Slide 1 of 172 Internet Attacks: The Gory Details Bill Cheswick [email protected].

of 172

Internet Attacks: The Gory Details

Bill [email protected]

Internet Attacks – The Gory Details slide 2 of 172


The Internet

• Ad hoc collection of TCP/IP interconnections

• No real central authority

• No central knowledge of connections– maybe flows, but not yet

• No per-packet billing, in most places

• Core equipment too busy to help law enforcement

• Large perimeters are impossible to control


Remote Attacks, and anonymity, are easy

• Attacks can be laundered through many hosts around the world

• brief attacks are hard to track down

• the average defender is clueless


Traceback can be very hard

• clueless ISPs

• ignorant law enforcement

• treaties with foreign countries

• may not be against the local law

• attacker may cease attack before traceback is completed


“Monoculture”

• Small set of target types and versions– Microsoft OS and applications– Apache– Samba– DNS– Cisco IOS

• Like planting Kansas with a single strain of wheat, or vineyards with a single root stock


Attacking scripts are published and shared

• Loners develop attack software for the rest of us

• Hacking FAQs are common

• Software tools are easily available– look up “rootkit”

• “Script kiddies” are a major source of current Internet attacks


Unsafe Services

• Useful

• Poorly written

• Poor auditing

• Found in most hosts

• Safer services and protocols are rare

• Vendors sell flawed software

• Users don’t fix holes

• Host-based security is usually broken

• Security requires discipline: not found in market leaders– And often not found

in open source software either


Unsafe ServicesSome Typical Errors

• Unchecked user input submitted to the shell or Perl– wildcard and

escape characters take over the process

– CGI scripts

• Secret options, commands, or back doors– DEBUG and others

in sendmail

• Input string length is not checked– string buffer overrun

corrupts stack• strcpy, gets,

sprintf– caller supplies

assembly code, and jumps to it

– finger (Morris worm)

– early Netscape– statd (latest)


Unsafe Services: Privileged programs are much too large

• Sendmail is tens of thousands of lines of complex code, running as root.

• Netscape browser/communicator is huge

• Operating systems are huge– Windows– Unix– Features are never retired, only added

• A short, simple program is hard to get right


Unsafe Protocols

• Passwords transmitted in the clear– Challenge/response is better, though

subject to dictionary attacks– EKE can hide this– Machine generated passwords are better,

but require devices or printouts

• Address-based authentication– Can be OK in controlled environments– DNS and routing attacks can fool these


Weakest Link Compromisesmany targets

• Vulnerabilities are common in network services

• One break-in compromises– the rest of the

host– the host’s net

(via sniffers)– trusting hosts

• “non-vital” targets may be vital


How Do They Find Dangerous Ports?

• Port scanners

• Easy to write

• Half-open (SYN-only) scanners often don’t show up in logs

• Harder to scan for UDP services, but not by much

• “Firewalking” can scan through a firewall– Uses packets that a firewall often admits,

such as ICMP or TCP SYN/ACK

of 172

Attacks

Stack Smashing


Programs don’t check their input

• Routines like gets, strcpy, and sprintf, which are inherently dangerous

• If input length is too long, it can overwrite memory in C, overwriting variables and subroutine return addresses.

• Every piece of external data must be checked before it is used.

• It doesn’t hurt to check internal stuff, too– assert.h– CPU time is cheap


Variables

A Stack: before a procedure call


Return addr

String buffer

Local vars.

Local vars

Otherstuff

A Stack: while a procedure is running

Where to go after theprocedure is finished


Return addr

String buffer

Local vars.

Local vars

Otherstuff


Input line goes in here


Return addr

String buffer

Local vars.

Local vars

Otherstuff

“Stack smashing” attack

New return address, pointsto...


Return addr

String buffer

Local vars.

