0
IN THE NAME OF GOD
Top 10 database attacks
MB Bahador
TOP 10 DATABASE ATTACKS
1. Excessive privileges
2. Privilege abuse
3. Unauthorized privilege elevation
4. Platform vulnera...
PLATFORM VULNERABILITIES
Vulnerabilities in underlying operating
systems may lead to unauthorized data
access.
PLATFORM VULNERABILITIES
Vulnerabilities in underlying operating systems
(Windows 2000, UNIX, etc.) and additional service...
PLATFORM VULNERABILITIES
Slammer worm on Windows machines
running MS SQL Server
PLATFORM VULNERABILITIES
 Aliases: SQL Slammer,
W32.SQLExp.Worm
 Released: January 25, 2003, at
about 5:30 a.m. (GMT)
 ...
PLATFORM VULNERABILITIES
 Platform:Microsoft SQL Server 2000
 Vulnerability: Buffer overflow
 Patch available for 6 mon...
PLATFORM VULNERABILITIES
 Infected between 75,000 and 160,000
systems
 Disabled SQL Server databases on infected
machine...
PLATFORM VULNERABILITIES
 Disrupted financial institutions
 Airline delays and cancellations
 Affected many U.S. govern...
PLATFORM VULNERABILITIES
 13,000 Bank of America ATMs stopped
working
 Continental Airlines flights were cancelled
and d...
PLATFORM VULNERABILITIES
 Single UDP packet
 Targets port 1434 (Microsoft-SQL-Monitor)
 Causes buffer overflow
 Contin...
PLATFORM VULNERABILITIES
PLATFORM VULNERABILITIES
PLATFORM VULNERABILITIES
PLATFORM VULNERABILITIES
PLATFORM VULNERABILITIES
PLATFORM VULNERABILITIES
 Reconstructs session from buffer overflow
 Obtains (and verifies!) Windows API
function addres...
Reconstruct
session
Get
Windows
API
addresses
Initialize
PRNG and
socket
Send
Packets
Buffer
Overflow
PLATFORM VULNERABILITIES
The Blaster worm took advantage of a Windows
2000 vulnerability to take down target
servers.(crea...
PLATFORM VULNERABILITIES
 Also known as Lovsan, Poza, Blaster.
 First detected on August 11, 2003
 Exploits the most wi...
PLATFORM VULNERABILITIES
 Affects Windows 2000 and Windows XP
 Two messages in the code:
1. “I just want to say LOVE YOU...
PLATFORM VULNERABILITIES
 Detected in mid-July 2003
 RPC protocol allow a program to run code
on a remote machine
 Inco...
PLATFORM VULNERABILITIES
Vulnerability Scorecard Report
Published: March 2011
This study leverages data from the National
...
PLATFORM VULNERABILITIES
Consequence
 Server is compromised
 Direct access to database files
 Local access through admi...
PLATFORM VULNERABILITIES
Mitigation
 Network ACLs: Simple FW to allow access only to
required services
 Network IPS: Tra...
REFERENCE
 eEye Digital Security.
http://www.eeye.com/html/Research/Flash/sapphire.txt
 Cooperative Association for Inte...
Data Base Attack
Data Base Attack
Data Base Attack
Data Base Attack
Data Base Attack
Data Base Attack
Data Base Attack
Data Base Attack
Data Base Attack
Upcoming SlideShare
Loading in...5
×

Data Base Attack

191

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
191
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Data Base Attack"

