Download DOS Attacks

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
Document related concepts
no text concepts found
Transcript 
http://www.hackingmobilephones.com
HACKED!!!
Securing your Business
Hacked!!!
Ankit Fadia
Ethical Hacker
[email protected]
http://www.hackingmobilephones.com
How to become a Computer Security Expert?
Hacking Attitude
Programming Language
Networking Guru
Basics of Unix
http://www.hackingmobilephones.com
Hacker VS Cracker
Hacker
Cracker
Lots of Knowledge & Lots of Knowledge &
Experience.
Experience.
Good Guy
Bad Guy
Strong Ethics
Poor Ethics
No Crime
Commits crime
Fights Criminals.
Is the criminal
http://www.hackingmobilephones.com
Facts and Figures
FBI INTELLIGENCE REPORT
300,000
250,000
200,000
150,000
100,000
50,000
0
250,675
21,756
2000
52,658
64,981
2001
2002
87,770 101,311
2003
2004
Incidents Recorded Worldwide
2005
http://www.hackingmobilephones.com
TOP 6 CYBERSECURITY ATTACKS
• TOP 6 CyberSecurity Attacks:

Privacy Attacks

Email Forging Attacks

Sniffer Attacks

DOS Attacks

Password Attacks
http://www.hackingmobilephones.com
Individual Internet User
Mumbai Lady Case
•
A lady based in Mumbai, India lived in a 1
room apartment.
•
Was a techno-freak and loved chatting on
the Internet.
•
Attacker broke into her computer &
switched her web camera on!
•
Biggest cyber crime involving privacy
invasion in the world!
http://www.hackingmobilephones.com
Government Sector
NASA
•
The premier space research agency in the
world.
•
Had just finished a successful spaceship
launch, when the unexpected happened.
•
The path of the spaceship was changed
remotely by a 11 year old Russian teenager.
•
Loss of money. Unnecessary Worry.
http://www.hackingmobilephones.com
PRIVACY ON THE INTERNET: IP Addresses
• Every system connected to a network has a unique Internet Protocol (IP)
Address which acts as its identity on that network.
• An IP Address is a 32-bit address which is divided into four fields of 8bits each. For Example, 203.94.35.12
• All data sent or received by a system will be addressed from or to the
system.
• An IP Address it to your computer, what your telephone number is to
you!
• An attacker’s first step is to find out the IP Address of the target system.
http://www.hackingmobilephones.com
IP Addresses: Finding an IP Address
 A remote IP Address can easily be found out by any of the following
methods:
Through Instant Messaging Software or Internet Telephony (Skype)
Through Internet Relay Chat
Through Your website
Through Email Headers
http://www.hackingmobilephones.com
Countermeasures
Countermeasures
Do not accept File transfers or calls from unknown people
Chat online ONLY after logging on through a Proxy Server.
http://www.hackingmobilephones.com
IP Addresses: Dangers & Concerns
Dangers & Concerns









DOS Attacks
Disconnect from the Internet
Trojans Exploitation
Geographical Information: Click Here
File Sharing Exploits
Invades your Privacy
Spy on You
Steal your Passwords
Slow Your Internet Access Speed.
PRIVACY INVASION IS INDEED A REALITY!
http://www.hackingmobilephones.com
TROJANS
TROJANS
Definition:
Trojans act as RATs or Remote Administration Tools that allow remote
control and remote access to the attacker.
Working: See Demo.
Threats:
Corporate Espionage, Password Stealing, IP Violation, Spying etc.
Tools:
Netbus, Girlfriend, Back Orrifice and many others.
http://www.hackingmobilephones.com
TROJANS
COUNTERMEASURES
•
Port Scan your own system regularly.
•
If you find a irregular port open, on which you usually do not
have a service running, then your system might have a Trojan
installed.
•
One can remove a Trojan using any normal Anti-Virus Software.
•
A typical Trojan automatically loads itself into the memory, each
time the computer boots.
•
Hence, one should search all the start up files of the system and
remove any references to suspicious programs.
http://www.hackingmobilephones.com
TOP 5 CYBERSECURITY ATTACKS
• TOP 5 CyberSecurity Attacks:

