SlideShare ist ein Scribd-Unternehmen logo

Network And Application Layer Attacks

Als PPTX, PDF herunterladen
A
Arun Modi

This Presentation covers details and demonstration of 2 Network Layer and 2 Application Layer Attacks: -DNS Cache Poisoning Attack -ICMP Flooding Attack (Volumetric Dos) - SQL Injection Attack -XML External Entity Attack

Bildung
1 von 37
DNS Cache Poisoning Attack
The DNS Resolution Process
DNS Cache • There are many public DNS servers that the DNS Resolver can use to speed up the resolution process. • However it's much faster to have a local copy (even a temporary one) of the DNS "phone book." This is exactly where DNS caches come into play. • Each operating system (OS) (Windows and MAC OS by default, and UNIX via a Daemon) stores a temporary DNS cache database that contains a list of all recently accessed domain names and the addresses that DNS calculated for them the first time a request was made.
How does the “Poisoning” of the DNS Cache occur? • A DNS cache becomes “poisoned” or polluted when unauthorized domain names or IP addresses are inserted into it. The corruption of the DNS cache can be achieved either by: - - Computer malware, or - Network attacks that insert invalid DNS entries into the cache. Attackers have devised a way to “spoof” DNS responses - to forge DNS responses that look as if they are coming from legitimate DNS servers. If an attacker successfully spoofs a DNS response, it can make the receiving DNS server cache a poisoned record.
But how does that help the attackers? • By being redirected to a wrong destination, we may end up suffering from a phishing attack – which is the ultimate goal of this type of Man-in-the-Middle attacks!
DNS Spoofing Demonstration The demonstration is carried on a LAN network composed of the following three elements: - Default Gateway (IP address 192.168.224.2) - Attacker computer (IP address 192.168.224.13) - Target computer (IP address 192.168.224.211) The application used to carry out the DNS Spoofing is Ettercap: a free and open source network security tool for man-in-the-middle attacks.
Prepare for the attack by configuring the attack parameters: • Step 1: Make a fake OWASP HTML web- page (phishing web-page). Set it up on an Apache Web Server hosted on the Attacker computer (the fake web-site will be accessed by typing the IP address of the Attacker computer onto a browser). • Step 2: Go to the Ettercap directory and open the “etter.dns” using a text editor. At the bottom of the file, add the name to the website that we want to want to attack (in this case, “www.owasp.org”) and also add the IP that we want the Target computer to be redirected to (in this case, the IP address of the Attacker computer, hosting the fake web-page).
Step 3: Open Ettercap in sudo mode and select Sniff>Unified Sniffing Step 4: Go to Hosts>Scan for Hosts to find devices connected to the LAN Step 5: Go to Hosts>Hosts List to display the list of devices Step 6: From the list, select the IP address of the Target computer and add it to Target 1 and also select the IP address of the default gateway and add it to Target 2
Step 7: Go to Plugins>Manage the Plugins Step 8: From the list of plugins select “dns_spoof”
Step 9: The plugin activates the process of bombarding the target machine with fake DNS responses that resolve owasp.org to IP address 192.168.224.13 (where the fake webpage is hosted by web server on the Attacker machine) As a result, instead of being directed to the real web-page the Victim is directed to the fake web- page
A topological illustration of the attack
Security mechanisms developed for DNS server operators: UDP Source Port Randomization (UDP SPR): What this does is setting the UDP source port randomly, so an attacker would have to guess both the transaction ID and the source port in a short time window - which is usually not feasible (since they would need to make 232 combinations). DNS Security Extensions (DNSSEC): It is a protocol designed to create a unique cryptographic signature and store it alongside other DNS records. Thus, DNSSEC provides DNS with an additional methods of verification by digitally signing the DNS information. This is done on all levels of the DNS Resolution process.
Avoiding DNS Cache Poisoning Keep your Antivirus/Anti-malware apps “Cooking and Up-to-Date” If you have the possibility, browse the internet via a Virtual Machine Don’t download suspicious files. If you insist, do it through a “sand-boxed app” or a Virtual Machine Use a respected DNS Server and a reputable ISP Always double-check websites you visit (check if there is HTTPS encryption) Flush computer DNS cache as well as DNS cache stored in the router
PING (ICMP) FLOOD Attack
Functioning of ICMP Normally, ping requests are used to test the connectivity of two computers by measuring the round-trip time from when an ICMP echo request is sent to when an ICMP echo reply is received.
What is an ICMP Flood Attack? • A ping flood is a denial-of-service attack in which the attacker attempts to overwhelm a targeted device with ICMP echo-request packets, causing the target to become inaccessible to normal traffic. When the attack traffic comes from multiple devices, the attack becomes a DDoS or distributed denial- of-service attack.
