Undead Attack
•
2 j'aime•531 vues
Talk that I delivered during the What the Hack! conference.
Recommandé
Contenu connexe
En vedette
Similaire à Undead Attack
Similaire à Undead Attack (20)
Dernier
Dernier (20)
Undead Attack
- 1. Diego Protta Casati Leandro Spínola Rodrigues
- 3. Como surgiu? ● Criar um Hackathon em Santa Rita do Sapucaí/MG ● 1° Hackathon: 07/03/2004 ● Análise de pacotes TCP, utilizando OpenBSD, FreeBSD e Windows XP, na tentativa de encerrar uma conexão de Telnet
- 4. Uma breve explicação da falha O que descobrimos? ● Condição anormal na pilha do TCP/IP ● Estado não previsto na implementação da pilha Qual o problema disso? ● Aumento do consumo de CPU ● Queda de performance da rede Quem esta vulnerável???
- 5. Sistemas Afetados Microsoft Windows XP Professional SP2 Microsoft Windows NT Enterprise Server 4.0 SP5 Microsoft Windows XP Professional SP1 Microsoft Windows NT Enterprise Server 4.0 SP4 Microsoft Windows XP Professional Microsoft Windows NT Enterprise Server 4.0 SP3 Microsoft Windows XP Home SP2 Microsoft Windows NT Enterprise Server 4.0 SP2 Microsoft Windows XP Home SP1 Microsoft Windows NT Enterprise Server 4.0 SP1 Microsoft Windows XP Home Microsoft Windows NT Enterprise Server 4.0 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows 98SE Microsoft Windows Server 2003 Web Edition Microsoft Windows 2000 Server SP4 Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows 2000 Server SP3 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows 2000 Server SP2 Microsoft Windows Server 2003 Standard Edition Microsoft Windows 2000 Server SP1 Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows 2000 Server Microsoft Windows Server 2003 Enterprise Edition 64-bit SP1 + Avaya DefinityOne Media Servers Microsoft Windows Server 2003 Enterprise Edition 64-bit + Avaya IP600 Media Servers Microsoft Windows Server 2003 Enterprise Edition SP1 + Avaya S3400 Message Application Server Microsoft Windows Server 2003 Enterprise Edition + Avaya S8100 Media Servers Microsoft Windows Server 2003 Datacenter Edition 64-bit SP1 Microsoft Windows 2000 Professional SP4 Microsoft Windows Server 2003 Datacenter Edition 64-bit Microsoft Windows 2000 Professional SP3 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows 2000 Professional SP1 Microsoft Windows NT Server 4.0 SP6a Microsoft Windows 2000 Professional Microsoft Windows NT Server 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Server 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Server 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Server 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Server 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Server 4.0 SP1 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Server 4.0 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Enterprise Server 4.0 SP6