Local vars

Otherstuff

“Stack smashing” attack

…new code loaded insome space on the stack

The code runs with theprivileges of the attackedprogram, usually root


Some former victims of stack-smashing attacks

• Fingerd (Morris worm)

• sendmail

• syslogd

• rstatd

• early Netscape browsers

• file names in attachments to mail

• sshd

• IIS web server

of 172

AttacksPortable Programs


Dangerous services:portable programs

• JAVA

• ActiveX^H^H^H^H^H^H^HCOMX^H^H^H^HSOAP

• Viruses:– PC– Word– Excel


Where do Programs Run?

Kernel

Program


Where do Programs Run?

Kernel

Program

This model is wrong!


Applets run in an incompletely-defined environment

Kernel

Program


Java’s “sandbox”

• Is incompletely defined

• Can be different for each vendor

• Often optimized for speed, not security

• Allows “native methods”, which can break the security model

• ActiveX– like Java, but no

sandbox at all

of 172

AttacksSniffing attacks (“eavesdropping”)


Host withTCP Services

Client Server

Attacker


Ethernet and Passwords

• Was never secure from eavesdropping

• “Sniffing” tools are common– grab host name,

user name, and password

– check any hacker collection

• Credit card numbers are easy

• Over 1,000,000 captured in 1994

• It doesn’t matter how good your password is if it can be sniffed!

• Still in wide use - even for root!


Wireless passwords

of 172

AttacksIP Spoofing a trusted host


IP Spoofing

• Defeats address-based authentication– i.e. rlogin, rsh, tcp wrappers

• Common tools available to the hackers– they don’t have to be TCP/IP experts

• This was used to crack Tsutomu Shimomura’s machines in “Takedown.”

• Robert Morris Jr. wrote a paper on this in 1984

• Steve Bellovin republished it in 1989

• First known use in 1994


Normal TCP connection,initial SYN packet

Client ServerSYN,SEQ0


Response to Open, connection is “half open”


SYN,ACK,SEQ0+1,SEQ0


Client completes handshake, TCP connection is now open


SYN,ACK,SEQ0+1,SEQ0

ACK,SEQ0+1,SEQ0+1


IP Spoof of a Trusted Client Determine Likely SEQ0

Client Server

Attacker


IP Spoof of a Trusted ClientSuppress the Trusted Client

Client Server

Attacker

killer packetor SYN attack


IP Spoof of a Trusted ClientSuppress the Trusted Client

Client Server

Attacker


Attacker opens connection “from” trusted client

Client Server

Attacker

SYN,SEQ0


Open seems to come fromtrusted client

Client Server

Attacker

SYN,SEQ0


IP Spoof of a Trusted ClientServer responds to dead client

Client Server

Attacker

SYN,ACK,SEQ0+1,SEQ0


IP Spoof of a Trusted ClientSpoof final open message

Client Server

Attacker

ACK,SEQ0+1,SEQ0+1


IP Spoof of a Trusted Client“Open” is complete

Client Server

Attacker


IP Spoof of a Trusted ClientOpen Server to outside access

Client Server

Attacker

“evil trusted command”


Preventing IP spoofing

• Spoofing can be stopped at the perimeter– “No internal addresses accepted from the

outside”– Helps to have a coherent address space

• A firewall can prevent access also

• Address-based authentication is a BAD IDEA.

of 172

AttacksTCP hijacking


Attacker is watching an existing connection, perhaps through the strong authentication stage

Client Server

Attacker


Kill the client connection...

Client Server

Attacker

killer packet


…and continue the connection

Client Server

Attacker


TCP hijacking

• Takes over an existing, authenticated connection

• Needs access to the packet flow

• Common tools are available to the hackers now

• Cryptographic signatures of packets can defeat this

of 172

AttacksDenial of Service



Client Server

Attacker


Denial-of-service Attacks

• In your face - not subtle like traditional hacking attacks

• Random packets are very hard to trace

• Can go on for weeks

• Attackers can exploit poor local software or...