What Are the Signs of an ICMP Flood Attack? An ICMP flood attack requires that the attacker knows the IP address of the target. Attacks can be separated into three categories, determined by the target and how the IP address is resolved: • Targeted local disclosed – In this type of attack, a ping flood targets a specific computer on a local network. In this case, the attacker must obtain the IP address of the destination beforehand. • Router disclosed – Here, a ping flood targets routers with the objective of interrupting communications between computers on a network. In this type of attack, the attacker must have the internal IP address of a local router. • Blind ping – This involves using an external program to reveal the IP address of the target computer or router before launching an attack.
Why Are ICMP Flood Attacks Dangerous? What makes this volumetric attack vector even more dangerous is that in the past, attackers would spoof a false IP address in order to mask the sending device. But with today’s sophisticated botnet attacks (especially IoT- based bots), the attackers don’t even bother masking the bot’s IP. Instead, they utilize an extensive network of un-spoofed bots to overwhelm the target server.
ICMP Flooding Demonstration The tool used to carry out the ICMP Flooding is hping : a command-line oriented TCP/IP packet assembler/analyzer. Below are the basic elements used : • Victim IP : 192.168.5.129 • -p : port, in this case the destination port is 445 • --ICMP : ICMP mode, by default hping3 will send ICMP echo- request • --flood : flood mode, send packets as fast as possible and will not show replies • --rand-source : random the source address mode (Spoofing)
hping3 --flood --rand-source --icmp -p 445 (Victim IP)
A topological illustration of the attack
How to Mitigate and Prevent an ICMP Flood Attack? Disabling a ping flood is most easily accomplished by disabling the ICMP functionality of the targeted router, computer or other device. Another approach to combating ICMP attacks is to rate limit the processing of incoming ICMP messages; alternatively limit the allowed size of the ping requests.
SQL Injection Attack
What is SQLi? On a Web Application, When user ask for any resource from the database in backend an SQL query request is been sent. If an attacker is able to tamper that way of communication and insert his own modified query then the attacker will be able to fetch the sensitive information from the database.
How and Where you can perform SQLi? • SQL injection can be classified into 5 types: 1. Union Based 2. Error Based 3. Blind Boolean Based 4. Blind Time Based 5. Second – Order SQLi • Ways of Attacks: 1. Get Based – URL Parameter 2. Post Based – Form Data 3. Cookie Based – Cookie Parameter 4. Header Based – Like in Refer, User-agent, location, etc.
SQLi Demonstration We will be exploiting Union Based SQL injection vulnerability in an web- application by using GET Request.
Step 1: Identify SQL Injection Step 2: Fix and Balance Query Step 3: Find Total no. of Vulnerable Columns
Step 4: Find Exact no. of Vulnerable Columns Step 5: On Reflected, Execute Commands
How to Mitigate and Prevent an SQLi Attack? Using parameterized queries: PreparedStatement statement = connection.prepareStatement("SELECT * FROM products WHERE category = ?"); statement.setString(1, input); ResultSet resultSet = statement.executeQuery(); Validate User Inputs: Only allow inputs as per requirements. Limit the data to be sent back to the Web Application.
XML external entity (XXE) injection
What is XML external entity injection? When a Web Application that allows an attacker to interfere with an application's processing of XML data. If an attacker is able to modify the XML Document with its DTD, Which is parsed by the application without any validation the XXE will arise.
What are the types of XXE attacks? There are various types of XXE attacks: • File retrieval using LFI • SSRF Attack • Denial Of Service Attack
XXE Attack Demonstration • In XML , unlike HTML there is no predefined tags and attributes, So we can use any tag but should be defined into the Document type Definition. • DTD can also be defined inside the XML Document. • To fetch the content at the time of parsing and insert the value into document entity is been used. Example output of a simple web application that accepts XML input, parses it, and outputs the result.
File retrieval using XXE SSRF using XXE
Billion laughs attack After all the entity expansions have been processed, this small (< 1 KB) block of XML will actually contain 109 = a billion "lol"s, taking up almost 3 gigabytes of memory.
How to Mitigate and Prevent an XXE Attack? Disable potentially dangerous XML features like disable resolution of external entities and disable support for Xinclude. Validate User Inputs: Only allow inputs as per requirements. Capping the memory allocated in an individual parser.
Thank You

Empfohlen

Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Professor Lili Saghafi
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Suhail Khan
 
