SlideShare a Scribd company logo

Attacking and Defending the LAN

Don Anto
Don Anto

1. The document discusses common attacks on local area networks (LANs), including spoofing, man-in-the-middle attacks, sniffing, TCP/IP session hijacking, remote code execution, and denial-of-service attacks. 2. It describes how each attack works and provides examples of how it could be carried out on a LAN. Specific techniques mentioned include ARP cache poisoning, IP spoofing, DHCP spoofing, switch port stealing, and buffer overflows. 3. The document recommends defenses against these attacks such as using switches instead of hubs, static ARP entries, port security, VLAN segmentation, encryption, firewalls, patching, and monitoring tools. Regular auditing and updating systems is

1 of 19
Download to read offline
LOGO Workshop Attack and Defense – November 2007 Attacking The LAN  Spying The Wire ATIK PILIHANTO RISTI TELKOM BANDUNG
Global Trend Attack in Local Network 1 Spoofing 2 Man In The Middle 3 Sniffing (Passive) 4 TCP/IP session Hijacking 5 Remote Code Execution 6 Denial of Service (DoS)    
Spoofing  Spoofing is sending packet with a forged source with the  purpose of concealing the identity of the sender.  Spoofing example :  • IP address spoofing  • ARP cache spoofing (ARP cache poisoning)  • Email spoofing  Spoofing in local network : ARP cache poisoning and IP address  spoofing ATIK PILIHANTO RISTI TELKOM  2007    
IP Spoofing in Action    
Man In The Middle (MiTM)  Man in The Middle is an attack in which an attacker is able to  read, insert and modify at will, messages between two parties  without either party knowing that the link between them has been  compromised.  Man in The Middle technique • Switch port stealing • ARP cache poisoning • DNS spoofing • DHCP spoofing  Man in The Middle in Local Network : Switch port stealing, DHCP  spoofing, ARP cache poisoning.  RISTI TELKOM  2007 ATIK PILIHANTO    
Man In The Middle (MiTM)    
Sniffing (Passive)  Sniffing is a process intercepting and reading network traffic.  Sniffing purpose : • Analyze network problems • Monitor network traffic • Spy on other network users and collect sensitive information  In switched network, sniffing process is usually combined with  Man in The Middle. ATIK PILIHANTO RISTI TELKOM  2007    
Sniffing In Action    
TCP/IP Session Hijacking  TCP/IP Session Hijacking is an attack in which attacker is able  to hijack or take over an established TCP connection between  two parties.  In case local network attacking, TCP/IP hijacking can be done by  combining MiTM and active sniffing, inserting RST or FIN,  predicting Initial Sequence Number (ISN), fully compromising  established TCP connection. ATIK PILIHANTO RISTI TELKOM  2007    
Remote Code Execution  Remote code execution allows an attacker to execute any  arbitrary code in a target vulnerable machine.  Need a flaw or vulnerability in target machine, example :  • DCOM RPC Remote Buffer Overrun ( WINDOWS ) • IPv6 mbuff Remote Buffer Overflow (OpenBSD)  Remote code execution is usually caused by flaw programming  in operating system, service daemon, or application. ATIK PILIHANTO RISTI TELKOM  2007    
Common Programming Mistakes 1 Buffer Overflow 2 Integer Overflow 3 Error Format String 4 SQL injection 5 File Inclussion 6 Cross Site Scripting    
Remote Buffer Overflow Exploit    
Denial of Service (DoS)  Denial of Service is an attack to make a computer resource  unavailable to its legitimate users.  Denial of Service can be done by attacking • Protocol weakness : SYN Flooding, ICMP Smurfing • Service Daemon weakness : Buffer Overflow • Web Application weakness : WEB2 XSS Worm  Denial of Service in local network : ARP cache poisoning,  Flooding (SYN/UDP/ICMP) ATIK PILIHANTO RISTI TELKOM  2007    
DoS in Vulnerable Daemon    
Defense  Defending spoofing attack in LAN is really difficult, but we can  minimize the risk.  IP spoofing can be used for TCP SYN Denial of Service • Enabling SYN cookies “sysctl net.ipv4.tcp_syncookies=1”  ARP cache spoofing can be used for MiTM • Static ARP entries • Passive monitoring arpwatch • Active monitoring ethercap  Switch port stealing can be used for MiTM • Port security on the switch ATIK PILIHANTO RISTI TELKOM  2007    
Defense  Manage risk of sniffing and TCP/IP session hijacking • Using SWITCH rather than HUB • Defending MiTM attack • VLAN segmentation • Encrypted traffic (SSH, SSL, IPsec)  Manage risk of remote code execution • Enabling kernel exec shield and random virtual address  • sysctl kernel.exec­shield=1 • sysctl kernel.randomize_va_space=1 • Good firewall policy • Regular auditing and patching ATIK PILIHANTO RISTI TELKOM  2007    
Defense  Manage risk of Denial of Service • Good firewall policy • Regular auditing and patching ATIK PILIHANTO RISTI TELKOM  2007    
Discussion  Discussion ??  Question ??  Suggestion ?? ATIK PILIHANTO RISTI TELKOM  2007    
LOGO ATIK PILIHANTO RISTI TELKOM  2007

