Beruflich Dokumente
Kultur Dokumente
Denial of Service
• Agenda
Mac Modification
Address Resolution Protocol Trickery
IP address spoofing
TCP session Hijacking
Domain Name Spoofing
Email Spoofing (not in lab)
Denial of Service
• Non-blind attacks
Attacker and target on same subnet
Reply traffic can be sniffed
• Blind attacks
Attacker and target on different subnets
Reply traffic cannot be seen by attacker
Attacker must be able to predict replies
• Packet Types
URG - Urgent
ACK - Acknowledge
PSH - Push
RST - Reset
SYN - Synchronize can flood a server
FIN - Finish
= y , A CK=x+1)
Q
SYN (SE
(SEQ=x+1,
ACK=y+1)
“Hi, I am
Alice”
Attacker
ECE 4112 - Internetwork Security 18
DNS Spoofing
Mailsnarf
Msgsnarf
TCPKill
TCPnice
URLSnarf
WebSpy
SSHMITM
WebMITM
ECE 4112 - Internetwork Security 21
DSniff
telnet mail.xyz.gatech.edu 25
220 sark.xyz.gatech.edu ESMTP Sendmail 8.12.10/8.12.8;
Mon, 1 Dec 2003 040500 (EST)
HELO abc4883.com
250 sark.xyz.gatech.edu Hello ece-237-37.abc.gatech.edu
[130.207.237.37], pleased to meet you
MAIL FROM: <fake@abc4883.com>
250 2.1.0 <fake@abc4883.com>... Sender ok
RCPT TO: <gotcha@abc.gatech.edu>
250 2.1.5 <gotcha@abc.gatech.edu>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Greetings from abc4883!
.
250 2.0.0 hAUMOh6c005386 Message accepted for delivery
QUIT
221 2.0.0 sark.xyz.gatech.edu closing connection
• Denial of Service
Easy to mount – script kiddies
Requires few computing resources
Most common attack – deadly results
• Comes in various forms. E.g. –
Buffer Overflow Attack
Teardrop Attack
Syn Flood
Smurf Attack
• OSI Model:
RAD Data Communications
• libnet (packetfactory.net)
• Raw Socket Programming (mixter.void.
ru)
• Paketto (www.doxpara.com/paketto)
• Dsniff (naughty.monkey.org/~dugsong/dsniff)
• Computer Networks Third Edition, Andrew
Tanenbaum, PrenticeHall1996.
• Counter Hack. Ed Skoudis, PrenticeHall
2002.
• TCP/IP Illustrated, Volume 1. W. Richard
Stevens, AddisonWesley1994.