- 6. Microsoft Windows NT Terminal Server 4.0 SP6a Linux kernel 2.6.9 Linux kernel 2.6 Microsoft Windows NT Terminal Server 4.0 SP6 Linux kernel 2.6.8 rc3 Linux kernel 2.4.30 rc3 Microsoft Windows NT Terminal Server 4.0 SP5 Linux kernel 2.6.8 rc2 Linux kernel 2.4.30 rc2 Microsoft Windows NT Terminal Server 4.0 SP4 Linux kernel 2.6.8 rc1 Linux kernel 2.4.30 Microsoft Windows NT Terminal Server 4.0 SP3 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.4.29 -rc2 Microsoft Windows NT Terminal Server 4.0 SP2 + Ubuntu Ubuntu Linux 4.1 ia64 Linux kernel 2.4.29 -rc1 Microsoft Windows NT Terminal Server 4.0 SP1 + Ubuntu Ubuntu Linux 4.1 ppc Linux kernel 2.4.29 Microsoft Windows NT Terminal Server 4.0 Linux kernel 2.6.8 Linux kernel 2.4.28 Microsoft Windows 2000 Datacenter Server SP4 Linux kernel 2.6.7 rc1 Linux kernel 2.4.27 -pre5 Microsoft Windows 2000 Datacenter Server SP3 Linux kernel 2.6.7 Linux kernel 2.4.27 -pre4 Microsoft Windows 2000 Datacenter Server SP2 Linux kernel 2.6.6 rc1 Linux kernel 2.4.27 -pre3 Microsoft Windows 2000 Datacenter Server SP1 Linux kernel 2.6.6 Linux kernel 2.4.27 -pre2 Microsoft Windows 2000 Datacenter Server Linux kernel 2.6.5 Linux kernel 2.4.27 -pre1 Microsoft Windows 2000 Advanced Server SP4 Linux kernel 2.6.4 Linux kernel 2.4.27 Microsoft Windows 2000 Advanced Server SP3 Linux kernel 2.6.3 Linux kernel 2.4.26 Microsoft Windows 2000 Advanced Server SP2 Linux kernel 2.6.2 Linux kernel 2.4.25 Microsoft Windows 2000 Advanced Server SP1 Linux kernel 2.6.1 -rc2 Linux kernel 2.4.24 -ow1 Microsoft Windows 2000 Advanced Server Linux kernel 2.6.1 -rc1 Linux kernel 2.4.24 Linux kernel 2.6.11 .6 Linux kernel 2.6.1 Linux kernel 2.4.23 -pre9 Linux kernel 2.6.11 .5 Linux kernel 2.6 .10 Linux kernel 2.4.23 -ow2 Linux kernel 2.6.11 -rc4 Linux kernel 2.6 -test9-CVS Linux kernel 2.4.23 Linux kernel 2.6.11 -rc3 Linux kernel 2.6 -test9 Linux kernel 2.4.22 Linux kernel 2.6.11 -rc2 Linux kernel 2.6 -test8 + Devil-Linux Devil-Linux 1.0.4 Linux kernel 2.6.11 Linux kernel 2.6 -test7 + Devil-Linux Devil-Linux 1.0.5 Linux kernel 2.6.10 rc2 Linux kernel 2.6 -test6 + MandrakeSoft Linux Mandrake Linux kernel 2.6.10 Linux kernel 2.6 -test5 9.2 + RedHat Fedora Core2 Linux kernel 2.6 -test4 + MandrakeSoft Linux Mandrake + RedHat Fedora Core3 Linux kernel 2.6 -test3 9.2 amd64 + Ubuntu Ubuntu Linux 5.0 4 amd64 Linux kernel 2.6 -test2 + RedHat Fedora Core1 + Ubuntu Ubuntu Linux 5.0 4 i386 Linux kernel 2.6 -test11 + Slackware Linux 9.1 + Ubuntu Ubuntu Linux 5.0 4 powerpc Linux kernel 2.6 -test10 Linux kernel 2.6 -test1
- 7. Linux kernel 2.4.21 pre7 Linux kernel 2.4.19 Linux kernel 2.4.6 Linux kernel 2.4.21 pre4 Linux kernel 2.4.18 pre-8 Linux kernel 2.4.5 + MandrakeSoft Linux Mandrake 9.1 Linux kernel 2.4.18 pre-7 + Slackware Linux 8.0 + MandrakeSoft Linux Mandrake 9.1 ppc Linux kernel 2.4.18 pre-6 Linux kernel 2.4.4 Linux kernel 2.4.21 pre1 Linux kernel 2.4.18 pre-5 Linux kernel 2.4.3 Linux kernel 2.4.21 Linux kernel 2.4.18 pre-4 Linux kernel 2.4.2 + Conectiva Linux 9.0 Linux kernel 2.4.18 pre-3 Linux kernel 2.4.1 + MandrakeSoft Linux Mandrake 9.1 Linux kernel 2.4.18 pre-2 Linux kernel 2.4 .0-test9 + MandrakeSoft Linux Mandrake 9.1 ppc Linux kernel 2.4.18 pre-1 Linux kernel 2.4 .0-test8 + RedHat Desktop 