Recommended

Meletis Belsis - IMS Security
Meletis Belsis - IMS SecurityMeletis Belsis - IMS Security
Meletis Belsis - IMS SecurityMeletis Belsis MPhil/MRes/BSc
 
Hacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisHacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisP1Security
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateWave Italia SpA
 
Network Security Through FIREWALL
Network Security Through FIREWALLNetwork Security Through FIREWALL
Network Security Through FIREWALLTheCreativedev Blog
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Voice EncryptionSlingSecure Mobile Voice Encryption
SlingSecure Mobile Voice EncryptionSlingSecure Mobile Encryption
 
Cd213 percy-audiocodes
Cd213 percy-audiocodesCd213 percy-audiocodes
Cd213 percy-audiocodesTran Thanh
 

Recommended

Meletis Belsis - IMS Security
Meletis Belsis - IMS SecurityMeletis Belsis - IMS Security
Meletis Belsis - IMS SecurityMeletis Belsis MPhil/MRes/BSc
 
Hacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisHacking Telco equipment: The HLR/HSS, by Laurent Ghigonis
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisP1Security
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateWave Italia SpA
 
Network Security Through FIREWALL
Network Security Through FIREWALLNetwork Security Through FIREWALL
Network Security Through FIREWALLTheCreativedev Blog
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
SlingSecure Mobile Voice Encryption
SlingSecure Mobile Voice EncryptionSlingSecure Mobile Voice Encryption
SlingSecure Mobile Voice EncryptionSlingSecure Mobile Encryption
 
Cd213 percy-audiocodes
Cd213 percy-audiocodesCd213 percy-audiocodes
Cd213 percy-audiocodesTran Thanh
 
Ict encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosantiIct encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosantiPrivateWave Italia SpA
 
WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitAirTight Networks
 
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsTEO LT, AB
 
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesPriyanka Aash
 
Presentation
PresentationPresentation
Presentationdarshpreet kaur
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
VoIP Fraud
VoIP FraudVoIP Fraud
VoIP FraudGiorgos Fragiadakis
 
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosPriyanka Aash
 
Sbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX DeloymentSbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX DeloymentSelf Employed
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Day1
Day1Day1
Day1Jai4uk
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...EC-Council
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 
DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone now
DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone nowDEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone now
DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone nowFelipe Prado
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija pptGirija Sankar Dash
 
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksIt’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksPriyanka Aash
 
Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ ZoneNetProtocol Xpert
 
Security in bluetooth, cdma and umts
Security in bluetooth, cdma and umtsSecurity in bluetooth, cdma and umts
Security in bluetooth, cdma and umtsAnkit Gupta
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Vpn presnt
Vpn presntVpn presnt
Vpn presntFrikha Nour
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Sa Corp Presentation(6.17.09)
Sa Corp Presentation(6.17.09)Sa Corp Presentation(6.17.09)
Sa Corp Presentation(6.17.09)Dafna Shelly
 

More Related Content

What's hot

Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsTEO LT, AB
 
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesPriyanka Aash
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosPriyanka Aash
 
Sbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX DeloymentSbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX DeloymentSelf Employed
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...EC-Council
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 
DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone now
DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone nowDEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone now
DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone nowFelipe Prado
 
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksIt’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksPriyanka Aash
 
Security in bluetooth, cdma and umts
Security in bluetooth, cdma and umtsSecurity in bluetooth, cdma and umts
Security in bluetooth, cdma and umtsAnkit Gupta
 
FireWall
FireWallFireWall
FireWallrubal_9
 

What's hot (20)

Ict encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosantiIct encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosanti
 
WPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP ExploitWPA/WPA2 TKIP Exploit
WPA/WPA2 TKIP Exploit
 
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
 
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
 
Presentation
PresentationPresentation
Presentation
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
VoIP Fraud
VoIP FraudVoIP Fraud
VoIP Fraud
 
Defcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddosDefcon 22-weston-hecker-burner-phone-ddos
Defcon 22-weston-hecker-burner-phone-ddos
 
Sbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX DeloymentSbc the-critical-component for a successful IP PBX Deloyment
Sbc the-critical-component for a successful IP PBX Deloyment
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
Day1
Day1Day1
Day1
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
 
DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone now
DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone nowDEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone now
DEF CON 27 - CAMPBELL / MURRAY - gsm we can hear everyone now
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
 
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF AttacksIt’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks
 
Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ Zone
 
Security in bluetooth, cdma and umts
Security in bluetooth, cdma and umtsSecurity in bluetooth, cdma and umts
Security in bluetooth, cdma and umts
 
FireWall
FireWallFireWall
FireWall
 
Vpn presnt
Vpn presntVpn presnt
Vpn presnt
 

Viewers also liked

Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Sa Corp Presentation(6.17.09)
Sa Corp Presentation(6.17.09)Sa Corp Presentation(6.17.09)
Sa Corp Presentation(6.17.09)Dafna Shelly
 
Sun Pharma to acquire Ranbaxy in $4bn transaction says Sachin Karpe
Sun Pharma to acquire Ranbaxy in $4bn transaction says Sachin KarpeSun Pharma to acquire Ranbaxy in $4bn transaction says Sachin Karpe
Sun Pharma to acquire Ranbaxy in $4bn transaction says Sachin KarpeSachin Karpe
 
Merck: Q4 2015 Results
Merck: Q4 2015 ResultsMerck: Q4 2015 Results
Merck: Q4 2015 ResultsMerck
 
Impact of mergers and acquisition of pharmaceutical industry in indian scenario
Impact of mergers and acquisition of pharmaceutical industry in indian scenarioImpact of mergers and acquisition of pharmaceutical industry in indian scenario
Impact of mergers and acquisition of pharmaceutical industry in indian scenarioNitin Patel
 
Merck presentation.
Merck presentation.Merck presentation.
Merck presentation.Bakryk
 
Merger and Acquisition in Banking Sector
Merger and Acquisition in Banking SectorMerger and Acquisition in Banking Sector
Merger and Acquisition in Banking Sectorfarah khan
 
Role of hr in mergers and acquisitions
Role of hr in mergers and acquisitionsRole of hr in mergers and acquisitions
Role of hr in mergers and acquisitionsQarib Raza
 

Viewers also liked (13)

Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
 
Sa Corp Presentation(6.17.09)
Sa Corp Presentation(6.17.09)Sa Corp Presentation(6.17.09)
Sa Corp Presentation(6.17.09)
 
Sun Pharma to acquire Ranbaxy in $4bn transaction says Sachin Karpe
Sun Pharma to acquire Ranbaxy in $4bn transaction says Sachin KarpeSun Pharma to acquire Ranbaxy in $4bn transaction says Sachin Karpe
Sun Pharma to acquire Ranbaxy in $4bn transaction says Sachin Karpe
 
Merck: Q4 2015 Results
Merck: Q4 2015 ResultsMerck: Q4 2015 Results
Merck: Q4 2015 Results
 
Impact of mergers and acquisition of pharmaceutical industry in indian scenario
Impact of mergers and acquisition of pharmaceutical industry in indian scenarioImpact of mergers and acquisition of pharmaceutical industry in indian scenario
Impact of mergers and acquisition of pharmaceutical industry in indian scenario
 
ip spoofing
ip spoofingip spoofing
ip spoofing
 
merck and co. inc
merck and co. incmerck and co. inc
merck and co. inc
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
 
Merck presentation.
Merck presentation.Merck presentation.
Merck presentation.
 
