Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Attacks and Malicious code - Introduction to Network Security - Lecture Slides, Slides of Network security

The main concept that we study in the Introduction to Network Security and the list of important point in these slides are given as:Attacks and Malicious Code, Denial of Service, Syn Flood, Smurf, Distributed Dos, Spoofing, Ip Spoofing, Arp Poisoning, Web Spoofing, Dns Spoofing

Typology: Slides

2012/2013

Uploaded on 04/22/2013

sathaye
sathaye 🇮🇳

4.8

(8)

106 documents

1 / 50

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Attacks and Malicious code
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32

Partial preview of the text

Download Attacks and Malicious code - Introduction to Network Security - Lecture Slides and more Slides Network security in PDF only on Docsity!

1

Attacks and Malicious code

2

Attacks and Malicious Code

  • Denial of Service (DoS)
    • SYN flood
    • Smurf
    • Distributed DoS
  • Spoofing
    • IP spoofing
    • ARP poisoning
    • Web spoofing
    • DNS spoofing

4

Attacks and Malicious Code

  • Attacks on encrypted data
    • Weak keys
    • Birthday attack
    • Dictionary attack
  • Software exploitation
    • Malicious software (virus and worm)
    • Back door
    • Logic bombs
  • Countermeasures

5

Why we need security?

Good news: Your employees and partners can now access your critical business information

Bad news: Your employees and partners can now access your critical business information

7

Some Statistics

Financial loss reported due to attacks ~ $500 million Not every one reports loss due to attacks

Type of attack Percentage Virus 85% Denial of Service 40% Intrusion 40%

Internet as source of attack: 74%

8

Main issues

  • Security never stops
  • New threats constantly emerge
  • Security is concerned with risk management
  • Existing security products are weakly integrated
  • Lack of well understood security policy
  • Too much reliance on technology alone for security

10

11

Common Attacks

  • SYN flooding attack
    • This exploits how the 3-way handshake of TCP services for opening a session works.
    • SYN packets are sent to the target node with incomplete source IP addresses
    • The node under attack sends an ACK packet and waits for response
    • Since the request has not been processed, it takes up memory
    • Many such SYN packets clog the system and take up memory
    • Eventually the attacked node is unable to process any requests as it runs out of memory storage space

13

Land attack

  • Similar to SYN attack
  • Uses the target address as the source address as well
  • Causes an infinite loop under the SYN/ACK process

14

Smurf attack

  • A brute force DOS attack and thus a non-OS specific attack
  • A large number of PING requests with spoofed IP addresses are generated from within the target network
  • Each ping request is broadcast, resulting in a large number of responses from all nodes on the network
  • Clogs the network and prevents legitimate requests from being processed

16

Ping of death

  • The hacker sends an illegal echo packet with more bytes than allowed, causing the data to be fragmented. This causes the data to be stored causing buffer overflows, kernel dumps, and crashes
  • This was made possible by some Windows OSs allowing non-standard ICMP (Internet Control Message Protocol) messages to be generated
  • Maximum ICMP packet size is 65507 bytes. Any echo packet exceeding this size will be fragmented by the sender and the receiver will try to reconstitute the packet, when overflow would occur

17

UDP-flood attack

  • Denial of service variant
  • Connects the target machine’s chargen and echo services to create an infinite loop between two or more UDP services
  • Connectivity to the network is sufficient, no network account required for this attack

19

IP Spoofing

  • Exploits trust relationships between routers
  • This is a difficult attack to launch since the communication set up is based on an initial sequence number for packets. Systems no longer use numbers sequentially. Identifying the algorithm used for numbering packets during set up is important.

20

ARP Poisoning

  • ARP = Address Resolution Protocol
  • ARP is used by routers extensively to find the destination node. Routers have IP addresses (32-bits). In order to deliver the packet to the destination node, the router broadcasts the IP address of the destination and obtains the MAC address (48-bits).