Trends in Web Attacks

  • 1,994 views
Uploaded on

Talk on "Trends in Web Attacks" by Arthur Clune. …

Talk on "Trends in Web Attacks" by Arthur Clune.
See http://www.ukoln.ac.uk/web-focus/events/workshops/webmaster-2007/talks/clune/

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,994
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
58
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Trends in Web Attacks Arthur Clune [email_address]
  • 2. Talk Overview
    • History of (web) attacks
    • DDOS attacks and economics
    • Botnets
    • Phishing
    • Why do we care about this anyway?
  • 3. A Taxonomy
    • Defacement
    • Resource stealing
    • Denial of Service/DDOS
  • 4. History
  • 5. Prehistory
    • Before the web
      • ftp (anonymous ftp uploads)
      • gopher
      • backdoors
  • 6. Why?
    • Curiosity
    • Status
    • ‘Fame’
    • Disk space was expensive!
  • 7. Morris Worm
    • 1988
      • Not web based!
      • First self spreading worm
  • 8. Early Web
    • Individual attacks
    • Mainly motivated as before
  • 9. Trinoo/Stachledract
    • 1999
    • First large scale DDOS tool
    • University of York was among the victims!
  • 10. Code Red/Nimbda
    • 2001
    • Caused extensive problems (network traffic/instability)
    • First really big worm
  • 11. SQLSlammer
    • 2003
      • Attacked Microsoft SQL Server
      • Fastest spreading worm ever
      • How many of your web sites rely on a database?
  • 12. Misc Stuff
    • Also at this time:
      • MS Frontpage extensions
        • Edit your webpage remotely…oh, but so can other people.
  • 13. Digression
    • Zone-h defacement archive demo
  • 14. Witty Worm
    • 2003
    • First worm aimed directly at a web server
      • MS IIS
    • Followed by Sasser
  • 15. Moving to webapps
    • First php worm - 2004
      • Attacked phpBB
    • It’s now most common to attack applications not webservers themselves
  • 16. Pure web worms
    • 2006
      • MySpace worm
        • Spread only within MySpace profiles
        • A ‘Web 2.0’ worm?
  • 17. Distributed Denial of Service ‘Nice website you’ve got there. Shame if anything happened to it’
  • 18. DDOS - Why bother?
    • It’s not about the frame
    • Sometimes it’s about Money
  • 19. DDOS II
    • How it works
    • Targets
      • Gambling
      • Porn
      • Anyone with money
  • 20. Botnets 0wning the internet for fun and profit
  • 21. Botnets
    • Botnets are sets of machines, all controlled by a ‘bot herder’
    • Often machines are infected when visiting a website
    • Largest botnet found so far had > 1,000,000 machines in it
  • 22. Botnet example
    • Demo of botnet from UK Honeynet data
  • 23. Phishing There’s one born every minute
  • 24. Phishing
    • Different types:
      • 401 scams
      • Bank scams
    • Some of these are very realistic
    • Banks don’t always help themselves
  • 25. Phishing 2
    • Example of a phishing attack from UK Honeynet data
  • 26. Am I bovered? Or, why this affects web managers
  • 27. How have things changed?
    • Attacks often less personal, but bigger
    • DDOS attacks can be too big to resist
    • Web servers valuable as a way of spreading exploit code
    • It’s not about fame anymore, but money
  • 28. How does this affect you?
    • Reputational loss
    • Potential for damages if you can’t show due care
    • Copyright violations on your servers
    • DDOS attacks against you
  • 29. What can we do?
    • Follow best practice
    • Occams razor - don’t multiply servers!
    • Code audit/review/pen-testing
    • Network design (DMZs, firewalls etc)
  • 30. Questions?