• Simply flood the site’s network with incoming packets

• These attacks are always possible on a public service

of 172

AttacksDenial of Service: SYN

packet attacks


Normal TCP open


SYN,ACK,SEQ0+1,SEQ0

ACK,SEQ0+1,SEQ0+1


Normal TCP open

Clienthalf-open

<300ms


SYN Attacks

• First seen at Panix.com in fall 1996

• Half-open processing was implemented poorly– Quadratic behavior– Wasn’t much call for

improving it

• We’ve been expecting it– The only thing we left

out of our firewalls book– Removed at the last

minute• We knew of no good

solution• We are sorry we left

it out

• A new one appeared in fall 1997– SYN with same

source and destination address kills some TCP/IP implementation

• There will be more attacks on TCP/IP implementations– lots of code

involved– hard to test code in

a kernel

of 172

AttacksDenial of Service

Ping flood (smurf)


Identify ping generatornetworks

target

G

GG

GG

G


Trigger packets withspoofed return address

target

packetcannon

G

GG

GG

G


Generators flood the targetwith packets

target

packetcannon

G

GG

GG

G


Traceback

• The target cannot tell where the trigger is coming from

• Attacking hosts may not know that they are being used

• Broadcast storms can generate more load

of 172

AttacksDNS, routing, and

infrastructure attacks


Routing attacksPacket Diversion and man-in-the-middle attacks

Client Server

Attacker



Client Server

Attacker

(router)


DNS attacks

• Include an extra “glue” record on a DNS query– short cache time-out hides the evidence– newest bind program checks for this– “DNS cache poisoning”

• Capture DNS server and return incorrect result

• DNSSEC can fix this– going through final comments now


Infrastructure attacks

• Our tools are still weak– authenticated SBGP4 is coming, maybe

• Keep up with the latest name server

• Move to secure router implementations, when available

• Question: what will you do if the entire Internet is down for a week?

of 172

AttacksSocial Engineering

(a.k.a. spying)


Social Engineering (cont.)

Click here to infect your computer.


Another problem with strange programs


Social Engineering

``Hello, this is Dennis Ritchie calling.I’m in Israel now and I have forgottenmy password.’’

``Hello, <admin-name>, I’ve juststarted work here. <Boss-name>said I should have an account on<target-host>‘‘

of 172

AttacksUnsafe services



Client Server

Attacker


ftp stream tcp nowait root /v/gate/ftpdtelnet stream tcp nowait root /usr/etc/telnetdshell stream tcp nowait root /usr/etc/rshdlogin stream tcp nowait root /usr/etc/rlogind exec stream tcp nowait root /usr/etc/rexecd finger stream tcp nowait guest /usr/etc/fingerd bootp dgram udp wait root /usr/etc/bootp tftp dgram udp wait guest /usr/etc/tftpd ntalk dgram udp wait root /usr/etc/talkd tcpmux stream tcp nowait root internalecho stream tcp nowait root internaldiscard stream tcp nowait root internalchargen stream tcp nowait root internaldaytime stream tcp nowait root internaltime stream tcp nowait root internalecho dgram udp wait root internaldiscard dgram udp wait root internalchargen dgram udp wait root internaldaytime dgram udp wait root internaltime dgram udp wait root internalsgi-dgl stream tcp nowait root/rcv dglduucp stream tcp nowait root /usr/lib/uucp/uucpd

Default servicesSGI workstation


More default services

mountd/1 stream rpc/tcp wait/lc root rpc.mountdmountd/1 dgram rpc/udp wait/lc root rpc.mountdsgi_mountd/1 stream rpc/tcp wait/lc root rpc.mountdsgi_mountd/1 dgram rpc/udp wait/lc root rpc.mountdrstatd/1-3 dgram rpc/udp wait root rpc.rstatd walld/1 dgram rpc/udp wait root rpc.rwalld rusersd/1 dgram rpc/udp wait root rpc.rusersd rquotad/1 dgram rpc/udp wait root rpc.rquotad sprayd/1 dgram rpc/udp wait root rpc.sprayd bootparam/1 dgram rpc/udp wait root rpc.bootparamdsgi_videod/1 stream rpc/tcp wait root ?videod sgi_fam/1 stream rpc/tcp wait root ?fam sgi_snoopd/1 stream rpc/tcp wait root ?rpc.snoopd sgi_pcsd/1 dgram rpc/udp wait root ?cvpcsd sgi_pod/1 stream rpc/tcp wait root ?podd tcpmux/sgi_scanner stream tcp nowait root ?scan/net/scannerdtcpmux/sgi_printer stream tcp nowait root ?print/printerd 9fs stream tcp nowait root /v/bin/u9fs u9fswebproxy stream tcp nowait root /usr/local/etc/webserv


