1 / 12

Compromising a Unix Host

Compromising a Unix Host. Part II An Introduction to Tools and Techniques. -Mike Sconzo. “Stupid Flanders, You're a Genius!” --Homer Simpson. More Network Recon. Firewall Evasion Techniques How to get through them How to get around them How to figure out the type of Firewall

kalin
Download Presentation

Compromising a Unix Host

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compromising a Unix Host Part II An Introduction to Tools and Techniques. -Mike Sconzo

  2. “Stupid Flanders, You're a Genius!” --Homer Simpson

  3. More Network Recon. • Firewall Evasion Techniques • How to get through them • How to get around them • How to figure out the type of Firewall • Network Intrusion Detection System Evasion Techniques • Elegant solutions • Headaches • More Tools • Firewall • Proxy, Determining if a firewall is in your way, Firewall type • NIDS • Evasion, and Headaches

  4. Firewalls *Caution hot to the touch* • Determining if a Firewall is blocking you • Why go through the trouble of evading/disabling/breaking a non-existant Firewall? • TTL (it's not just for routers anymore) • Works great if Firewall is set to Reject Packets • Known host configuration • Compare 'inside' and 'outside' views • Just a simple port scan • If packets are dropped we can tell

  5. What kind of beast is it? • Established the presence of a firewall, now what? • Figure out type of firewall • Stateful • Packet filter • ... • Maybe deduce software/hardware being used • Help narrow down capabilities of the firewall • Implementation problems • What kind of filtering • Source • Destination • Source and Destination?

  6. Going through • Implementation • Weaknesses in code (IPChains) • Problem where packets that were fragmented in a specific way would get through • 'Bad' rules • Not thought-out • Blocking the 'wrong' things • Mis-ordering • Allow before Deny

  7. Going around • Get lucky and find a multi-homed host • Could be easier to compromise • Might be owned by a secretary • Easy to social engr? • Other ways? • DC Phone Home!

  8. NIDS Evasion • Fragment Packets • Was real popular, but companies/projects have caught up • Snort once fell victim to this (2002) • RFP and his wisker tool, made a lot of ground in this area • Other • Signature based only know what they know • Change your attack (slightly) • Polymorphic shell code • URL tricks • Encode URLs • Traversal “/bogusdirector/../vulnerable/script.cgi” • TCP games • Back Packet Data, Fake RST ...

  9. Tools of the trade • Fragrouter (previously know as fragroute, of the dsniff suite) • Used to bypass • Firewalls • NIDS • Paketto (suite) • Interesting layer 2 tools • Fast state-less scanner • Traceroute through stateful firewalls • Nmap • Look for trust relationships • Easily detect packet filters

  10. More tools • Snot • Generates alerts based on a Snort ruleset • Causes a lot of alarms, hard to find the 'real' attack • Snort does have countermeasures • Stick • Similar to Snot • Apparently not as full featured • Nessus • Has built in NIDS evasion techniques • Whisker • Pioneered some of the NIDS evasion • Hping • Custom packet creation

  11. How do these things work?

  12. Useful Sites • http://www.doxpara.com/ • http://www.dcphonehome.com/ • Currently dead • http://www.securityfocus.com/tools/176 • http://www.wiretrip.net/rfp/ • http://www.remoteassessment.com/ • http://www.nessus.org/doc/nids.html • http://sooshie.tamu.edu/ • Shamless plug of site list

More Related