180 likes | 317 Views
Thach Luong ECE 478 - Network Security March 7, 2005. Definitions. Multiple definition (mostly negative) One who uses programming skills to gain illegal access to a computer network or file. One who is proficient at using or programming a computer; a computer buff. Good and Bad Hackers.
E N D
Thach Luong ECE 478 - Network Security March 7, 2005
Definitions • Multiple definition (mostly negative) • One who uses programming skills to gain illegal access to a computer network or file. • One who is proficient at using or programming a computer; a computer buff.
Good and Bad Hackers • Media Misconceptions • Hacking involves illegal activities. • Good hackers defend companies. • Focus: Bad Hackers • Information thefts (personal, business, government, etc). • Destruction • Terrorism
First Network Hack (Telephone) • John Draper (AKA Cap’n Crunch) • 1970’s: • Free long distance calls using a whistle found in a cereal box. • Whistle emits the same frequency as AT&T long lines to indicate a line was ready to route a new call (2600 Hz).
First Network Hack (Telephone) • Flaw: • AT&T took cost cutting measures. • The signaling and voice used the same circuit. • This flaw made the system vulnerable to anybody that can generate 2600 Hz. • Solution: • Now signaling takes place on a separate path from the one you talk on.
First Computer Hacks (worms) • 1986 • Federal Computer Fraud and Abuse Act. • 1988: Robert Morris (Graduate in CS at Cornell). • Wrote an experimental, self-replicating, self-propagating program (worm). • Crashed 6,000 net-linked computers. • Three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision.
The Worm • Hole in the debug mode of Unix’s sendmail. • Hole in the finger daemon fingerd, which serves finger requests. • The worm kept replicating itself hundreds and hundreds of times. • The loop caused the computer’s memories, drives, and processors to get filled up and stop working.
Sniffers • Grabs all of the traffic flowing into and out of a computer attached to a network. • Tells its Network Interface Card (NIC) to stop ignoring all the traffic headed to other computers. • promiscuous mode • A machine can see all the data transmitted on its segment.
Sniffers • Timestamps • Source and destination MAC addresses • Source and destination IP addresses. • The numbered lines (0x00##). • Shows the data transmitted by each packet in hexadecimal format.
Sniffers Solutions • Anti-Sniffing tools • Encryption • Switched networks. • Non-switched environment. • Packets are visible to every node on the network. • Switched environment • Packets are only delivered to the target address.
Spoofing • Creation of TCP/IP packets using somebody else's IP address. • Routers use the "destination IP" address in order to forward packets through the Internet, but ignore the "source IP" address.
Spoofing Solutions • Disable JavaScript in your browser. • The attacker will be unable to hide the evidence of the attack. • Make sure your browser’s location line is always visible. • They should always point to the server you think you’re connected to.
Phishing • ‘Spoofed' e-mails and fraudulent websites designed to fool recipients into releasing personal data such as: • Credit card numbers • Account usernames and passwords • Social security numbers, etc.
Phishing Solutions • Do not reply to email or pop-up that asks for personal or financial information. • Don’t email personal or financial information. • Be cautious about opening any attachment or downloading any files from emails. • Report suspicious activity to the FTC.
Port-Scanning • The act of systematically scanning a computer's ports. • A port is a place where information goes into and out of a computer. • Port scanning identifies open doors to a computer.
Types of Port-Scans • Vanilla • Attempts to connect to all 65,535 ports. • Strobe • A more focused scan looking only for known services to exploit. • Fragmented packets • The scanner sends packet fragments that get through simple packet filters in a firewall. • UDP • The scanner looks for open UDP ports. • Sweep • The scanner connects to the same port on more than one machine. • FTP bounce • The scanner goes through an FTP server in order to disguise the source of the scan. • Stealth scan • The scanner blocks the scanned computer from recording the port scan activities.
Port-Scanning Solutions • Accessing the Internet server opens a port, which opens a door to your computer. • There are software products that can stop a port scanner from doing any damage to your system.
Sources • [1] “A history of hacking.” http://www.sptimes.com/Hackers/history.hacking.html. 2000. • [2] “Good hackers, bad hackers, and hackers-for-hire .” http://techrepublic.com.com/5100-6228-1031352.html#. 2005. • [3] “Hackers.” http://tlc.discovery.com/convergence/hackers/hackers.html. 2005. • [4] “Web Crunchers.” http://www.webcrunchers.com/crunch/story.html. 2004. • [5] “Sniffers.” http://www.securityfocus.com/infocus/1549. February 2002. • [6] “Web Spoofing.” http://www.cs.princeton.edu/sip/pub/spoofing.pdf. 1997. • [7] “Anti-Phishing.” http://www.antiphishing.org. January 2005. • [8] “Port-Scanning.” http://www.cs.wright.edu/~pmateti/Courses/499/Probing. 2001. • [9] “Port-Scanning.” http://e-comm.webopedia.com/TERM/P/port_scanning.html. 2005.