Some Dangerous Services

• Telnet

• FTP

• NFS

• RPC

• “secure” RPC

• rlogin/rsh/rcp

• X11

• DNS

• (web servers)


Why are they insecure?telnet

• Eavesdropping attacks sniff passwords– >1,000,000 sniffed in 1994 from hacked

ISPs

• TCP hijacking takes over authenticated connections: strong passwords aren’t enough

• Insecure accounts are subject to probes and use

• Corruption of client host compromises the session


Why are they insecure?FTP

• Same as telnet, plus

• history of bugs in servers

• setup errors for anonymous FTP–get permissions wrong–distribute the real password file

to the masses–“why”


Why are they insecure?NFS

• Root file handle can be sniffed

• Relies on RPC software


Why are they insecure?RPC and secure RPC

• RPC–address-based– local relay

feature can obscure address information from the server

• Secure RPC–cryptographic

ally weak


Why are they insecure?Rlogin, rsh, rcp

• rlogin, rsh, rcp–can be hijacked–can be spoofed

•use addressed-based authentication

– .rhosts and /etc/hosts.equiv leak trusted host information

– .rhosts: users should not be making security policy


Why are they insecure?X11

• Clear text leaks secrets

• Cookie authentication is in the clear

• Advanced authentication not widely available

• xhost configuration errors

• Historically, bugs in xdm


Why are they insecure?DNS - domain name system

• Bind runs as root–it is big, and not well

understood–runs on vital hosts

• Cache poisoning: cache wrong answers–attack address-based auth–spoof servers


DNS lookupA asks D for B’s IP address

Client

Server

Attacker

B -> 1.2.3.4

B: 1.2.3.4

A

cache

D

B?


DNS lookup: D asks B (or someone who knows about B)

Client

Server

Attacker

B -> 1.2.3.4

B: 1.2.3.4

A

cache

D

B?


DNS lookup: B answers, D caches the answer, and tells A

Client

Server

Attacker

B -> 1.2.3.4

B: 1.2.3.4

A

cache

D

B -> 1.2.3.4

B -> 1.2.3.4


DNS lookupA uses the answer

Client

Server

Attacker

B -> 1.2.3.4

B: 1.2.3.4

A

cache

D

B -> 1.2.3.4

X: 5.6.7.8


DNS lookup: D remembers the answer for a given period

Client

Server

Attacker

B -> 1.2.3.4

B: 1.2.3.4

A

cache

D

B -> 1.2.3.4

X: 5.6.7.8


DNS cache poisoning attack:Attacker C arranges for D to ask him a question

Client

Server

Attacker

B -> 1.2.3.4

B: 1.2.3.4

A

cache

D

X?

X: 5.6.7.8


DNS cache poisoning attack: The attacker gives an answer, plus…

Client

Server

Attacker

B -> 1.2.3.4

B: 1.2.3.4

A

cache

D

B -> 5.6.7.8

X -> 5.6.7.8

X: 5.6.7.8


DNS cache poisoning attack:A gets his answer, and uses it

Client

Server

Attacker

B -> 1.2.3.4

B: 1.2.3.4

A

cache

D

B -> 5.6.7.8

X -> 5.6.7.8

X -> 5.6.7.8 X: 5.6.7.8


DNS cache poisoning attack:The cache has an extra answer

Client

Server

Attacker

B -> 1.2.3.4

B: 1.2.3.4

A

cache

D

B -> 5.6.7.8

X -> 5.6.7.8

X: 5.6.7.8


DNS cache poisoning attack:Now A asks for B’s address

Client

Server

Attacker

B -> 1.2.3.4

B: 1.2.3.4

A

cache

D

B -> 5.6.7.8

X -> 5.6.7.8

X: 5.6.7.8

B?


