords; social engineering
  • exploit a vulnerabilities in an operating systems - Unix services are particularly vulnerable (sendmail /IMAP/POP, NFS, NIS, DNS/BIND, FTP, TFTP, SYSLOG)
use "crack" to break more user passwords
obtain superuser privileges
install "back doors" (Trojan Horses)
install sniffers (packet and password grabbers) to obtain more password and site information
HTML version of Basic Foils prepared May 19 99

Foil 6 Typical Scenario - collecting tools

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Strobe - excellent port scanner http://rootshell.connectnet.com/
Mscan - powerful scanner http://rootshell.connectnet.com/
Scotty - protocol agent http://wwwsnmp.cs.utwente.nl/~schoenw/scotty/
Jizz - DNS poison server http://rootshell.connectnet.com/
Nmap - many types of scans http://www.insecure.org/nmap/index.html
RootKit - OS centric tools http://rootshell.connectnet.com/
QueSO - OS identification ftp://apostols.org/AposTools/snapshots/
SATAN - exposure assessment ftp://ftp.win.tue.nl/pub/security
SAINT - based on SATAN http://32bit.bhs.com/
HTML version of Basic Foils prepared May 19 99

Foil 7 Typical Scenario - data gathering

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
IP space, names, mail servers, contact information
  • whois, nslookup
management, topology and gateway data
  • (scotty) discover {-smtp | icmp}
  • ping, traceroute
information about hosts
  • strobe -b1 -e1024 $host
  • nslookup $host
  • satan (tcp_scan, udp_scan),saint, mscan, scotty, netcat, queso, nmap, dig, etc. etc
HTML version of Basic Foils prepared May 19 99

Foil 8 Typical Scenario - research

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Information about vulnerabilities
Attack
HTML version of Basic Foils prepared May 19 99

Foil 9 Threats

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Hacker attacks (vandalism, springboard)
Denial of service (competition)
Theft (software, ideas, money)
Damage to public image (companies, people)
HTML version of Basic Foils prepared May 19 99

Foil 10 Trends

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Cracker tools getting easier to use (GUI) and easily distributed (hacker groups as distribution houses)
High quality, extremely functional hacker tools; lots of good tools
Attack from multiple sources simultaneously at Christmas time, New Years Eve, etc
New hacks all the time
The attacks are getting more sophisticated
Various hacks are combined
HTML version of Basic Foils prepared May 19 99

Foil 11 Denial of Service Attacks (1)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Against companies to make their computers unusable; damage the company image
Takes systems attention from real attack
There are countless DoS attacks out there today ftp://info.cert.org/pub/tech_tips/denial_of_service
Various forms:
  • SYN Flooding
  • Land and similar
  • Teardrop and similar
  • Smurf, papasmurf
  • Ping of Death
HTML version of Basic Foils prepared May 19 99

Foil 12 Denial of Service Attacks (2)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
SYN Flood
  • SynFloods (Fall 1996) and Shake The Net ( 1997)
  • TCP is subject to SynFlood
  • TCP based on 3-way handshake (ISN - initial sequence number)
    • A ------SYN(A,ISNa)----------------- ------>B
    • A <----ACK(A,ISNa),SYN(B,ISNb)------- B
    • A ------ACK(B,ISNb)------------------------>B
  • Systems must allocate resources for each SYN to come in
  • Attacker sends several SYN packets to a victim from a spoofed (fake), unanswering machine SYN(X,ISNx). Connection cannot be ACK and waits for timeout. The queue will fill up and the machine is going down or does not serve more requests. Some systems (IRIX 5.3, SunOS 4.1.3 allow for 8 simultaneous connections; timeout=several minutes)
HTML version of Basic Foils prepared May 19 99

Foil 13 Denial of Service Attacks (3)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
SYN Flood - Defense
  • increase size of connection queue (LISTEN-Q in kernel)
    • (Solaris) ndd /dev/tcp tcp_conn_req_max
  • decrease timeout period
    • (Solaris) ndd /dev/tcp tcp_conn_grace_period
  • remember: it is per port, NOT per host
  • deny service to any IP address that sends too many requests in a short period of time
  • RFC 2267 (1998, January): configure routers to block packets with spoofed source addresses. This should be implemented by ISPs. They can prevent packets with spoofed source addresses from leaving their own network
HTML version of Basic Foils prepared May 19 99

