Systems, Security and Data Analysis- lecture 8

Internet Vulnerabilities

Basic threats:

Sniffing

Spoofing

Man in the middle

Emerging threats; malware, DDoS, botnets, cross-site scripting

Sniffing

Packet snooping software may listen on end point and extract critical info such as passwords

Wireless LANS are vulnerable

Can monitor traffic for example

Spoofing

Coming from once source when it is infact from other

IP address

DNS

Emails- think CEO fraud

IP address- may send packet with fraudulent ip in source (e.g. trusted ip address)

Can be easily done with raw sockets API

DNS spoofing-

Someone mat want home page from BOB but is in fact receiving a fake Bob one by Trudy

So would be giving info to Trudy

Poisoning the cache, done through sending a request to local DNS service for BOB’s service address the immediately sending spoodef response to same server- making it appear to come from root server

Address in Trudy’s fake response in installed to the local cache, and later passed to Alice

So Alice will not visit bobs address at any point

Responses to these include encryption and proper authentication

Malware

Multitude including worms, viruses etc

Viruses

Infecting other files

Autorun

Gets itself in startup

Then goes registry so it is always on start up

Starts deleting things, messing around with computer

Worms

Replicates itself through a network

Simplest exploit is a login service

Buffer overflow attacks

Vulnerability that can be exploited

Function calls and the stack-

Each function that completes returns to point in parent function where it shall resume

Temporary space is used called the stack

Allocation of stack starts high in the memory

Aaims to cause the buffer in stack to overflow

Subversion of service

Can overwrite the return address

Server can end up executing code in a messege fed to it by attacker

Denial of service

Well known, DDoS is most effective

Often used against large websites

Classic attacks include SYN floods and Ping floods

SYN attack

Enough SYNs in rapid succession can exhaust table as they aren’t deleted until ACK comes

Implementation- subvert a large number of hosts- get through worms or virus

All start attack on trigger

IP spoofing to make locating zombies harder

Can add further indirection with reflector attacks- legitimate service on uncompromised server

Spoof address in request, to point at target!

Botnets-

Email spam through millions of compromised hosts

Cross site scripting

Make something send sensitive info to another site