SDL Episode32

From Paul's Security Weekly
Jump to: navigation, search

Secure Digital Life #32

Recorded September 26, 2017 in Rhode Island!

Episode Audio

Coming Soon!

Hosts

  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Russell Beauchemin
    Cybersecurity & Network Security Program Advisor and Director of Instructional Support & Learning Innovation at Roger Williams University.
  • Network Attacks

    • Basic Types of Network Attacks
    • Denial of Service Basics
    1. If you can overwhelm the stack process with traffic, the device may fail.
    2. So, basically, any type of traffic that can be generated (packets) can be used
      1. SYN packets (SYN Flood) -- request a connection in TCP
      2. ACK packets (ACK Flood) -- often allowed through
      3. FIN packets (Stealth Flood) -- almost never blocked
      4. Ping (ICMP) (Ping Flood) -- request replies
    • The objective with these DOS attacks is to generate enough traffic to cause the server/device to be blocked to others. This is usually a distraction while other attacks occur.
    • Distributed Denial of Service
    1. This means you use multiple systems (bots, etc.) to attack at the same time. This is basically standard since it is very difficult today to actually cause a DOS with a single system.
    2. Smurf attack is where large numbers of ping packets with false "source" addresses are sent out and the replies are the actual attack. There are many of these types of attacks.
    • Opportunistic Type Attacks
    1. Teardrops
      1. Build custom packets where the fragments overlap during reassembly. Can cause a crash.
    • Ping of death
    1. ping cnn.com but you can use all sorts of switches on the ping command. the l (el) switch like
    2. ping -l 224 sends an icmp packet with a data paylode of 224 bytes.
    3. This field is 8 bits in size so the largest number is 255. The ping of death occured with ping -l 256
    • Scans
    1. NMAP and SATAN
    2. Scanning protocols and ports -- TCP/UDP 1-65535
    3. Stealth using fins, acks
    4. Wide open scans using syns
    • Brute Force Attacks
    1. Trying to crack passwords using common ports like
    2. tcp/21,tcp/22, tcp/23, tcp/25
    • Zero Day and Exploits
    1. Zero day attacks mean you have found a new flaw
    2. Exploits (viz. Shellshock) use known flaws to install malware/rootkits etc.
    • Zombies
    1. Rootkitted/botted machines which are waiting for instructions
    • Self Abuse -- get you to install it for me
    • Sophisticated Attacks
    1. SSL compromises, Man in the Middle, etc.