【文章內(nèi)容簡介】 = True If Then HKCU\software\OnTheFly\mailed, 1 End If Next End If Next end if End Function 39。Vbswg Worm (Anna Kournikova) Sanjay Goel, School of Business, University at Albany 19 ? This is a program that secretly gets installed on a puter planting a secret payload that can allow a hacker who planted it access to do things such as stealing passwords or recording key strokes and transmitting them to a third party ? A logic bomb is a trojan horse that executes when certain conditions bee true – Most monly executes at a specific date and time ? Example: Cute Trojan Horse allows hackers to destroy the firewalls installed on puters. Trojan Horse Sanjay Goel, School of Business, University at Albany 20 HACKERS Sanjay Goel, School of Business, University at Albany 21 ? Most hackers try to test the system limitations out of intellectual curiosity amp。 bragging rights ? Cyber criminals hack into corporate puters to steal money or credit card numbers – In March 2022 FBI reported that over 1 million credit card numbers were stolen by cyber criminals in Russia amp。 Ukraine ? Cyber terrorists try to push their political agenda by coercion via puterbased attacks against puters and works – NATO puters were blasted with infected s to protest against bombings in Kosovo during the 1999 conflict – Lucent was made target for DOS attacks by a group protesting against its business with Israel ? Disgruntled employees often venting anger at a pany or anization by hacking amp。 stealing information or causing damage to puter systems Why do Hackers Attack? Sanjay Goel, School of Business, University at Albany 22 ? Active Attacks – Denial of Service – Breaking into a site ? Intelligence Gathering ? Resource Usage ? Deception ? Passive Attacks – Sniffing ? Passwords ? Network Traffic ? Sensitive Information – Information Gathering Types of Hacker Attack Sanjay Goel, School of Business, University at Albany 23 ? Spoofing ? Session Hijacking ? Denial of Service Attacks ? Buffer Overflow Attacks ? Password Attacks Modes of Hacker Attack Sanjay Goel, School of Business, University at Albany 24 Definition: An attacker alters his identity so that some one thinks he is some one else – Email, User ID, IP Address, … – Attacker exploits trust relation between user and worked machines to gain access to machines Types of Spoofing: 1. IP Spoofing: 2. Email Spoofing 3. Web Spoofing Spoofing Sanjay Goel, School of Business, University at Albany 25 ? There are three basic flavors of IP spoofing attacks – Basic Address Change – Use of source routing to intercept packets – Exploiting of a trust relationship on UNIX machines IP Spoofing Sanjay Goel, School of Business, University at Albany 26 Definition: Attacker uses IP address of another puter to acquire information or gain access IP Spoofing – Basic Address Change Replies sent back to Spoofed Address Attacker John From Address: To Address: ? Attacker changes his own IP address to spoofed address ? Attacker can send messages to a machine masquerading as spoofed machine ? Attacker can not receive messages from that machine Sanjay Goel, School of Business, University at Albany 27 ? Simple Mechanism – From start menu select settings ? Control Panel – Double click on the work icon – Right click the LAN connection and select properties – select Inter Protocol (TCP/IP) and click on properties – Change the IP address to the address you want to spoof – Reboot the machine – All packets sent from the machine have the spoofed address Basic Address Change (Windows) Sanjay Goel, School of Business, University at Albany 28 ? Use ifconfig mand – Write Details Basic Address Change (Unix) Sanjay Goel, School of Business, University at Albany 29 ? Limitation – Flying Blind Attack . user can not get return messages – Any protocol which requires 3way connection can not be used – UDP which is connectionless can be used to send packets ? Uses – Used in denialofservice attack where a single packet can crash a machine IPSpoofing (Basic Address Change) Sanjay Goel, School of Business, University at Albany 30 ? Prevention – You can protect your machines from being used to launch a spoofing attack – You can do little to prevent other people from spoofing your address ? Users can be prevented from having access to work configuration ? To protect your pany from spoofing attack you can apply basic filters at your routers – Ingress Filtering: Prevent packets from outside ing in with address from inside. – Egress Filtering: Prevents packets not having an internal address from leaving the work IP Spoofing – Basic Address Change Sanjay Goel, School of Business, University at Albany 31 Definition: Attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies IP Spoofing – Source Routing Replies sent back to Spoofed Address Attacker John From Address: To Address: ? The path a packet may change can vary over time Attacker intercepts packets as they go to Sanjay Goel, School of Business, University at Albany 32 ? Attacker uses source routing to ensure that the packets pass through certain nodes on the work – Loose Source Routing (LSR): The sender specifies a list of addresses that the packet must go through but it can go to any other address if it needs to. – Strict Source Routing (SSR): The sender specifies the exact path for the packet and the packet is dropped if the exact path can not be taken. ? Source Routing works by using a 39byte source route option field in the IP