Sniffing via dsniff
Sniffing via dsniffSniffing via dsniff
Sniffing via dsniff
 
Merger and Acquisition in Banking Sector
Merger and Acquisition in Banking SectorMerger and Acquisition in Banking Sector
Merger and Acquisition in Banking Sector
 
Role of hr in mergers and acquisitions
Role of hr in mergers and acquisitionsRole of hr in mergers and acquisitions
Role of hr in mergers and acquisitions
 

Similar to Attacking and Defending the LAN

Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing pptAnushakp9
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
gkk_2021123rg5hSecurity essentials domain 2
gkk_2021123rg5hSecurity essentials domain 2gkk_2021123rg5hSecurity essentials domain 2
gkk_2021123rg5hSecurity essentials domain 2Anne Starr
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2Anne Starr
 
gkk20211e4djwew4dSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2gkk20211e4djwew4dSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2Anne Starr
 
Securing UC Borders with Acme Packet
Securing UC Borders with Acme PacketSecuring UC Borders with Acme Packet
Securing UC Borders with Acme PacketAcmePacket
 
Eric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewEric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewIPv6 Conference
 
Security Issues In Voip
Security Issues In VoipSecurity Issues In Voip
Security Issues In VoipWaqas Daar
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 

Similar to Attacking and Defending the LAN (20)

Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
 
ip spoofing
ip spoofingip spoofing
ip spoofing
 
DDOS (1).ppt
DDOS (1).pptDDOS (1).ppt
DDOS (1).ppt
 
Isys20261 lecture 07
Isys20261 lecture 07Isys20261 lecture 07
Isys20261 lecture 07
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Ip spoofing ppt
Ip spoofing pptIp spoofing ppt
Ip spoofing ppt
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
gkk_2021123rg5hSecurity essentials domain 2
gkk_2021123rg5hSecurity essentials domain 2gkk_2021123rg5hSecurity essentials domain 2
gkk_2021123rg5hSecurity essentials domain 2
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2
 
gkk20211e4djwew4dSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2gkk20211e4djwew4dSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2
 
Securing UC Borders with Acme Packet
Securing UC Borders with Acme PacketSecuring UC Borders with Acme Packet
Securing UC Borders with Acme Packet
 
Eric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of ViewEric Vyncke - IPv6 Security Vendor Point of View
Eric Vyncke - IPv6 Security Vendor Point of View
 
Security Issues In Voip
Security Issues In VoipSecurity Issues In Voip
Security Issues In Voip
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
 
Firewall Defense against Covert Channels
Firewall Defense against Covert Channels Firewall Defense against Covert Channels
Firewall Defense against Covert Channels
 
Sniffer[1]
Sniffer[1]Sniffer[1]
Sniffer[1]
 
285 288
285 288285 288
285 288
 
285 288
285 288285 288
285 288
 
Topic22
Topic22Topic22
Topic22
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
 

More from Don Anto

Red Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceRed Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceDon Anto
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesDon Anto
 
Network & Computer Forensic
Network & Computer Forensic Network & Computer Forensic
Network & Computer Forensic Don Anto
 
BGP Vulnerability
BGP VulnerabilityBGP Vulnerability
BGP VulnerabilityDon Anto
 
Web & Wireless Hacking
Web & Wireless HackingWeb & Wireless Hacking
Web & Wireless HackingDon Anto
 
Distributed Cracking
Distributed CrackingDistributed Cracking
Distributed CrackingDon Anto
 
Deep Knowledge on Network Hacking Philosopy
Deep Knowledge on Network Hacking PhilosopyDeep Knowledge on Network Hacking Philosopy
Deep Knowledge on Network Hacking PhilosopyDon Anto
 

More from Don Anto (7)

Red Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in CyberspaceRed Team: Emulating Advanced Adversaries in Cyberspace
Red Team: Emulating Advanced Adversaries in Cyberspace
 
IPv6 Fundamentals & Securities
IPv6 Fundamentals & SecuritiesIPv6 Fundamentals & Securities
IPv6 Fundamentals & Securities
 
Network & Computer Forensic
Network & Computer Forensic Network & Computer Forensic
Network & Computer Forensic
 
BGP Vulnerability
BGP VulnerabilityBGP Vulnerability
BGP Vulnerability
 
Web & Wireless Hacking
Web & Wireless HackingWeb & Wireless Hacking
Web & Wireless Hacking
 
Distributed Cracking
Distributed CrackingDistributed Cracking
Distributed Cracking
 
Deep Knowledge on Network Hacking Philosopy
Deep Knowledge on Network Hacking PhilosopyDeep Knowledge on Network Hacking Philosopy
Deep Knowledge on Network Hacking Philosopy
 