What is DDoS ?
What is DDoS ?What is DDoS ?
What is DDoS ?
Vikas Phonsa
 
DDoS Attack
DDoS AttackDDoS Attack
DDoS Attack
Gopi Krishnan S
 
DDoS attacks
DDoS attacksDDoS attacks
DDoS attacks
Ch Anas Irshad
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testing
Abdul Rahman
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOG
Zobair Khan
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
RedZone Technologies
 

Empfohlen

Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Professor Lili Saghafi
 
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
Suhail Khan
 
What is DDoS ?
What is DDoS ?What is DDoS ?
What is DDoS ?
Vikas Phonsa
 
DDoS Attack
DDoS AttackDDoS Attack
DDoS Attack
Gopi Krishnan S
 
DDoS attacks
DDoS attacksDDoS attacks
DDoS attacks
Ch Anas Irshad
 
Phases of penetration testing
Phases of penetration testingPhases of penetration testing
Phases of penetration testing
Abdul Rahman
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOG
Zobair Khan
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
RedZone Technologies
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptx
Ozkan E
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
Vitor Jesus
 
Ddos
DdosDdos
Ddos
university of Gujrat, pakistan
 
DDos
DDosDDos
DDos
rohit verma
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
Jignesh Patel
 
Assume Compromise
Assume CompromiseAssume Compromise
Assume Compromise
Zach Grace
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
Security BSides London
 
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
OpenDNS
 
Class Project Showcase: DNS Spoofing
Class Project Showcase: DNS SpoofingClass Project Showcase: DNS Spoofing
Class Project Showcase: DNS Spoofing
Beibei Yang
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1
InfoSec Girls
 
Extending Zeek for ICS Defense
Extending Zeek for ICS DefenseExtending Zeek for ICS Defense
Extending Zeek for ICS Defense
James Dickenson
 
Hiding in plain sight
Hiding in plain sightHiding in plain sight
Hiding in plain sight
Rob Gillen
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
CrowdStrike
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
OpenDNS
 
Scratching Your Brain into Dark Web by Arpit Maheshwari
Scratching Your Brain into Dark Web by Arpit MaheshwariScratching Your Brain into Dark Web by Arpit Maheshwari
Scratching Your Brain into Dark Web by Arpit Maheshwari
OWASP Delhi
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Paladion Networks
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat Security Conference
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
Sukbum Hong
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
Andrew Morris
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
Greater Noida Institute Of Technology
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Zack Meyers
 

Weitere ähnliche Inhalte

Was ist angesagt?

TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
CrowdStrike
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
OpenDNS
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat Security Conference
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
Andrew Morris
 

Was ist angesagt? (20)

Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptx
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Ddos
DdosDdos
Ddos
 
DDos
DDosDDos
DDos
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Assume Compromise
Assume CompromiseAssume Compromise
Assume Compromise
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
 
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
 
Class Project Showcase: DNS Spoofing
Class Project Showcase: DNS SpoofingClass Project Showcase: DNS Spoofing
Class Project Showcase: DNS Spoofing
 
Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1Session for InfoSecGirls - New age threat management vol 1
Session for InfoSecGirls - New age threat management vol 1
 
Extending Zeek for ICS Defense
Extending Zeek for ICS DefenseExtending Zeek for ICS Defense
Extending Zeek for ICS Defense
 
Hiding in plain sight
Hiding in plain sightHiding in plain sight
Hiding in plain sight
 
TOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS WhitepaperTOR... ALL THE THINGS Whitepaper
TOR... ALL THE THINGS Whitepaper
 
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
 
Scratching Your Brain into Dark Web by Arpit Maheshwari
Scratching Your Brain into Dark Web by Arpit MaheshwariScratching Your Brain into Dark Web by Arpit Maheshwari
Scratching Your Brain into Dark Web by Arpit Maheshwari
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
 
BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet BlueHat v17 || Disrupting the Mirai Botnet
BlueHat v17 || Disrupting the Mirai Botnet
 
DNS DDoS Attack and Risk
DNS DDoS Attack and RiskDNS DDoS Attack and Risk
DNS DDoS Attack and Risk
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
 

Ähnlich wie Network And Application Layer Attacks

Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Zack Meyers
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
MSA Technosoft
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
DHRUV562167
 

Ähnlich wie Network And Application Layer Attacks (20)

Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
 
Lecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptxLecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptx
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Security
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network Security
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3Cryptography and Network security # Lecture 3
Cryptography and Network security # Lecture 3
 
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
Unleash the Hammer on Denial-of-Service: Conquer DDos Attacks!
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunick
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threat
 
