3. Network-Level Attacks
Session Hijacking:
Securing and optimization of Linux Server and Hacking Techniques
4. Network-Level Attacks(Cont…)
Packet Sniffing:
Packet sniffer is a piece of software that grabs all of the
traffic flowing
Dsniff –n –i 1
Securing and optimization of Linux Server and Hacking Techniques
5. Gathering and Parsing Packets
DNS Cache Poisoning
DNS ID Spoofing
DNS Hides Poisoning
Securing and optimization of Linux Server and Hacking Techniques
6. Gathering and Parsing Packets (Cont..)
The ARP Cache poisoning:
Securing and optimization of Linux Server and Hacking Techniques
7. Gathering and Parsing Packets (Cont..)
IP Address Spoofing Variations
Securing and optimization of Linux Server and Hacking Techniques
8. Denial of Service Attacks
TCP Connections
Securing and optimization of Linux Server and Hacking Techniques
9. Denial of Service Attacks (Cont…)
Abusing TCP: The Traditional SYN Flood
Securing and optimization of Linux Server and Hacking Techniques
10. Denial of Service Attacks (Cont…)
The Development of Bandwidth Attacks
Securing and optimization of Linux Server and Hacking Techniques
11. Denial of Service Attacks (Cont…)
DOS
Securing and optimization of Linux Server and Hacking Techniques
12. Denial of Service Attacks (Cont…)
DDOS
Securing and optimization of Linux Server and Hacking Techniques
13. Denial of Service Attacks (Cont…)
Distributed Reflection DOS
Securing and optimization of Linux Server and Hacking Techniques
14. Denial of Service Attacks (Cont…)
Packet path diffusion
Securing and optimization of Linux Server and Hacking Techniques
15. Denial of Service Attacks (Cont…)
Diffusing the path
Securing and optimization of Linux Server and Hacking Techniques
16. Web Application Attacks
Web Spoofing
SQL Injection: Manipulating Back-end
Databases
Cross-Site Scripting
Securing and optimization of Linux Server and Hacking Techniques
17. Operating System and Application-Level Attacks
Password Cracking With L0phtCrack
Buffer Overflows in Depth
Examples of remote root exploit through
buffer overflow
Root Kits
Securing and optimization of Linux Server and Hacking Techniques
18. Operating System and Application-Level Attacks
Buffer Overflows in Depth
Stuffing more data into a buffer than it can handle
Overwrites the return address of a function
Switches the execution flow to the hacker code
Securing and optimization of Linux Server and Hacking Techniques
19. Operating System and Application-Level Attacks
Process Memory Region
Securing and optimization of Linux Server and Hacking Techniques
20. Operating System and Application-Level Attacks
Examples of remote root exploit through buffer overflow
QPOP 3.0beta AUTH remote root stack overflow
BIND 8.2 - 8.2.2 remote root exploit
Securing and optimization of Linux Server and Hacking Techniques
21. Operating System and Application-Level Attacks
Root Kits
Rootkit name are combination from two words, “root
and “kit”
collection of tools that enable attacker to keep the
root power
Type of Rootkit
Application rootkit - established at the application
layer.
Kernel rootkit - establish more deep into kernel
layer.
Securing and optimization of Linux Server and Hacking Techniques
22. Operating System and Application-Level Attacks
Application Rootkit
Programs replace to hide attacker presence.
Examples ls,ps,top,du,find,ifconfig,lsof
Network Daemons with backdoor
Sniffer Program
Kernel Rootkit
Hiding processes.
Hiding files
Hiding the sniffer.
Hiding the File System
Securing and optimization of Linux Server and Hacking Techniques