Beruflich Dokumente
Kultur Dokumente
Slowloris
& Scary SSL Attacks
Sam Bowne
Contact
Sam Bowne
Computer Networking and Information
Technology
City College San Francisco
Email: sbowne@ccsf.edu
Web: samsclass.info
Topics
sslstrip
1. YouTube
2. Wikipedia
3. Craigslist
4. Photobucket
5. Flickr
6. WordPress
7. Twitter
8. IMDB
HTTPS
HTTP
HTTPS
HTTP
HTTPS
MIXED
MIXED
HTTPS
9. Digg
10. eHow
11. TypePad
12. topix
13. LiveJournal
14. deviantART
15. Technorati
HTTP
HTTPS
HTTPS
HTTP
Obfuscated HTTP
MIXED
HTTPS
From http://www.ebizmba.com/articles/usergenerated-content
Password Stealing
Medium
ssltrip
Easy
Wall of Sheep
MIXED,
3
HTTP, 5
HTTPS,
7
Hard
Spoofing Certificates
Mixed Mode
HTTP
Target
Using
Facebook
Attacker:
sslstrip
Proxy
in the
Middle
Attacker
Target
ARP Poisoning
http://k78.sl.pt
ARP Request
ARP Reply
Client
Gateway
Facebook.com
ARP Poisoning
Attacker
ARP Replies: I
am the
Gateway
Forwarded &
Altered Traffic
Traffic to
Facebook
Client
Gateway
Facebook.com
Demonstration
slowloris
HTTP GET
OSI Model
OSI Model
DoS Attack
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
Cut a cable
Demonstration
iClicker Questions
Layer 1
Layer 2
Layer 3
Layer 4
Layer 5 or higher
Open Access
WEP
WPA
VPN
802.1x
Plaintext
Mixed-mode
HTTPS with a CA
Self-signed SSL
Something else
HTTPS
Target
Using
https://gmail.com
Attacker:
Cain: Fake
SSL
Certificate
Warning Message
Certificate Errors
Impersonating Verisign
Link SSL-2
Countermeasures
Link SSL-4
CA in an Untrustworthy
Nation
Link SSL-8
Link SSL-10