Security concepts
Security conceptsSecurity concepts
Security concepts
 
IT Infrastrucutre Security
IT Infrastrucutre SecurityIT Infrastrucutre Security
IT Infrastrucutre Security
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
 

Kürzlich hochgeladen

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Kürzlich hochgeladen (20)

2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 

Network And Application Layer Attacks

  • 3. DNS Cache • There are many public DNS servers that the DNS Resolver can use to speed up the resolution process. • However it's much faster to have a local copy (even a temporary one) of the DNS "phone book." This is exactly where DNS caches come into play. • Each operating system (OS) (Windows and MAC OS by default, and UNIX via a Daemon) stores a temporary DNS cache database that contains a list of all recently accessed domain names and the addresses that DNS calculated for them the first time a request was made.
  • 4. How does the “Poisoning” of the DNS Cache occur? • A DNS cache becomes “poisoned” or polluted when unauthorized domain names or IP addresses are inserted into it. The corruption of the DNS cache can be achieved either by: - - Computer malware, or - Network attacks that insert invalid DNS entries into the cache. Attackers have devised a way to “spoof” DNS responses - to forge DNS responses that look as if they are coming from legitimate DNS servers. If an attacker successfully spoofs a DNS response, it can make the receiving DNS server cache a poisoned record.
  • 5. But how does that help the attackers? • By being redirected to a wrong destination, we may end up suffering from a phishing attack – which is the ultimate goal of this type of Man-in-the-Middle attacks!
  • 6. DNS Spoofing Demonstration The demonstration is carried on a LAN network composed of the following three elements: - Default Gateway (IP address 192.168.224.2) - Attacker computer (IP address 192.168.224.13) - Target computer (IP address 192.168.224.211) The application used to carry out the DNS Spoofing is Ettercap: a free and open source network security tool for man-in-the-middle attacks.
  • 7. Prepare for the attack by configuring the attack parameters: • Step 1: Make a fake OWASP HTML web- page (phishing web-page). Set it up on an Apache Web Server hosted on the Attacker computer (the fake web-site will be accessed by typing the IP address of the Attacker computer onto a browser). • Step 2: Go to the Ettercap directory and open the “etter.dns” using a text editor. At the bottom of the file, add the name to the website that we want to want to attack (in this case, “www.owasp.org”) and also add the IP that we want the Target computer to be redirected to (in this case, the IP address of the Attacker computer, hosting the fake web-page).
  • 8. Step 3: Open Ettercap in sudo mode and select Sniff>Unified Sniffing Step 4: Go to Hosts>Scan for Hosts to find devices connected to the LAN Step 5: Go to Hosts>Hosts List to display the list of devices Step 6: From the list, select the IP address of the Target computer and add it to Target 1 and also select the IP address of the default gateway and add it to Target 2
  • 9. Step 7: Go to Plugins>Manage the Plugins Step 8: From the list of plugins select “dns_spoof”
  • 10. Step 9: The plugin activates the process of bombarding the target machine with fake DNS responses that resolve owasp.org to IP address 192.168.224.13 (where the fake webpage is hosted by web server on the Attacker machine) As a result, instead of being directed to the real web-page the Victim is directed to the fake web- page
  • 11. A topological illustration of the attack
  • 12. Security mechanisms developed for DNS server operators: UDP Source Port Randomization (UDP SPR): What this does is setting the UDP source port randomly, so an attacker would have to guess both the transaction ID and the source port in a short time window - which is usually not feasible (since they would need to make 232 combinations). DNS Security Extensions (DNSSEC): It is a protocol designed to create a unique cryptographic signature and store it alongside other DNS records. Thus, DNSSEC provides DNS with an additional methods of verification by digitally signing the DNS information. This is done on all levels of the DNS Resolution process.
  • 13. Avoiding DNS Cache Poisoning Keep your Antivirus/Anti-malware apps “Cooking and Up-to-Date” If you have the possibility, browse the internet via a Virtual Machine Don’t download suspicious files. If you insist, do it through a “sand-boxed app” or a Virtual Machine Use a respected DNS Server and a reputable ISP Always double-check websites you visit (check if there is HTTPS encryption) Flush computer DNS cache as well as DNS cache stored in the router
  • 15. Functioning of ICMP Normally, ping requests are used to test the connectivity of two computers by measuring the round-trip time from when an ICMP echo request is sent to when an ICMP echo reply is received.