Foil 14 Denial of Service Attacks (4)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Land Attack
  • November 1997
  • affects many Unix,Windows NT/95, routers and switches
  • uses poorly implemented TCP/IP stack
  • send a TCP SYNC packet
    • destination IP address= source IP address= victim's IP address
    • source port = destination port = available port on victim's machine
  • Packet is sent back to itself; result: machine crashes
Defense
  • vendor patches
  • anti-spoof filters
HTML version of Basic Foils prepared May 19 99

Foil 15 Denial of Service Attacks (5)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Teardrop Attack (summer 1997 )
  • use a bug in the implementation of IP packet fragmentation
    • send 2 specially fragmented IP datagrams (overlapping fragments)
    • the first: 0 offset fragment with the payload of size N; MF bit on
    • the second: positive offset <N and a payload less than N;MF=0
    • the offset is shorter then previous fragment; reassembly procedure creates negative number, which is treated by system as s very large positive number
  • Linux, Win95, WinNT will crash because the copy operation overwrites the memory
  • variants : bonk (affects port 53), newtear (UDP-based)
Defense
HTML version of Basic Foils prepared May 19 99

Foil 16 Denial of Service Attacks (6)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Smurf Attack
  • summer 1997 (smurf tool)- http://www.rootshell.com
  • smurf sends many spoofed ICMP echo request (ping) to a broadcast address on a victim's network
  • the victim's (spoofed) machine gets too many responses from every host on the network, consuming all available bandwidth
  • attack based on spoofing source IP address
  • papasmurf - an improved, optimized version of smurf; UDP based;
Defense
  • filter out ICMP messages on a router; this can harm your ability to monitor the network
  • router configuration option : "no IP directed-broadcast" (cisco)
HTML version of Basic Foils prepared May 19 99

Foil 17 Denial of Service Attacks (7)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Ping of Death
HTML version of Basic Foils prepared May 19 99

Foil 18 DNS Cache Poisoning (1)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
DNS - Domain Name Service - critical component of the Internet; maps names to IP addresses; mail exchanger
Clients use resolver to access DNS servers
BIND - Berkeley Internet Name Domain - most common DNS
DNS servers query each other to resolve names (QueryID)
To lower traffic requirements, DNS servers will cache answers
Client
Local
DNS
Company
DNS
COM
DNS
Root
DNS
www.company.com
HTML version of Basic Foils prepared May 19 99

Foil 19 DNS Cache Poisoning (2)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Evil
x.y.z.w
DNS
good
DNS
evil
DNS
bank
(1) any.evil.com ?
(2) any.evil.com ?
(3) store Query ID#
(4) www.bank.com ?
(5) www.bank.com ?
(6) spoof answer:
www.bank.com=x.y.z.w
(7) Cache:
www.bank.com
= x.y.z.w
Good
(8) www.bank.com ?
(9) x.y.z.w
(10) bank transaction
Www
bank
HTML version of Basic Foils prepared May 19 99

Foil 20 DNS Cache Poisoning (3)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
DNS cache attack affects all versions of BIND and Windows NT Server DNS
Defense
  • decrease TTL (and performance)
  • use hard to predict Query ID #
  • digitally sign DNS records
  • use SSL / HTTPS for important transactions
  • protect DNS server
  • use suspicious activity detection software
HTML version of Basic Foils prepared May 19 99

Foil 21 Port Scanners (1)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Help to identify openings on a system and the type of the system
Understand what services are running where
Direct
  • TCP connect (strobe, SATAN-tcp_scan, netcat)
  • UDP `connect' (SATAN-udp_scan,netcat)
  • service protocols, application level (MSCAN)
Indirect
  • tunneling (NMAP-FTP Bounce)
HTML version of Basic Foils prepared May 19 99

Foil 22 Port Scanners (2)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Scan all 65,535 TCP ports and 65,535 UDP ports
  • 80/tcp - http, 23/tcp - telnet, 53/udp - DNS, 6000/tcp X server
Examples: network scans
  • ping www.company.com
  • traceroute www.company.com
  • discover -snmp 20.10.213 (SCOTTY OS identification)
  • discover -icmp 20.10.213 (SCOTTY host identification)
Examples: port scans
  • strobe 127.0.0.1
  • tcp_scan 127.0.0.1 1-1024
  • udp_scan 127.0.0.1 1-1024
  • mscan -h target
HTML version of Basic Foils prepared May 19 99

Foil 23 Port Scanners (3)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
MSCAN
SCOTTY
HTML version of Basic Foils prepared May 19 99