Privacy Attacks

Email Forging Attacks

Sniffer Attacks

DOS Attacks

Password Attacks
http://www.hackingmobilephones.com
Consumer Electronic Goods Sector
TV Group
•
One of the largest manufacturers of
televisions and other electronic goods in the
world.
•
Attacker sent an abusive forged email to all
investors, employees and partners
worldwide from the Chairman’s account.
•
Tainted relations.
http://www.hackingmobilephones.com
Email Forging
Email Forging
Definition:
Email Forging is the art of sending an email from the victim’s email account
without knowing the password.
Working:
ATTACKER-----Sends Forged email----- FROM VICTIM
Tools:
None required! DEMO
http://www.hackingmobilephones.com
Email Forging
COUNTERMEASURES

NOTHING can stop the attacker.

Use Secure email systems like PGP.

Digitally sign your emails.
http://www.hackingmobilephones.com
TOP 6 CYBERSECURITY ATTACKS
• TOP 6 CyberSecurity Attacks:

Privacy Attacks

Email Forging Attacks

Sniffer Attacks

DOS Attacks

Password Attacks
http://www.hackingmobilephones.com
Healthcare Sector
Healthcare Group
•
One of the largest shaving solutions
companies in the world.
•
Attacker broke into network and cancelled
approximately 35 different orders of raw
materials from supplier.
•
Loss of revenue. Delay in Product launch.
http://www.hackingmobilephones.com
Fashion Entertainment Sector
Fashion House Group
•
One of the most successful fashion
designers in Europe.
•
Stole all designs and marketing plans.
•
Came out with the same range of
clothes a week before.
•
Loss of Revenue. R&D & Creative
work down the drain.
http://www.hackingmobilephones.com
SNIFFERS
SNIFFERS
Definition:
Sniffers are tools that can capture all data packets being sent across the
entire network in the raw form.
Working: ATTACKER-----Uses sniffer for spying----- VICTIM
Threats:
Corporate Espionage, Password Stealing, IP Violation, Spying etc.
Tools:
Tcpdump, Ethereal, Dsniff and many more.
http://www.hackingmobilephones.com
SNIFFERS
COUNTERMEASURES


Switch to Switching Networks. (Only the packets meant for that
particular host reach the NIC)
Use Encryption Standards like SSL, SSH, IPSec.
http://www.hackingmobilephones.com
TOP 6 CYBERSECURITY ATTACKS
• TOP 6 CyberSecurity Attacks:

Privacy Attacks

Email Forging Attacks

Sniffer Attacks

DOS Attacks

Password Attacks
http://www.hackingmobilephones.com
Internet Services Sector
Internet Services
•
Yahoo, Amazon, Ebay, BUY.com brought
down for more than 48 hours!
•
All users across the globe remained
disconnected.
•
Attackers were never caught.
•
Loss of Revenue. Share values down.
http://www.hackingmobilephones.com
Denial of Services (DOS) Attacks
DOS ATTACKS
Definition:
Such an attack clogs up so much bandwidth on the target system that it
cannot serve even legitimate users.
Working:
ATTACKER-----Infinite/ Malicious Data----- VICTIM
Tools:
Ping of Death, SYN Flooding, Teardrop, Smurf, Land [TYPES]
Trin00, Tribal Flood Network etc [TOOLS]
http://www.hackingmobilephones.com
Denial of Services (DOS) Attacks
BUSINESS THREATS
•All services unusable.
•All users Disconnected.
•Loss of revenue.
•Deadlines can be missed.
•Unnecessary Inefficiency and Downtime.
•Share Values go down. Customer Dissatisfaction.
http://www.hackingmobilephones.com
DOS Attacks
COUNTERMEASURES









