4. System and Network Threats
Virus
Laptop & mobile theft
Ddos attack
Unauthorized access of information
Abuse of wireless network
System protection
Telecom fraud
Misuse of web application
Website defacement
Worms
Port scanning
6. Talk Outline
• Introduction of worms.
• The life cycle of a simple worm:
scanning for a victim
exploiting the victim
cloning itself onto the victim
Administration the clone to further spread infection
Stealth techniques used to hide itself
7. What are worms?
• A worm is a self replicating program
• Self-replicating => it makes copies of itself and
sends them over to hosts across a network
• All copies have the same functionality and
generally lack any sort of synchronization among
themselves
9. The life cycle of a simple worm
• Scanning for a victim
• Exploiting the victim
• Cloning itself onto the victim
• Running the clone to further spread infection
• Stealth methods used to hide itself
10. The life of a worm …
Victim
(2)
Victim
(1)
(2)
Victim
(2)
Victim
11. The life of a worm
Scans for Victim
Rooted !!
Scan
Send Exploit
Get a copy
Worm created
Victim found
12. Scanning for a victim
• Random scan –
• hose random scan – IP from global and local
routing addresses
• Overall scan –Divide and conquer scan – divide
IP addresses among child worms
• Subnet scan – detect and scan local subnet
13. Exploiting the victim
• Exploit – simply put: a piece of code which provides
“access” to a victim computer by utilizing some flaw in
the logic of a program running on the victim computer
• Network worms use what is called a “remote exploit” –
an exploit which can be launched remotely and which
gives some code running privileges on the victim
• Find a suitable exploit to use in the worm
14. Cloning itself onto the victim
• Once the victim has been oppressed the worm
needs to get a copy of itself on the victim
• Blaster worm
• Http server
• Ftp server
• Compile source
15. The clone to further spread infection
• Once the clone has been downloaded run it
• Make it a service.
• Add a registry entry for startup
• Clone starts scanning again
• Clone finds a victim
• Cycle continues …
16. Stealth techniques used to hide itself
• Hide procedure
• Hide files
• Hide movement
• Delete logs
17. The life of a worm
Scans for Victim
Rooted !!
Scan
Send Exploit
Get a copy
Worm created
Victim found
22. What is Ddos attack??
• The flood of arriving messages to the target
system essentially forces it to shut down, thereby
denying service to the system to legitimate users.
23. Why DoS attack??
• Attempt to flood a network, to enhance network
traffic.
• Attempt to disrupt connections between two
machines.
• Attempt to prevent a particular individual from
accessing a service.
24. Ddos attack types.
• Smurf
• Buffer overflow attack
• Ping of death
• Teardrop
• SYN
• Tribal flood Attack
25. Tools for DoS Attack
• Jolt2
• Bubonic.c
• Land and LaTierra
• Targa
27. What is Authentication?
• Authentication is any method by which a system
verifies the identity of a user who wishes to
access it.
• Authentication exist to establish trust between
two parties, or authentication entities. These
entities consist of an identity and a key.
28. Authentication Types.
• User AuthenticationUser Authentication is the process of
determining that a user is who he/she claims to
be HTTP Basic, SSL & TLC
• Entity AuthenticationEntity authentication is the procedure of
determining if an entity is who it claims to be.
Cookies etc