Foil 24 Port Scanners (4)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
NMAP - http://www.insecure.org/nmap
  • TCP scans - connect to every port with 3-way handshake
  • UDP scans; SYN scans using IP fragments
  • ACK and FIN scans
  • designed to by-pass firewalls and intrusion detection tools
QueSO - http://www.apostols.org/projectz/queso
  • TCP scans with various combinations of TCP flags: SYN, SYN+ACK,FIN, FIN+ACK,SYN+FIN
  • can determine various types of the operating systems, kernel versions
HTML version of Basic Foils prepared May 19 99

Foil 25 Port Scanners (5)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
NMAP - FTP bounce
  • we can tell an anonymous ftp server to connect to machines inside its firewall
  • ping 20.10.1.17 (host behind a firewall)
    • ICMP Host Unreachable
  • ping 128.70.21.256
    • 128.70.21.256 is alive
  • nmap -ports 20-32 anonymous:foobar@128.70.21.256 20.10.1.17
    • connection to ftp://anonymous:foobar@128.70.21.256:21
    • TCP ftp bounce scan against 20.10.1.17
    • list of ports, protocols, services
HTML version of Basic Foils prepared May 19 99

Foil 26 Back Orifice (1)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Allows remote control of Win 95 and Win 98
Backdoor: allows attacker to bypass system security
Gives remote access to File system, registry, passwords, operating system, network, processes, screen and keyboard
Introduced in August 1998 by Cult of the Dead Cow (cDc); Free from http://www.cultdeadcow.com
BO2K (Back Orifice 2000) on the way!
Contains integrated services: HTTP server, packet sniffer, keyboard monitor for logging keystrokes, connection and application redirection
HTML version of Basic Foils prepared May 19 99

Foil 27 Back Orifice (2)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Works in Client - Server model; client and server communicate over UDP port 31337; port can be changed
Server must be installed on the victim machine; trivial to install; does not show up in the task list
Client runs on hacker's machine
Very nice GUI; there is also command line interface
HTML version of Basic Foils prepared May 19 99

Foil 28 Back Orifice (3)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Capabilities
  • examines key strokes, get detailed system information;
  • lock and reboot the machine
  • gather passwords: dialup, network access, screensaver
  • Registry: list, create,delete,set keys and values
  • Processes: List, kill, and spawn processes
  • network: view all accessible network resources
  • file system: copy, rename, delete, view, compress, search files and directories
  • packet redirection: redirect any incoming TCP and UDP port to any other address and port
HTML version of Basic Foils prepared May 19 99

Foil 29 Back Orifice (4)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Capabilities
  • remotely control video input devices (like a Quickcam)
  • Plugins: defines interface between BO and various additional tools. Available plugins
    • Sniffer - gathers all network traffic
    • Satan Wrap - installs BO and runs an application (e.g. game)
    • Trumpet - e-mails BO server address upon activation
    • . . . . Other . . .
HTML version of Basic Foils prepared May 19 99

Foil 30 Back Orifice (5)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Defense
  • ToiletPaper v 1.0
    • www.sinnerz.com/tp.html
  • BoDetect 1.0
    • www.spiritone.com/~cbenson/current_projects/backorifice/bodetect.htm
  • C:\WINDOWS\SYSTEM\WINDLL.DLL
  • AntiVirus tools
  • never accept unsigned ActiveX controls
NT is not immune
  • NetBus 2.0 released in January 1999; Back Orifice like functionality for Windows NT
HTML version of Basic Foils prepared May 19 99

Foil 31 Session Hijacking (1)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Allows an attacker to steal, share, terminate, monitor and log any terminal session that is in progress
Session stolen across the network
HUNT, session hijacking tool written in November 1998: http://www.rootshell.com allows insertion of commands or takeover of session
What can be hijacked: telnet, rlogin, rsh, ftp
HTML version of Basic Foils prepared May 19 99

Foil 32 Session Hijacking (2)

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Session hijacking scenario:
  • A telnets to B to get some work done
  • Attacker resets connection to A
  • Attacker kicks off A and takes over the session to B. The logs will show that A made all changes
Other tools: Juggernout, TTYWatcher, IPWatcher
Defenses: use strong authentication (SSH), do not telnet to critical computers
HTML version of Basic Foils prepared May 19 99

Foil 33 A Social Engineering Attack

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
It is an attempt by a computer hacker to persuade a legitimate system user to reveal information, allowing the hacker to break through the system security
most common way hackers break into systems
the most common attack through the telephone
" If you give me your logon ID and password, I can fix it in a few minutes, you can change your password when I am done"
hacker takes advantage of the organization size - people do not know each other
if you receive a suspicious phone call, ask for a phone number and call the person back.
HTML version of Basic Foils prepared May 19 99

