Tuesday, March 31, 2009

Attacks over the Network

  • IP Spoofing
  • Packet Sniffing
  • OS fingerprinting
  • SYN Attacks

SYN Flooding

Predictable ISN

  • Routing Vulnerabilities

Router Redirect

Bogus Routing Information

Bogus Subnet Mask

  • DNS Vulnerabilities

DNS Cache Poisoning

Split DNS

  • Fragmentation Attacks

Ping of Death

Tiny Fragment Attack

Teardrop Attack

Overlapping Fragment Attack

Unnamed Attack

posted by Arif Setiawan at 4:14 AM 0 comments links to this post

IP Spoofing

  • No authentication eg SNMP (no more so in SNMP v3)
  • Authentication based on IP addresses eg firewalls
  • RAW socket options (SOCK_RAW), most applications used "cooked" sockets where the IP stack provides the necessary headers

Administrator login

  • Blind Spoofing vs Non-blind Spoofing

non-blind : sniffer or SRC routing option to make sure the return path gets the packet to you

blind : make sure the spoofed node is down

  • Land Attack (by a then teenager Breton Maltman)

destination IP address = source IP address = victim’s IP address

source port = destination port = available port on victim’s machine

Packet is sent back to itself; machine crashes

  • Smurf Attack : spoof broadcast address of LAN and send it to the victim
  • ISPs practice ingress filtering
  • Firewalls block spoofed addresses or SRC Routing
  • AH of IPSec

posted by Arif Setiawan at 4:10 AM 0 comments links to this post

Packet Sniffing

A sniffer is a device attached to a network that monitors data traveling over that network.

hardware device that records data (NIC in promiscuous mode)

software program that interprets the data eg tcpdump

Legitimate uses :

verify firewall rules eg packet leakage

monitor suspicious activities eg stealing trade secrets

law enforcement and computer crime investigation for forensics and evidence collection

IDS

Malicious use

password sniffing telnet, rsh, rlogin, ftp or rcp : plain text

solution : one-time passwords

S/Key : same seed

SmartCards : challenge-response

confidential information such as credit card information

use of encryption : ESP of IPSec

posted by Arif Setiawan at 4:08 AM 0 comments links to this post

OS fingerprinting

Many security holes are dependent on OS version.

FIN packet (or any packet without an ACK or SYN flag) to open port - no response (RFC793) or RST packet for windows

TCP ISN Sampling

TCP Options

generally optional, so not all hosts implement them.

send a query with an option set, the target generally shows support of the option by setting it on the reply.

can stuff a whole bunch of options on one packet to test everything at once.

Welcome messages/banners on by default

payfonez> telnet ftp.netscape.com 21

Trying 207.200.74.26 ...

Connected to ftp.netscape.com.

Escape character is '^]'.

220 ftp29 FTP server (UNIX(r) System V Release 4.0) ready.

SYST 215 UNIX Type: L8 Version: SUNOS

Avoidance :

Uniform behavior across OSs by sticking to RFCs

No escape as packets used are legitimate



posted by Arif Setiawan at 4:06 AM 1 comments links to this post

Sunday, March 29, 2009

Pengumuman Jadwal Bimbingan Skripsi

  1. Jadwal bimbingan skripsi dilaksanakan setiap hari sabtu,

Jam : 08.30 – 09.30

11.30 – 12.30

15.00 – 16.00

  1. Konsultasi juga bisa dilakukan melalui email & YM

Nick & email : Arif_plstuff@yahoo.com

posted by Arif Setiawan at 8:19 AM 1 comments links to this post

Friday, March 27, 2009

Nama : Arif Setiawan, S.Kom.
Email : arif_plstuff@yahoo.com
Situs : http://arif-setiawan.co.cc/
http://planxton-tech.co.cc/

Pekerjaan : Staf Pengajar, Universitas Muria Kudus,
Fakultas Teknik, Progdi Sistem Informasi
Pendidikan
S1 : Tehnik Informatika, Universitas Dian Nuswantoro
S2 : S2 Ilmu Komputer, Universitas Gajah Mada (finishing)
Konsentrasi : Sistem Cerdas Terapan

posted by Arif Setiawan at 10:37 AM 1 comments links to this post