Attacks Flashcards
Hash Length Extension Attacks
§ Attacker needs to guess length of secret
- Initial hash h is result of concatenation of k||pad,
where pad depends on length of k||m
- For successful attack, receiver’s state right before start of attacker’s message must match with output of valid hash
m’ = m || ( pad |k| + |m| ) || m_attacker
- For crafted message m’, receiver calculates hash on
k || m’ || ( |k| + |m’| ) = k || m || ( pad |k| + |m| ) || m_attacker || ( |k| + |m’| )
Offline attacks against WPA2
§ PTK is computed from both nonces, MAC addresses, and the Pre Shared Key
- only PSK is unknown to the attacker
§ MIC is computed using message and KCK
- Message 4 is really just an empty message + MIC
§ Given a captured handshake, PSK can be bruteforced - choose some key for the PSK
- compute Pairwise Transient Key for that PSK
- extract KCK, calculate MIC on message 4
• in case of a match, PSK was found
BGP Hijacking
§ Hijack: Malicious and false BGP advertisements
- Announce any prefix to be routed via attacker
- Attacker AS can entirely “steal” address space from other ASes
Countering BGP Hijacking
§ Route filtering
- Route adv. are checked against access control lists
- Policies that an address space has to be routed via X
- Internet Routing Registries maintain “ownership”
§ S-BGP (Secure BGP)
- Add authentication and authorization capabilities
- Public Key Infrastructure to authorize prefix ownership
- Prevent route advertisements from modifications
- Routing advertisements are encrypted
- Has been around since 2000, rarely used in practice
IP Spoofing for UDP: NTP Spoofing
If faster then server the attacker can say it’ the NTP src and gives a wrong time
Denial of Service (DoS) attacks
§ Attempt to disrupt a host, service or network
§ Crash a target, or exhaust its resources
- computational (CPU)
- memory (RAM)
- bandwidth
Distributed Denial of Service
§ DDoS: DoS with multiple attack sources
- Attacker may control a botnet (network of malware-infected
systems) to launch DDoS attacks - Volunteers may synchronize to perform DDoS attack
- DDoS effect: more attack resources than a single source
ICMP/UDP Floods
§ Floods exhaust the target bandwidth (BW)
- Repeatedly send requests to target at high frequency
- Successful if BW_attacker»_space; BW_target
§ UDP Flooding similar by making protocol-specific requests
TCP: SYN Flooding
§ SYN floods target the TCP stack
- SYN segment opens a TCP connection half-way
- Exhaust memory by initiating 1000s of connections
- Server has to keep state for such connections
• Server remembers the sequence/acknowledge numbers
§ SYN cookies solve this challenge
- General idea: Encode source information in SEQ number of SYN/ACK packet and let the client confirm
- Server sends SYN/ACK and then “forgets” connection
- Only when server receives ACK with valid ACK number (cookie), it will reserve resources for TCP connection
Reflective Denial of Service Attacks
§ Send IP-spoofed request to reflector
- Set source IP address to victim’s IP
- Reflectors serve connectionless protocol (ICMP, UDP, …) - Answer will be reflected to victim, instead of attacker
- Attack source remains hidden; appears distributed
Amplification Attacks
§ Reflectors may allow for amplifying responses
- Response may be significantly larger than request
- Response may have multiple packets (instead of one)
- 14+ UDP-based protocols have amplification vectors (DNS, NTP, SSDP, NetBios, …)
DNS Cache Poisoning
§ Attack goal: inject attacker-specified RRs to cache
- Once the cache is poisoned, attacker can control the traffic to the
domains of all clients using that resolver § Several “interesting” attacks
- Redirect clients to malicious (e.g., phishing) web sites - Direct mail to mail server under attacker control
- Disable domains entirely (censorship!)
IP Spoofing by in-band attacker
- answers faster & pretends src.
- gives diffrent IP for some website & extends TTL
Response Spoofing
Basic idea: attacker guesses when the resolver queries a domain and aims to send fake response
§ Attacker needs to build correct response
- domain name in response must be case-sensitive match to request - source IP has to be queried authoritative NS
- destination port has to match
- message ID has to match
§ Defense: increase entropy of iterative requests - randomize source port
- use 0x20 encoding (upper and lower case letter)
Out-of-bailiwick responses
Basic idea: inject glue records for non-related domain and hope they get cached.
-> do not trust glue records from different domains