Foil 34 Web Spoofing

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
URL rewriting
The attacker creates false "copy" of a the entire Web
  • attacker takes selected pages, the rest is available on-line
  • attacker web server is between a victim and the rest of the Web (DNS poisoning, registering false URL in a search engine)
  • if you see http://www.bad.com/http://www.good.com you are under attack; works even with secure connection
  • You can ask for it: http://www.anonymizer.com/
  • he can intercept and modify data
  • capture passwords, credit card information, etc
Defense
  • disable JavaScript (prevents attacker from hiding URLs)
  • Display URL and look at it
HTML version of Basic Foils prepared May 19 99

Foil 35 Frame Spoofing

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
The attacker inserts a frame into a web page
  • developed in December 1998 and January 1999
  • one of user frames can be controlled by an attacker while all others are normal
  • the attacker frame can be used to gather passwords, credit card information, or display misleading information
  • exploits implementation vulnerability on most browsers
  • http://www.secureexperts.com/framespoof
  • attacker web server is between a victim and the rest of the Web
  • web and frame spoofing creates a BIG opportunity
Defense
  • patch your browsers
  • use dynamic frame names for sensitive screens
HTML version of Basic Foils prepared May 19 99

Foil 36 Web Exposures

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
When PHF script exist
Most Web applications are never tested for penetration vulnerabilities (input handling issues)
  • cgi script may be able to use files outside of server area
  • unexpected arguments
Web servers have well-known bugs: in most cases requires ability to find, read and recreate exploits
various exploits described at
Most popular: replace web pages with new ones; put additional contents
HTML version of Basic Foils prepared May 19 99

Foil 37 Sneakin

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Runs under Unix operating system
My network allows outgoing telnet (src port > 1024, destination port =23)
Attacker installs a sneaking daemon on our network and sends a few pings from outside. Daemon responses "telneting" out and the session is established
When connection made, sneakin client and server reverse the connection
Available from http://www.rootshell.com
Defense: strong internal host security and Principle Of Least Privileges (open absolutely minimal amount of services)
HTML version of Basic Foils prepared May 19 99

Foil 38 Loki

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Think of it as a telnet over ICMP (ping): gives the ability to tunnel shell sessions over ICMP or UDP port 53 (looks like DNS)
Offers a command line shell to the attacker on the victim machine
Works in a client-server model; first server must be installed on the victim's machine
http://www.phrack.com/Archives/phrack51.tgz
Defense: know what should be running on your system
HTML version of Basic Foils prepared May 19 99

Foil 39 Crack / L0phtCrack

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Software that attempts to guess passwords for an account for Unix and NT (directory entries, brute force, User Id variations)
Requires /etc/passwd (can be stolen using "phf" in cgi-bin) and somebodyelses account
attacker runs Crack against the stolen `passwd' file on his own computer
Crack functionality: guess password, encrypt, check if match, try again
Crack v 5.0 for Unix released in 1996
L0phtcrack ver 2.5.2 for Windows NT updated December 1998
  • dictionary and brute force password cracking
HTML version of Basic Foils prepared May 19 99

Foil 40 Java-based attacks

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
SNARF
  • a classic Trojan Horse login implemented in Java
  • displays window requesting "user id" and "password"
  • obtained info is send to the evil web server
Denial of Service applets
  • Noisy Bear, Applet Killer, Blue Screen of Death
  • Resource Consumer
Defense
  • encrypt sensitive data
  • know what web sites you are visiting
  • use latest versions of browser ; use latest security patches
  • turn Java off, do not use Java-enabled web browser
HTML version of Basic Foils prepared May 19 99

Foil 41 Cookies

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Stores information on browser client
Are cookies secure ?
  • Can't read your hard drive
  • Can't be read by another domain
  • Are text files, not executable
  • can remember what ads you read
  • can help to "profile" users
  • more privacy than security concern
HTML version of Basic Foils prepared May 19 99

Foil 42 Unix vs. Windows NT

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Unix since 1969; never intended to be secure; trusted (C2 and up) versions available; better knowledge what is going on; more mature; easier than NT to setup security
Windows NT - relatively new; many unknown security issues (black box); very unsecure
HTML version of Basic Foils prepared May 19 99

Foil 43 Can I try Intrusion Tools ?

From Computer Crimes: Examples of Network Security attacks Tango Group Internal Technology Seminars -- April 23 99. *
Full HTML Index
Do not even think about it ....
© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Mon Aug 16 1999