  1. 1. IN THE NAME OF GOD Top 10 database attacks MB Bahador
  2. 2. TOP 10 DATABASE ATTACKS 1. Excessive privileges 2. Privilege abuse 3. Unauthorized privilege elevation 4. Platform vulnerabilities 5. SQL injection 6. Weak audit 7. Denial of service 8. Database protocol vulnerabilities 9. Weak authentication 10.Exposure of backup data
  3. 3. PLATFORM VULNERABILITIES Vulnerabilities in underlying operating systems may lead to unauthorized data access.
  4. 4. PLATFORM VULNERABILITIES Vulnerabilities in underlying operating systems (Windows 2000, UNIX, etc.) and additional services installed on a database server may lead to unauthorized access, data corruption, or denial of service.
  5. 5. PLATFORM VULNERABILITIES Slammer worm on Windows machines running MS SQL Server
  6. 6. PLATFORM VULNERABILITIES  Aliases: SQL Slammer, W32.SQLExp.Worm  Released: January 25, 2003, at about 5:30 a.m. (GMT)  Fastest worm in history  Spread world-wide in under 10 minutes  Doubled infections every 8.5 seconds  376 bytes long
  7. 7. PLATFORM VULNERABILITIES  Platform:Microsoft SQL Server 2000  Vulnerability: Buffer overflow  Patch available for 6 months  Propagation: Single UDP packet
  8. 8. PLATFORM VULNERABILITIES  Infected between 75,000 and 160,000 systems  Disabled SQL Server databases on infected machines  Saturated world networks with traffic  Disrupted Internet connectivity world-wide
  9. 9. PLATFORM VULNERABILITIES  Disrupted financial institutions  Airline delays and cancellations  Affected many U.S. government and commercial websites
  10. 10. PLATFORM VULNERABILITIES  13,000 Bank of America ATMs stopped working  Continental Airlines flights were cancelled and delayed; ticketing system was inundated with traffic. Airport self-check-in kiosks stopped working  Activated Cisco router bugs at Internet backbones
  11. 11. PLATFORM VULNERABILITIES  Single UDP packet  Targets port 1434 (Microsoft-SQL-Monitor)  Causes buffer overflow  Continuously sends itself via UDP packets to pseudo-random IP addresses, including broadcast and multicast addresses  Does not check whether target machines exist
  12. 12. PLATFORM VULNERABILITIES
  13. 13. PLATFORM VULNERABILITIES
  14. 14. PLATFORM VULNERABILITIES
  15. 15. PLATFORM VULNERABILITIES
  16. 16. PLATFORM VULNERABILITIES
  17. 17. PLATFORM VULNERABILITIES  Reconstructs session from buffer overflow  Obtains (and verifies!) Windows API function addresses  Initializes pseudo-random number generator and socket structures  Continuously generates random IP addresses and sends UDP data-grams of itself
  18. 18. Reconstruct session Get Windows API addresses Initialize PRNG and socket Send Packets Buffer Overflow
  19. 19. PLATFORM VULNERABILITIES The Blaster worm took advantage of a Windows 2000 vulnerability to take down target servers.(create denial of service conditions)
  20. 20. PLATFORM VULNERABILITIES  Also known as Lovsan, Poza, Blaster.  First detected on August 11, 2003  Exploits the most widespread Windows flaw ever  A vulnerability in Distributed Component Object Model (DCOM) that handles communication using Remote Procedure Call (RPC) protocol
  21. 21. PLATFORM VULNERABILITIES  Affects Windows 2000 and Windows XP  Two messages in the code: 1. “I just want to say LOVE YOU SAN!”” 2. “billy gates why do you make this possible? Stop making money and fix your software!!”  Infected more than 100,000 computers in 24 hours
  22. 22. PLATFORM VULNERABILITIES  Detected in mid-July 2003  RPC protocol allow a program to run code on a remote machine  Incorrectly handles malformed messages on RPC port 135, 139, 445, 593  Attackers send special message to remote host  Gain local privilege, run malicious code
  23. 23. PLATFORM VULNERABILITIES Vulnerability Scorecard Report Published: March 2011 This study leverages data from the National Vulnerability Database (NVD), the industry standard source of security vulnerability data.
  24. 24. PLATFORM VULNERABILITIES Consequence  Server is compromised  Direct access to database files  Local access through admin roles  Install backdoors
  25. 25. PLATFORM VULNERABILITIES Mitigation  Network ACLs: Simple FW to allow access only to required services  Network IPS: Traditional detection of known vulnerabilities IPS tools are a good way to identify and/or block attacks designed to exploit known database platform vulnerabilities.
  26. 26. REFERENCE  eEye Digital Security. http://www.eeye.com/html/Research/Flash/sapphire.txt  Cooperative Association for Internet Data Analysis (CAIDA) http://www.caida.org/outreach/papers/2003/sapphire/sapphi re.html  Internet Storm Center. http://isc.incidents.org/analysis.html?id=180
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×