Separate or compartmentalize critical services.
Buy more bandwidth than normally required to count for sudden
attacks.
Filter out USELESS/MALICIOUS traffic as early as possible.
Disable publicly accessible services.
Balance traffic load on a set of servers.
Regular monitoring and working closely with ISP will always help!
Patch systems regularly.
IPSec provides proper verification and authentication in the IP
protocol.
Use scanning tools to detect and remove DOS tools.
http://www.hackingmobilephones.com
TOP 6 CYBERSECURITY ATTACKS
• TOP 6 CyberSecurity Attacks:

Privacy Attacks

Email Forging Attacks

Sniffer Attacks

DOS Attacks

Password Attacks
http://www.hackingmobilephones.com
Recommendations and Countermeasures
•
National CERTS and Cyber Cops.
•
Security EDUCATION and
TRAINING.
•
Increase Security budgets.
•
Invest on a dedicated security team.
•
Security by obscurity?
http://www.hackingmobilephones.com
THE FINAL WORD
THE FINAL WORD
•The biggest threat that an organization faces continues to be from….
THEIR OWN EMPLOYEES!
http://www.hackingmobilephones.com
Is Internet Banking Safer than ATM Machines?
ATM MACHINES VS INTERNET BANKING
ATM Machines
Easier to crack.
Internet Banking
Difficult to crack, if latest SSL used.
Soft Powdery Substance.
Unencrypted PIN Number.
Software/ Hardware Sniffer.
Fake ATM Machine
Earlier SSL standards quite weak.
http://www.hackingmobilephones.com
ATM Hacking
http://www.hackingmobilephones.com
ATM Hacking
http://www.hackingmobilephones.com
ATM Hacking
http://www.hackingmobilephones.com
ATM Hacking
http://www.hackingmobilephones.com
Mobile Phone Hacking
Mobile Phone Attacks

Different Types:










BlueJacking
BlueSnarfing
BlueBug Attacks
Failed Authentication Attacks
Malformed OBEX Attack
Malformed SMS Text Message Attack
Malformed MIDI File DOS Attack
Jamming
Viruses and Worms
Secret Codes: *#92702689# or #3370*
http://www.hackingmobilephones.com
AN ETHCAL GUIDE TO HACKING MOBILE PHONES
Ankit Fadia
Title: An Ethical Hacking Guide to
Hacking Mobile Phones
Author: Ankit Fadia
Publisher: Thomson Learning
http://www.hackingmobilephones.com
THE UNOFFICIAL GUIDE TO ETHICAL HACKING
Ankit Fadia
Title: The Unofficial Guide To Ethical
Hacking
Author: Ankit Fadia
Publisher: Thomson Learning
http://www.hackingmobilephones.com
NETWORK SECURITY: A HACKER’S PERSPECTIVE
Ankit Fadia
Title: Network Security: A Hacker’s
Perspective
Author: Ankit Fadia
Publisher: Thomson Learning
http://www.hackingmobilephones.com
THE ETHICAL HACKING GUIDE TO CORPORATE SECURITY
Ankit Fadia
Title: The Ethical Hacking Guide to
Corporate Security
Author: Ankit Fadia
Publisher: Macmillan India Ltd.
http://www.hackingmobilephones.com
THE ETHICAL HACKING SERIES
Ankit Fadia
Title: Email Hacking
Author: Ankit Fadia
Publisher: Vikas Publications
Title: Windows Hacking
Author: Ankit Fadia
Publisher: Vikas Publications
http://www.hackingmobilephones.com
HACKED!!!
Securing your Business
Questions?
Ankit Fadia
Ethical Hacker
[email protected]
Related documents
No Slide Title
No Slide Title
dos_nanog
dos_nanog
Honeynet Project
Honeynet Project
Systems Security
Systems Security
Research Areas - The George Washington University
Research Areas - The George Washington University
Malicious code, Mobile Code and Denial of Service attacks
Malicious code, Mobile Code and Denial of Service attacks
Heart Attack - Coffee Regional Medical Center
Heart Attack - Coffee Regional Medical Center
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS)
Skating on Stilts
Skating on Stilts
Chapter 1 Exploring the Network
Chapter 1 Exploring the Network