Phenoelitdeirpas icmpredir yuri volobuev iit kanpur

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: edirect (Phenoelit) (http://www.phenoelit.de/irpas/) icmp_redir (Yuri Volobuev) IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 23 Local to remote attacks (2) ICMP redirect - countermeasures YES - Disable the ICMP REDIRECT NO - Linux has the “secure redirect” options but it seems to be ineffective against this attack IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 24 Local to remote attacks (3) IRDP spoofing The attacker can forge some advertisement packet pretending to be the router for the LAN. He/she can set the “preference level” and the “lifetime” at high values to be sure the hosts will choose it as the preferred router. The attack can be improved by sending some spoofed ICMP Host Unreachable pretending to be the real router IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 25 Local to remote attacks (3) IRDP spoofing - tools IRPAS by Phenoelit (http://www.phenoelit.de/irpas/) IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 26 Local to remote attacks (3) IRDP spoofing - countermeasures YES - Disable IRDP on hosts if the operating system permit it. IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 27 Local to remote attacks (4) ROUTE mangling INTERNET GW AT H The attacker can forge packets for the gateway (GW) pretending to be a router with a good metric for a specified host on the internet IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 28 Local to remote attacks (4) ROUTE mangling Now the problem for the attacker is to send packets to the real destination. He/she cannot send it through GW since it is convinced that the best route is AT. Tunnel AT2 D INTERNET GW AT H IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 29 Local to remote attacks (4) ROUTE mangling - tools IRPAS (Phenoelit) (http://www.phenoelit.de/irpas/) Nemesis ( http://www.packetfactory.net/Projects/nemesis/) IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 30 Local to remote attacks (4) ROUTE mangling - countermeasures YES - Disable dynamic routing protocols in this type of scenario YES - Enable ACLs to block unexpected update YES - Enable authentication on the protocols that support authentication IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 31 Attacks techniques Remote scenarios IIT IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 32 Remote attacks (1) DNS poisoning Type 1 attack n n n The attacker sends a request to the victim DNS asking for one host The attacker spoofs the reply which is expected to come from the real DNS The spoofed reply must contain the correct ID (brute force or semi-blind guessing) IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 33 Remote attacks (1) DNS poisoning Type 2 attack n n The attacker can send a “dynamic update” to the victim DNS If the DNS processes it, it is even worst because it will be authoritative for those entries IIT Kanpur Hacker’s Workshop 2004 23, 24 Feb 2004 34 Remote attacks (1) DNS poisonin...
View Full Document

This document was uploaded on 03/17/2014 for the course CS 393 at NYU Poly.

Ask a homework question - tutors are online