If the mitm attack is a proxy attack it is even

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: on synchronized while injecting packets. If the mitm attack is a “proxy attack” it is even easier to inject (there are two distinct connections) IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 48 Injection attack examples Command injection Useful in scenarios where a one time authentication is used (e.g. RSA token). In such scenarios sniffing the password is useless, but hijacking an already authenticated session is critical Injection of commands to the server Emulation of fake replies to the client IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 49 Key Manipulation in the case of popular VPN/crypto systems SSH v1 IPSEC HTTPS IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 50 Key Manipulation attack example S public Modification of the SH v1 key exchanged by server and client. Server S­KEY M start KEY(rsa) Ekey[S­Key] Eskey(M) MITM S­KEY Client KEY(rsa) Ekey[S­Key] S­KEY D(E(M)) IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 D(E(M)) 51 Key manipulation attack example IPSEC If two or more clients share the same “secret”, each of them can impersonate the server with another client. Diffie­Hellman exchange 1 – Authenticated by pre­shared secret Client Diffie­Hellman exchange 2 – Authenticated by pre­shared secret mitm De­Crypt Packet Re­Crypt Packet IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 Serve r 52 Key manipulation attack example HTTPS We can create a fake certificate (eg: issued by VerySign) relying on browser misconfiguration or user dumbness. Client Fake cert. MiM Real Connection to the server IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 Serve r 53 Filtering attacks The attacker can modify the payload of the packets by recalculating the checksum He/she can create filters on the fly The length of the payload can also be changed but only in full-duplex (in this case the seq has to be adjusted) IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 54 Filtering attacks example Code Filtering / Injection Insertion of malicious code into web pages or mail (javascript, trojans, virus, etc) Modification on the fly of binary files during the download phase (virus, backdoor, etc) IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 55 Filtering attacks example HTTPS redirection Let’s see an example Change form destination to http://attacker Http post (login\password) Client Auto­submitting hidden form with right authentication data Http main page with https login form MiM Server login password Real https authentication post Authenticated connection IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 56 Downgrade attacks for typical VPN/crypto systems SSH v2 IPSEC PPTP IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 57 Downgrade attack examples SSH v2 v1 Parame...
View Full Document

This document was uploaded on 03/17/2014 for the course CS 393 at NYU Poly.

Ask a homework question - tutors are online