Attacking and Defending the LAN

  • 1. LOGO Workshop Attack and Defense – November 2007 Attacking The LAN  Spying The Wire ATIK PILIHANTO RISTI TELKOM BANDUNG
  • 2. Global Trend Attack in Local Network 1 Spoofing 2 Man In The Middle 3 Sniffing (Passive) 4 TCP/IP session Hijacking 5 Remote Code Execution 6 Denial of Service (DoS)    
  • 3. Spoofing  Spoofing is sending packet with a forged source with the  purpose of concealing the identity of the sender.  Spoofing example :  • IP address spoofing  • ARP cache spoofing (ARP cache poisoning)  • Email spoofing  Spoofing in local network : ARP cache poisoning and IP address  spoofing ATIK PILIHANTO RISTI TELKOM  2007    
  • 4. IP Spoofing in Action    
  • 5. Man In The Middle (MiTM)  Man in The Middle is an attack in which an attacker is able to  read, insert and modify at will, messages between two parties  without either party knowing that the link between them has been  compromised.  Man in The Middle technique • Switch port stealing • ARP cache poisoning • DNS spoofing • DHCP spoofing  Man in The Middle in Local Network : Switch port stealing, DHCP  spoofing, ARP cache poisoning.  RISTI TELKOM  2007 ATIK PILIHANTO    
  • 6. Man In The Middle (MiTM)    
  • 7. Sniffing (Passive)  Sniffing is a process intercepting and reading network traffic.  Sniffing purpose : • Analyze network problems • Monitor network traffic • Spy on other network users and collect sensitive information  In switched network, sniffing process is usually combined with  Man in The Middle. ATIK PILIHANTO RISTI TELKOM  2007    
  • 9. TCP/IP Session Hijacking  TCP/IP Session Hijacking is an attack in which attacker is able  to hijack or take over an established TCP connection between  two parties.  In case local network attacking, TCP/IP hijacking can be done by  combining MiTM and active sniffing, inserting RST or FIN,  predicting Initial Sequence Number (ISN), fully compromising  established TCP connection. ATIK PILIHANTO RISTI TELKOM  2007    
  • 10. Remote Code Execution  Remote code execution allows an attacker to execute any  arbitrary code in a target vulnerable machine.  Need a flaw or vulnerability in target machine, example :  • DCOM RPC Remote Buffer Overrun ( WINDOWS ) • IPv6 mbuff Remote Buffer Overflow (OpenBSD)  Remote code execution is usually caused by flaw programming  in operating system, service daemon, or application. ATIK PILIHANTO RISTI TELKOM  2007    
  • 11. Common Programming Mistakes 1 Buffer Overflow 2 Integer Overflow 3 Error Format String 4 SQL injection 5 File Inclussion 6 Cross Site Scripting    
  • 12. Remote Buffer Overflow Exploit    
  • 13. Denial of Service (DoS)  Denial of Service is an attack to make a computer resource  unavailable to its legitimate users.  Denial of Service can be done by attacking • Protocol weakness : SYN Flooding, ICMP Smurfing • Service Daemon weakness : Buffer Overflow • Web Application weakness : WEB2 XSS Worm  Denial of Service in local network : ARP cache poisoning,  Flooding (SYN/UDP/ICMP) ATIK PILIHANTO RISTI TELKOM  2007    
  • 14. DoS in Vulnerable Daemon    
  • 15. Defense  Defending spoofing attack in LAN is really difficult, but we can  minimize the risk.  IP spoofing can be used for TCP SYN Denial of Service • Enabling SYN cookies “sysctl net.ipv4.tcp_syncookies=1”  ARP cache spoofing can be used for MiTM • Static ARP entries • Passive monitoring arpwatch • Active monitoring ethercap  Switch port stealing can be used for MiTM • Port security on the switch ATIK PILIHANTO RISTI TELKOM  2007    
  • 16. Defense  Manage risk of sniffing and TCP/IP session hijacking • Using SWITCH rather than HUB • Defending MiTM attack • VLAN segmentation • Encrypted traffic (SSH, SSL, IPsec)  Manage risk of remote code execution • Enabling kernel exec shield and random virtual address  • sysctl kernel.exec­shield=1 • sysctl kernel.randomize_va_space=1 • Good firewall policy • Regular auditing and patching ATIK PILIHANTO RISTI TELKOM  2007    
  • 17. Defense  Manage risk of Denial of Service • Good firewall policy • Regular auditing and patching ATIK PILIHANTO RISTI TELKOM  2007    
  • 18. Discussion  Discussion ??  Question ??  Suggestion ?? ATIK PILIHANTO RISTI TELKOM  2007    
  • 19. LOGO ATIK PILIHANTO RISTI TELKOM  2007