3.0 Linux kernel 2.4.18 x86 Linux kernel 2.4 .0-test7 + RedHat Enterprise Linux AS 3 Linux kernel 2.4.18 Linux kernel 2.4 .0-test6 + RedHat Enterprise Linux ES 3 Linux kernel 2.4.17 Linux kernel 2.4 .0-test5 + RedHat Enterprise Linux WS 3 Linux kernel 2.4.16 Linux kernel 2.4 .0-test4 + S.u.S.E. Linux Enterprise Server 8 Linux kernel 2.4.15 Linux kernel 2.4 .0-test3 + S.u.S.E. Linux Personal 9.0 Linux kernel 2.4.14 Linux kernel 2.4 .0-test2 + S.u.S.E. Linux Personal 9.0 x86_64 Linux kernel 2.4.13 Linux kernel 2.4 .0-test12 Linux kernel 2.4.20 + Caldera OpenLinux Server 3.1.1 Linux kernel 2.4 .0-test11 + CRUX CRUX Linux 1.0 + Caldera OpenLinux Workstation 3.1.1 Linux kernel 2.4 .0-test10 + Gentoo Linux 1.2 Linux kernel 2.4.12 Linux kernel 2.4 .0-test1 + Gentoo Linux 1.4 + Conectiva Linux 7.0 Linux kernel 2.4 + RedHat Linux 9.0 i386 Linux kernel 2.4.11 + Slackware Linux 9.0 Linux kernel 2.4.10 + WOLK WOLK 4.4 s Linux kernel 2.4.9 Linux kernel 2.4.19 -pre6 Linux kernel 2.4.8 Linux kernel 2.4.19 -pre5 Linux kernel 2.4.7 Linux kernel 2.4.19 -pre4 + RedHat Linux 7.2 Linux kernel 2.4.19 -pre3 + S.u.S.E. Linux 7.1 Linux kernel 2.4.19 -pre2 + S.u.S.E. Linux 7.2 Linux kernel 2.4.19 -pre1 Referência: www.securityfocus.com/bid/13215
- 8. Sistemas Não Afetados .... OpenBSD Único sistema operacional testado que não é afetado até o momento
- 9. Últimas Descobertas ● Mac OS X Tiger ● NetBSD 2.0 ● FreeBSD 6.0 Beta ● Linux 2.6.13RC3 Descobertos durante o What the Hack!
- 10. Advisories
- 14. Pacote Ethernet * Tamanho [Bytes]
- 15. Pacote IP * Tamanho [ bits]
- 16. Pacote TCP * Tamanho [bits]
- 17. Three Way Handshake A B Conexão estabelecida
- 18. Encerramento de conexão A B Conexão encerrada
- 19. TCP Keep Alive A B Cenário anterior TCP Keep Alive concluído
- 20. O Ataque
- 21. O Ataque A B Detecta-se uma conexão TCP Z Enxurrada de pacotes TCP ACK
- 22. Undead Attack A B Cenário anterior Z Enxurrada de pacotes TCP ACK
- 24. Cenário I Denial of Service (DDoS) Zumbi Alvo
- 25. Cenário II Distributed Denial of Service (DDoS) Alvo Zumbi Zumbi Zumbi Zumbi Zumbi
- 26. Como defender? Pacote forjado é perfeitamente aceito pelo receptor!
- 27. Screenshots
- 28. Windows 98 – Second Edition
- 30. Windows XP – Service Pack 2
- 32. Microsoft “... At this point, we have completed our initial investigation of this issue and have determined that the most apropriate ship vehicle to fix this issue is a Service Pack for the affected suported plataforms. This decision was arrived at after weighing the seriousness of the vulnerability as well as the likelihood of exploitability. ...”
- 33. Referências TCP/IP Illustrated – W. Richard Stevens [Advisory] http://www.securityfocus.com/bid/13215 [Exploit] http://www.securityfocus.com/data/vulnerabilities/exploits/storm.c [What the Hack] http://wiki.whatthehack.org/index.php?title=Undead_Attack
- 34. Segurança é um processo e não um produto Bruce Schneier Criador do Blowfish
- 35. E-mails Diego Protta Casati diego-casati@inatel.br Leandro Spínola Rodrigues leandro-rodrigues@inatel.br