  • 16. What is an ICMP Flood Attack? • A ping flood is a denial-of-service attack in which the attacker attempts to overwhelm a targeted device with ICMP echo-request packets, causing the target to become inaccessible to normal traffic. When the attack traffic comes from multiple devices, the attack becomes a DDoS or distributed denial- of-service attack.
  • 17. What Are the Signs of an ICMP Flood Attack? An ICMP flood attack requires that the attacker knows the IP address of the target. Attacks can be separated into three categories, determined by the target and how the IP address is resolved: • Targeted local disclosed – In this type of attack, a ping flood targets a specific computer on a local network. In this case, the attacker must obtain the IP address of the destination beforehand. • Router disclosed – Here, a ping flood targets routers with the objective of interrupting communications between computers on a network. In this type of attack, the attacker must have the internal IP address of a local router. • Blind ping – This involves using an external program to reveal the IP address of the target computer or router before launching an attack.
  • 18. Why Are ICMP Flood Attacks Dangerous? What makes this volumetric attack vector even more dangerous is that in the past, attackers would spoof a false IP address in order to mask the sending device. But with today’s sophisticated botnet attacks (especially IoT- based bots), the attackers don’t even bother masking the bot’s IP. Instead, they utilize an extensive network of un-spoofed bots to overwhelm the target server.
  • 19. ICMP Flooding Demonstration The tool used to carry out the ICMP Flooding is hping : a command-line oriented TCP/IP packet assembler/analyzer. Below are the basic elements used : • Victim IP : 192.168.5.129 • -p : port, in this case the destination port is 445 • --ICMP : ICMP mode, by default hping3 will send ICMP echo- request • --flood : flood mode, send packets as fast as possible and will not show replies • --rand-source : random the source address mode (Spoofing)
  • 20. hping3 --flood --rand-source --icmp -p 445 (Victim IP)
  • 22. How to Mitigate and Prevent an ICMP Flood Attack? Disabling a ping flood is most easily accomplished by disabling the ICMP functionality of the targeted router, computer or other device. Another approach to combating ICMP attacks is to rate limit the processing of incoming ICMP messages; alternatively limit the allowed size of the ping requests.
  • 24. What is SQLi? On a Web Application, When user ask for any resource from the database in backend an SQL query request is been sent. If an attacker is able to tamper that way of communication and insert his own modified query then the attacker will be able to fetch the sensitive information from the database.
  • 25. How and Where you can perform SQLi? • SQL injection can be classified into 5 types: 1. Union Based 2. Error Based 3. Blind Boolean Based 4. Blind Time Based 5. Second – Order SQLi • Ways of Attacks: 1. Get Based – URL Parameter 2. Post Based – Form Data 3. Cookie Based – Cookie Parameter 4. Header Based – Like in Refer, User-agent, location, etc.
  • 26. SQLi Demonstration We will be exploiting Union Based SQL injection vulnerability in an web- application by using GET Request.
  • 27. Step 1: Identify SQL Injection Step 2: Fix and Balance Query Step 3: Find Total no. of Vulnerable Columns
  • 28. Step 4: Find Exact no. of Vulnerable Columns Step 5: On Reflected, Execute Commands
  • 29. How to Mitigate and Prevent an SQLi Attack? Using parameterized queries: PreparedStatement statement = connection.prepareStatement("SELECT * FROM products WHERE category = ?"); statement.setString(1, input); ResultSet resultSet = statement.executeQuery(); Validate User Inputs: Only allow inputs as per requirements. Limit the data to be sent back to the Web Application.
  • 30. XML external entity (XXE) injection
  • 31. What is XML external entity injection? When a Web Application that allows an attacker to interfere with an application's processing of XML data. If an attacker is able to modify the XML Document with its DTD, Which is parsed by the application without any validation the XXE will arise.
  • 32. What are the types of XXE attacks? There are various types of XXE attacks: • File retrieval using LFI • SSRF Attack • Denial Of Service Attack
  • 33. XXE Attack Demonstration • In XML , unlike HTML there is no predefined tags and attributes, So we can use any tag but should be defined into the Document type Definition. • DTD can also be defined inside the XML Document. • To fetch the content at the time of parsing and insert the value into document entity is been used. Example output of a simple web application that accepts XML input, parses it, and outputs the result.
  • 34. File retrieval using XXE SSRF using XXE
  • 35. Billion laughs attack After all the entity expansions have been processed, this small (< 1 KB) block of XML will actually contain 109 = a billion "lol"s, taking up almost 3 gigabytes of memory.
  • 36. How to Mitigate and Prevent an XXE Attack? Disable potentially dangerous XML features like disable resolution of external entities and disable support for Xinclude. Validate User Inputs: Only allow inputs as per requirements. Capping the memory allocated in an individual parser.