1 / 11

Anatomy of attacks

Anatomy of attacks. Buffer Overflow attacks & Rootkits. Warning. Do not use hacking tools unless you are sure you have sysadmin’s permission. Company policy  fired/suspended Illegal Go to Jail Honor Code

denali
Download Presentation

Anatomy of attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Anatomy of attacks Buffer Overflow attacks & Rootkits

  2. Warning • Do not use hacking tools unless you are sure you have sysadmin’s permission. • Company policy  fired/suspended • Illegal Go to Jail • Honor Code • Just because you have a set of master-keys does NOT give you permission to drive anyone’s car!

  3. Prep for class • Log into a Linux VM • Download the Embry-Riddle demos • Demos only, not real hacks • Open a tty in Linux for the rootkit demos.

  4. Gift of fire? • To get access to the world through the Internet we trade increased exposure of ourselves. • The trade is not optional • Improved user experience requires • Personal knowledge • Apple iPhone: Siri?

  5. Buffer Overflow • Work through the Embry-Riddle tutorial • “Stacks”—normal returns & data on stack • “Spock”—Buffer overflow with altered data • “Smasher”—Buffer overflow with altered return address • “Stackguard”—using a “canary” to sniff an attack • RSA notes • Questions • How do these get into the users’ system?

  6. Root Kits • Work through LinuxFocusNotes • Story of the Sony rootkit problem

  7. Rootkit details • Definition trojan and backdoor • Example: Linux Root kit trojanned commands • Promiscuous mode is dangerous • DEMO: Use ifconfig to check promiscuous (su) • Linux ttyifconfig –a; ifconfig eth1 promisc • And use ifconfig eth1 –promiscto undo • Try tcpdump –i any to view traffic (tutorial) • Can use checksum to detect altered commands • if clean backups are available

  8. Rootkit Questions • Class exercise: Search Google for current “rootkit” info • How do rootkits get installed? • How can you detect them? • How can you remove them?

  9. Root kit summary • Review main points in notes • If the system is compromised the cracker can use trojanned commands and backdoors to hide • It is nearly impossible to use a rooted system to clean itself • Boot off CD with toolkit

  10. Script Kiddies • MetasploitDemo video

  11. More? • IT466 Information Assurance and Security (IAS) • Discusses this in depth • With discussions of ethics • And “sandbox” exercises

More Related