Lecture 4 - Owning the Box

Lecture 4 - Owning the Box - CS 6823 - Network Security CS...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CS 6823 - Network Security CS 6823 - Network Security 1 Network Security CS 6823 Lecture 4 Owning the Box, Covering Your Tracks and Forensics Keith OBrien keith@keithobrien.org CS 6823 - Network Security CS 6823 - Network Security Network Attack Methodology Recon Information gathering Scanning Enumeration Vulnerability Identification Exploit Gaining access Elevating given access Application/Web level attacks Denial of Service (DOS) 12 Keeping Access Covering the tracks CS 6823 - Network Security Trojans Non self replicating back door program which runs hidden on the infected computer. Can be installed using one of the following methods: Non-trusted software download Email Attachments Application level exploits Executable content on websites (Flash or ActiveX) Trojan can be used to maintain control of the system, access password, keylog, etc. 3 CS 6823 - Network Security Viruses, Worms Virus - A virus typically attaches itself to another program to enable replication much like a human virus. Worm - A worm is similar to a virus but by design is self replicating. A worm can replicate through a network without the assistance of a human. Blended Threat combines aspect of Trojans viruses and worms. CodeRed was a example of a blended threat which at the same time launched DDOS attacks, left behind trojans and was self replicating. 4 CS 6823 - Network Security Trojans What is the Objective Trojan creators these days are typically motivated by financial gain. Hence they typically look for credit card, account data, confidential documents, financial data, etc. Can also allow for the victims computer to become a remote proxy which will allow for the attacker to mask their tracks for additional attacks. Typically also will plant the ability to launch DDOS type attacks making the infected computer part of a BOTnet. 5 CS 6823 - Network Security TCP/UDP Port Typically Used by Trojans Trojan Protocol Port Back Oriface UDP 31337 or 31338 Deep Throat UDP 2140 and 3150 NetBus TCP 12345 and 12346 Whack a mole TCP 12361 and 12362 NetBus 2 Pro TCP 20034 GirlFriend TCP 21544 Masters Paradise TCP 3129, 40421, 40422, 40423, 40426 6 CS 6823 - Network Security Determining which ports are listening Windows Start->Run->CMD netstat an netstat an |findstr <port number> 7 CS 6823 - Network Security Proxy Server Trojans Starts a hidden http proxy on the victims computer. Attacker uses the victims computer as a transit point to attack yet another victim. Hides the location of the attacker. 8 CS 6823 - Network Security NetBus Trojan Remote control trojan program....
View Full Document

This note was uploaded on 11/02/2010 for the course CS 393 taught by Professor Staff during the Spring '08 term at NYU Poly.

Page1 / 55

Lecture 4 - Owning the Box - CS 6823 - Network Security CS...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online