08/01/18

DNS converts URL to IP to establish connection
DNS
- Recursive query vs iterative query
Steganography
- Different goals
- hides something in plain sight
- Some pixels are not used, can put more info in picture
- yellow printer dots - taking mundane details and encoding info in it
Packet Sniffing
- Legit and non-legit reasons
  - performance monitor, gather statistics, debug communications
  - Spy, plan network intrusion
- Counter-measure : Encryption, unmoniterable media (fiber optics)
Replay
- Can be part of a masquerade: listen to password sent by one person and send it when challenged
- Countermeasures:
  - session tokens: send pseudorandom token used to transform password to onetime password
  - Nonces and Message Authentication Code
  - Multi-factor Authentication
Buffer overflow
- Basically, write past the end of an array
- Self modifying code
- Described as a potential problem long before used
- Used by the Morris worm: first famous computer virus (overflowed the "finger" program).
- Also used in this century: Code Red worm used buffer overflow in Microsoft Internet Information Services
- Countermeasures:
  - protecting at language level
  - static checking
  - executable space protection - architectural level
IP Address Spoofing
- the creation of IP packets with a forged source address, with the purpose of concealing the identity of the sender or impersonating another computing system
ARP Spoofing
- Try to answer an ARP request with fake MAC address
- The ARP reply from the attacker causes the sender to store the MAC address of the attacking system in its ARP cache
- All packets destined for those IP addresses will be forwarded through the attacker
Website Spoofing
- make new websites that look like other ones
Denial of Service (DoS) & (DDos)
- Keep victim so busy it can't do real work
  - Syn flooding, DNS lookups, others
- Counter-measures
  - Ingress filtering
    - put more security measures around where most data comes in
  - Intrusion Detection System:
    - Suspicious signatures
    - Open source IDS available
Syn Flooding
- Countermeasures:
  - don't allocate resources until syn ack
Password cracking
- Weak encryption
- Poor database
- dictionary attacks
- brute force attacks
- salting
- publicly viewable password file
Port Scanning
- Search for applications on remote host that you think you can exploit
- Often used with buffer overflow
- Can search with SYN, UDP (expecting ICMP message for port unreachable), others
- Lots of software to do it
Man in the middle attacks
DHCP spoof attacks
- get bad IP address
firewalls: multipurpose solution
- Has a LOT of serious security measures in one part

Google Sites

Report abuse