You are on page 1of 26


What are viruses? • A virus attack is when your computer's security is penetrated, and someone tries to steal your computer information and documents. Viruses can also try to plant/seed your computer by making a fake program somewhere deep in your un-used documents, which may most likely be called a "Trash bin", or an unneeded file for a game.

Types of virus attacks on wn are • Trojan horse • E-mail Borne Viruses • Bootsector virus • Bluesnarfing etc .

Normally a computer only looks at packets addressed to it and ignores the rest of the traffic on the network.Network Sniffers • • • • intercept and log traffic passing over a digital network or part of a network. Works for both wired and wireless medium . But when a network sniffer is set up it captures all the traffic in the network.

protocol. host or server name and so on .Positive Usage of Network Sniffers • • • • • Capturing packets Recording and analyzing traffic Maintaining network and system working Converting data to readable format Showing relevant information like IP.

. account. • Recording email or instant message and resuming its content. credit ID. like username. • Disserving the security of network places or to gain higher level authority. and password. • Capturing special and private information of transactions. • Some Sniffers even can modify target computer's information and damage system. which is the main reason for most illegal uses of sniffing tool.Negative Usage of Network Sniffers • Catching password.

. IPSec.Protection • • • • SSH(Secure Shell) HTTPS(HTTP Secure or HTTP over SSL) Rejecting promiscuous mode.

WHAT IS FIREWALL? • Software or hardware security device • The main purpose of a firewall is to separate a secure area from a less secure area and to control communications between the two. .

Packet filtering 2. • Methods of packet filtering 1. Proxy service 3.HOW FIREWALL WORKS • Inspects and filters each individual packet of data. Stateful inspection .

FIREWALL ATTACKS • • • • • • • Port scan Network traffic flood Malformed network packets Fragmentation attacks IP spoofing Attacks through external systems Attacks through content .

FIREWALL ADD-ONS • • • • Strong user authentication Firewall-to-firewall encryption Content screening devices. Flow control .

Denial of Service • The goal of a denial of service attack is to deny legitimate users access to a particular resource. • An incident is considered an attack if a malicious user intentionally disrupts service to a computer or network resource. • Resource exhaustion (consume all bandwidth. disk space) .

Anti Globalization.) – Terrorists (Aid causes of war) – Competitors (Mostly “grey area” industries such as gambling ) – Military • While some other types of DoS hackers exist but they are negligible .• Denial of Service attacks are usually conducted by few types of attackers: – The “Fun” Hackers (Because they can…) – Activists (Anarchists. etc.

Network based DoS attacks 1. tcp SYN flooding • • . Attacker initiates a TCP connection to the server with a SYN. • • UDP bombing Echo and chargen were used in the past for network testing. the echo was connected to the chargen generating huge amounts of traffic. 2. Client does not reply with an ACK causing server to allocate memory for the pending connection.Server replies with a SYN-ACK.

. • Some systems. resulting in denial of service. upon receiving the oversized packet. 4. freeze. or reboot. • Every host on the network receives the ICMP echo request and sends back an ICMP echo response inundating the initiator with network traffic. PING of death • The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim. SMURF attack • A smurf attack consists of a host sending an ICMP echo request (ping) to a network broadcast address.3. will crash.

unexpected and unintended behaviour • Mistakes or errors in source code or design .SOFTWARE BUGS • A flaw. error or fault in a computer program or system • Incorrect.

COMMON TYPES OF BUGS • • • • • Arithmetic bugs Logic bugs Syntax bugs Resource bugs Multi-threading programming bugs .

FAMOUS SOFTWARE DISASTERS • • • • Therac-25 radiation therapy(1985) Y2K(1999) Sony BMG CD copy prevention scandal(2005) AT&T long distance network crash(1990) .

BUFFER OVERFLOW • Goal-to subvert the function of a program • To achieve this : • Arrange for suitable codes to be available in program’s address space • Get the program to jump to that code .

PROTECTIVE MEASURES • • • • • • Choice of programming language Use of safe libraries Buffer overflow protection Pointer protection Executable space protection Address space layout randomization .

BUFFER OVERFLOW ATTACKS • Buffer overflow in Berkeley UNIX finger daemon (Morris worm) • Ping of Death • Code red worm .

TCP Hijacking • TCP • What is TCP hijacking • Requirements .

An attacker needs to know all 5. • Source IP address • Destination IP address • Source Port • Destination Port • Sequence Number  The Problem with Sequence Numbers  Guessing the port  Blind hijacking and session hijacking . Any TCP connection is made unique through 5 parameters.

TCP Hijacking Process .

• Use strong encryption on protocols •Use of a long random number or string as the session key.TCP ACK storm Countermeasures for TCP hijacking include. • Use patches to ensure smaller windows and random source ports • Regenerating the session id after a successful login •Users may also wish to log out of websites whenever they are finished using them ..

Conclusion • The Internet works only because we implicitly trust one another • It is very easy to exploit this trust • The same holds true for software • It is important to stay on top of the latest cyber security advisories to know how to patch any security holes .