Spying The Wire
May. 23, 2011•0 likes•624 views
Download to read offline
Report
Common Techniques to Attack The Network and Spy The Wire
Don AntoFollow
Recommended
Meletis Belsis - IMS SecurityMeletis Belsis MPhil/MRes/BSc
Hacking Telco equipment: The HLR/HSS, by Laurent GhigonisP1Security
PrivateGSM - Voice Encryption Technical OverviewPrivateWave Italia SpA
Network Security Through
FIREWALLTheCreativedev Blog
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
More Related Content
What's hot
Ict encryption agt_fabio_pietrosantiPrivateWave Italia SpA
WPA/WPA2 TKIP ExploitAirTight Networks
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsTEO LT, AB
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesPriyanka Aash
Presentationdarshpreet kaur
How to Hack a Telecom and Stay AlivePositive Hack Days
Viewers also liked
Module 5 Sniffersleminhvuong
Sniffing attackAjan K
Sa Corp Presentation(6.17.09)Dafna Shelly
Sun Pharma to acquire Ranbaxy in $4bn transaction says Sachin KarpeSachin Karpe
Merck: Q4 2015 ResultsMerck
Impact of mergers and acquisition of pharmaceutical industry in indian scenarioNitin Patel
Similar to Spying The Wire
Number one-issue-voip-today-fraudFlavio Eduardo de Andrade Goncalves
ip spoofingmohan babu
DDOS (1).pptHaipengCai1
Isys20261 lecture 07Wiliam Ferraciolli
Security and Linux SecurityRizky Ariestiyansyah
Ip spoofing pptAnushakp9
![Sniffer[1]](https://cdn.slidesharecdn.com/ss_thumbnails/sniffer1-130223011055-phpapp02-thumbnail.jpg?width=2048&height=1162&fit=bounds)
More from Don Anto
Red Team: Emulating Advanced Adversaries in CyberspaceDon Anto
IPv6 Fundamentals & SecuritiesDon Anto
Network & Computer Forensic Don Anto
BGP VulnerabilityDon Anto
Web & Wireless HackingDon Anto
Distributed CrackingDon Anto
Spying The Wire
- 1. LOGO Workshop Attack and Defense – November 2007 Attacking The LAN Spying The Wire ATIK PILIHANTO RISTI TELKOM BANDUNG
- 2. Global Trend Attack in Local Network 1 Spoofing 2 Man In The Middle 3 Sniffing (Passive) 4 TCP/IP session Hijacking 5 Remote Code Execution 6 Denial of Service (DoS)
- 3. Spoofing Spoofing is sending packet with a forged source with the purpose of concealing the identity of the sender. Spoofing example : • IP address spoofing • ARP cache spoofing (ARP cache poisoning) • Email spoofing Spoofing in local network : ARP cache poisoning and IP address spoofing ATIK PILIHANTO RISTI TELKOM 2007
- 4. IP Spoofing in Action
- 5. Man In The Middle (MiTM) Man in The Middle is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. Man in The Middle technique • Switch port stealing • ARP cache poisoning • DNS spoofing • DHCP spoofing Man in The Middle in Local Network : Switch port stealing, DHCP spoofing, ARP cache poisoning. RISTI TELKOM 2007 ATIK PILIHANTO
- 6. Man In The Middle (MiTM)
- 7. Sniffing (Passive) Sniffing is a process intercepting and reading network traffic. Sniffing purpose : • Analyze network problems • Monitor network traffic • Spy on other network users and collect sensitive information In switched network, sniffing process is usually combined with Man in The Middle. ATIK PILIHANTO RISTI TELKOM 2007
- 8. Sniffing In Action
- 9. TCP/IP Session Hijacking TCP/IP Session Hijacking is an attack in which attacker is able to hijack or take over an established TCP connection between two parties. In case local network attacking, TCP/IP hijacking can be done by combining MiTM and active sniffing, inserting RST or FIN, predicting Initial Sequence Number (ISN), fully compromising established TCP connection. ATIK PILIHANTO RISTI TELKOM 2007
- 10. Remote Code Execution Remote code execution allows an attacker to execute any arbitrary code in a target vulnerable machine. Need a flaw or vulnerability in target machine, example : • DCOM RPC Remote Buffer Overrun ( WINDOWS ) • IPv6 mbuff Remote Buffer Overflow (OpenBSD) Remote code execution is usually caused by flaw programming in operating system, service daemon, or application. ATIK PILIHANTO RISTI TELKOM 2007
- 11. Common Programming Mistakes 1 Buffer Overflow 2 Integer Overflow 3 Error Format String 4 SQL injection 5 File Inclussion 6 Cross Site Scripting
- 12. Remote Buffer Overflow Exploit
- 13. Denial of Service (DoS) Denial of Service is an attack to make a computer resource unavailable to its legitimate users. Denial of Service can be done by attacking • Protocol weakness : SYN Flooding, ICMP Smurfing • Service Daemon weakness : Buffer Overflow • Web Application weakness : WEB2 XSS Worm Denial of Service in local network : ARP cache poisoning, Flooding (SYN/UDP/ICMP) ATIK PILIHANTO RISTI TELKOM 2007
- 14. DoS in Vulnerable Daemon
- 15. Defense Defending spoofing attack in LAN is really difficult, but we can minimize the risk. IP spoofing can be used for TCP SYN Denial of Service • Enabling SYN cookies “sysctl net.ipv4.tcp_syncookies=1” ARP cache spoofing can be used for MiTM • Static ARP entries • Passive monitoring arpwatch • Active monitoring ethercap Switch port stealing can be used for MiTM • Port security on the switch ATIK PILIHANTO RISTI TELKOM 2007
- 16. Defense Manage risk of sniffing and TCP/IP session hijacking • Using SWITCH rather than HUB • Defending MiTM attack • VLAN segmentation • Encrypted traffic (SSH, SSL, IPsec) Manage risk of remote code execution • Enabling kernel exec shield and random virtual address • sysctl kernel.execshield=1 • sysctl kernel.randomize_va_space=1 • Good firewall policy • Regular auditing and patching ATIK PILIHANTO RISTI TELKOM 2007
- 17. Defense Manage risk of Denial of Service • Good firewall policy • Regular auditing and patching ATIK PILIHANTO RISTI TELKOM 2007
- 18. Discussion Discussion ?? Question ?? Suggestion ?? ATIK PILIHANTO RISTI TELKOM 2007
- 19. LOGO ATIK PILIHANTO RISTI TELKOM 2007