Trends in Web Attacks
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Trends in Web Attacks

on

  • 3,316 views

Talk on "Trends in Web Attacks" by Arthur Clune.

Talk on "Trends in Web Attacks" by Arthur Clune.
See http://www.ukoln.ac.uk/web-focus/events/workshops/webmaster-2007/talks/clune/

Statistics

Views

Total Views
3,316
Views on SlideShare
3,313
Embed Views
3

Actions

Likes
0
Downloads
57
Comments
0

1 Embed 3

http://www.slideshare.net 3

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Trends in Web Attacks Presentation Transcript

  • 1. Trends in Web Attacks Arthur Clune [email_address]
  • 2. Talk Overview
    • History of (web) attacks
    • DDOS attacks and economics
    • Botnets
    • Phishing
    • Why do we care about this anyway?
  • 3. A Taxonomy
    • Defacement
    • Resource stealing
    • Denial of Service/DDOS
  • 4. History
  • 5. Prehistory
    • Before the web
      • ftp (anonymous ftp uploads)
      • gopher
      • backdoors
  • 6. Why?
    • Curiosity
    • Status
    • ‘Fame’
    • Disk space was expensive!
  • 7. Morris Worm
    • 1988
      • Not web based!
      • First self spreading worm
  • 8. Early Web
    • Individual attacks
    • Mainly motivated as before
  • 9. Trinoo/Stachledract
    • 1999
    • First large scale DDOS tool
    • University of York was among the victims!
  • 10. Code Red/Nimbda
    • 2001
    • Caused extensive problems (network traffic/instability)
    • First really big worm
  • 11. SQLSlammer
    • 2003
      • Attacked Microsoft SQL Server
      • Fastest spreading worm ever
      • How many of your web sites rely on a database?
  • 12. Misc Stuff
    • Also at this time:
      • MS Frontpage extensions
        • Edit your webpage remotely…oh, but so can other people.
  • 13. Digression
    • Zone-h defacement archive demo
  • 14. Witty Worm
    • 2003
    • First worm aimed directly at a web server
      • MS IIS
    • Followed by Sasser
  • 15. Moving to webapps
    • First php worm - 2004
      • Attacked phpBB
    • It’s now most common to attack applications not webservers themselves
  • 16. Pure web worms
    • 2006
      • MySpace worm
        • Spread only within MySpace profiles
        • A ‘Web 2.0’ worm?
  • 17. Distributed Denial of Service ‘Nice website you’ve got there. Shame if anything happened to it’
  • 18. DDOS - Why bother?
    • It’s not about the frame
    • Sometimes it’s about Money
  • 19. DDOS II
    • How it works
    • Targets
      • Gambling
      • Porn
      • Anyone with money
  • 20. Botnets 0wning the internet for fun and profit
  • 21. Botnets
    • Botnets are sets of machines, all controlled by a ‘bot herder’
    • Often machines are infected when visiting a website
    • Largest botnet found so far had > 1,000,000 machines in it
  • 22. Botnet example
    • Demo of botnet from UK Honeynet data
  • 23. Phishing There’s one born every minute
  • 24. Phishing
    • Different types:
      • 401 scams
      • Bank scams
    • Some of these are very realistic
    • Banks don’t always help themselves
  • 25. Phishing 2
    • Example of a phishing attack from UK Honeynet data
  • 26. Am I bovered? Or, why this affects web managers
  • 27. How have things changed?
    • Attacks often less personal, but bigger
    • DDOS attacks can be too big to resist
    • Web servers valuable as a way of spreading exploit code
    • It’s not about fame anymore, but money
  • 28. How does this affect you?
    • Reputational loss
    • Potential for damages if you can’t show due care
    • Copyright violations on your servers
    • DDOS attacks against you
  • 29. What can we do?
    • Follow best practice
    • Occams razor - don’t multiply servers!
    • Code audit/review/pen-testing
    • Network design (DMZs, firewalls etc)
  • 30. Questions?