Corporate Profile

1
(No Transcript)
2
(No Transcript)
3
WARNING !

• The system is either busy or has been unstable.
  You can wait and
• See if it becomes available again, or you can
  restart your computer.
• Press any key to return to Windows and wait.
• Press CTRLALTDEL again to restart your
  computer. You will
• Lose unsaved information in any programs that
  are running.
• Press any
  key to continue.

4
Group 4 Presents

• Carl the Happy Chatter
• But not for long.
• Carl Morris
• Andrew Snyder
• Ken Nguyen

Dec 4 2000 User Attacks
5
User Attacks

• What is it?
• An attack mounted against an end user of the
  Internet
• Goals of an attacker
• Obtain access to systems
• Eavesdrop on communications
• Aggravate and annoy a household user
• Cause damage!
• Anything to annoy an end user

6
Context of Discussion

• Not meant to apply to computer geeks
• Applies to average end user
• Attacks mounted easily by attackers with limited
  computer knowledge

7
Methods of choice

• Performed a search for phrases such as How to
  find Windows NT passwords, Hacking into
  Computers Easy Hacking
• Used our own past experiences (world class)
• Our own interests

8
We decided...

• The Big Three
• Denial of Service (DoS)
• Packet Sniffing
• Back Orifice 2000

9
What is DoS?

• Attacker consumes limited resources on victims
  machine
• CPU time
• memory
• bandwidth

10
DoS

• Easy DoS Attack
• Ping Flooding
• Ping of Death
• WinNuke

11
Ping Flooding

• What is Ping Flooding?
• Sending huge amounts of ICMP Echo Requests
• Used legitimately to test your connection

12
Ping Flooding (cont.)

• Ping Floodings impact
• Ties up victims bandwidth
• Forces dialup users to disconnect
• May cause victims machine to crash

13
Ping Flooding (cont.)

• Ping Flooding is Hard!
• Need to know victims IP
• Easily obtained from ICQ, IRC, message forums,
  etc...
• Must type
• ping destination_IP t l huge

14
Ping of Death

• What is Ping of Death?
• Carl receives a packet of illegal size
• Carls computer crashes ?

15
Ping of Death (cont.)

• Ping of Death is also very hard
• Must type
• ping destination_IP l 65550

16
WinNuke

• What is WinNuke?
• Takes advantage of Windows Out of Band (OOB) bug
• Carl receives a pointer that is invalid
• Carls computer crashes ?

17
WinNuke

• WinNuke is also very hard

18
Protect yourself

• Ping of Death WinNuke
• Get patches for your appropriate OS to prevent
  overflow/pointer error

19
Protect yourself

• Ping Flooding
• Sets computer not to echo back, cuts by 50
• Call your ISP, or set up your own firewall
• Stop it before it start Do not give out your IP!

20
What Is Packet Sniffing?

• Packet sniffing is eavesdropping on network
  traffic.
• It consists of capturing packets on the network
  and analyzing them to obtain information.

21
What Is in a Packet?

• Source and Destination (MAC)
• A packet can contain information ranging from web
  addresses to passwords.

• However, it is all in binary form, and requires
  a protocol analyzer to make sense of it all.

22
MAC

• Each Ethernet card contains a 48-bit identifier
  Media Access Control
• The first 24 bits identify the vendor
• The last 24 bits identify the card
• To find out your MAC
• Win9x winipcfg.exe
• WinNT ipconfig /all
• Linux ifconfig

23
How Is Packet Sniffing Used?

• Packets are captured.
• -- Promiscuous mode
• Packets are analyzed.
• -- Protocol analyzer
• (LanSleuth, Neptune, Ethereal)

24
Malicious Effects

• Websites
• Passwords
• Any unencrypted information sent over the network
• (Messages, Files)

25
Ease of Use

• Network Protocol Analyzers
• LanSleuth, Ethereal, Neptune, snoop
• Easy installation and configuration
• Some analyzers require administrative permissions

26
Examples

• Packet captured using Ethereal

27
Analyzing

• Packet entered into Ethereal Decode

28
Preventions

• Encrypt all transfers
• SSL Secure Socket Language
• SSH Secure Shell
• VPN Virtual Private Networks

29
Detections

• In theory impossible
• In practice possible sometimes
• Stand-alone packet sniffers dont transfer
  packets
• Non-standard generate traffic (DNS reverse
  lookups in order to find names associated with IP
  addresses)

30
Ping Method

• Send a request
• Nobody should respond
• Response --gt Sniffer!

31
Packet Sniffing Re-visited

• Packets are captured on the network
• They are then analyzed
• - Passwords
• - Web sites
• Impossible to stop
• Difficult to detect

32
Back Orifice 2000

• What is it?
• The most powerful network administration tool
  available for the Microsoft environment
• How is it used?
• An administrator
• creates a custom server file
• installs this server on the target machine
• connects to the target machine
• perform various functions

33
Back Orifice 2000

• Malicious effects
• A malicious attacker can
• Install the server on victims machine
• Take over computer
• Logging keystrokes
• Rebooting
• Viewing
• cached passwords
• the active screen
• etc
• Ease of use
• In the next few minutes, I will show you how to
  use BO2K

34
Back Orifice 2000

• Create a server file

35
Back Orifice 2000
Create a server file (continued)
36
Back Orifice 2000
Time to connect
37
Back Orifice 2000
Some stuff
38
Back Orifice 2000
Plugins

• Encryption (AES, IDEA, RC6, Serpent)
• Communications
• Server Enhancement
• Client Enhancement

39
Back Orifice 2000
BO Peep Plugin
40
Back Orifice 2000
BO Tools Plugin
41
Prevention Measures

• Umgr32.Exe anyone ?
• 1) Antivirus
• 2) firewall
• 3) dont trust anyone
• 4) look for umgr32.Exe (or registry) on your
  computer
• 5) Microsoft get a clue

42
Summary

• Many user attacks are so easy that even your mom
  could figure them out
• Some attacks cant be protected against based on
  current network protocol and system architecture
• Microsoft needs to tighten up security on their
  products

43
Conclusion

• Are you safe?
• That kid next door could be screwing with you
  right now.
• You could be a victim of user attacks and not
  even know it.
• Practice online safety measures.
• You are not invincible Dont take security for
  granted

44
Questions