DNS cache poisoning attack: D “knows” the answer already, and returns it

Client

Server

Attacker

B -> 1.2.3.4

B: 1.2.3.4

A

cache

D

B -> 5.6.7.8

X -> 5.6.7.8

X: 5.6.7.8B -> 5.6.7.8


DNS cache poisoning attack: A uses the answer

Client

Server

Attacker

B -> 1.2.3.4

B: 1.2.3.4

A

cache

D

B -> 5.6.7.8

X -> 5.6.7.8

X: 5.6.7.8B -> 5.6.7.8


DNS cache poisoning

• Gives the wrong answer on inverse lookups, foiling rsh, rlogin

• If you connect to the wrong site they can– spoof a login, and capture passwords– spoof a web page, and give wrong

answers– set themselves up for man-in-the-middle

attacks, relaying info to the real server


DNS cache poisoning

• Older versions of bind fall for this

• You can even send an answer without a query, to some implementations!

• DNS responses can be spoofed to– what if the query gets two answers: use

the first?!

• DNSSEC fixes this


Why are they insecure?Web servers

• Complex, and buggy–stack

smashing attacks, etc

• CGI scripts :it is always dangerous to add programs

• Numerous configuration options–Apache

security relies on good configuration

• Needs access to internal databases


Unsafe services: SMB

• Protocol uses weak authentication

• samba is big: I prefer using chroot


Unsafe services: Microsoft authentication over PPTP

• Weak authentication

• Probably weak encryption implementation– see Bruce Schneier’s paper in ACM CCS-5


Other services

• POP3 and IMAP

• IRC - no!

• Realaudio– UDP is dangerous, TCP ok

• Mbone– hard to gate– some UDP implementations respond to

multicast packets

of 172

Exponential attacks


Viruses

• PC viruses– there are tens of thousands of them,

including variants– defense is best made at the host, with a

virus checker• update the database often

• Unix viruses– Tom duff made one– Shell viruses are easy– Unix viruses are rare!


Viruses

• Firewalls can filter them– It seems like the right place– It requires a lot of work, and they can be

hidden

• Macro viruses are the most alarming

• They have access to the entire PC, with a little work


The Morris Worm

• November 2, 1988

• Spread using– fingerd (stack smashing)– sendmail (DEBUG back door)– password guessing

• Poorly controlled exponential growth

• A team of experts fought it quickly

of 172

AttacksUnsafe programs


find / -perm -4000 -user root -print | wc -l

Root: the gateway to privilege


AIX 4.2 & 242 & a staggering number \\BSD/OS 3.0 & 78\\FreeBSD 4.3 & 42 & someone's guard machine\\FreeBSD 4.3 & 47 & 2 appear to be third-party\\FreeBSD 4.5 & 43 & see text for closer analysis \\HPUX A.09.07 & 227 & about half may be special for this host \\Linux (Mandrake 8.1) & 39 & 3 appear to be third-party \\Linux (Red Hat 2.4.2-2) & 39 & 2 third-party programs \\Linux (Red Hat 2.4.7-10) & 31 & 2 third-party programs\\Linux (Red Hat 5.0) & 59\\Linux (Red Hat 6.0) & 38 & 2--4 third-party \\Linux 2.0.36 & 26 & approved distribution for one university \\Linux 2.2.16-3 & 47 \\Linux 7.2 & 42\\NCR Intel 4.0v3.0 & 113 & 34 may be special to this host \\NetBSD 1.6 & 35 \\SGI Irix 5.3 & 83 \\SGI Irix 5.3 & 102 \\Sinux 5.42c1002 & 60 & 2 third-party programs\\ Sun Solaris 5.4 & 52 & 6 third-party programs\\Sun Solaris 5.6 & 74 & 11 third-party programs\\Sun Solaris 5.8 & 70 & 6 third-party programs\\Sun Solaris 5.8 & 82 & 6 third-party programs\\Tru64 4.0r878 & 72 & \\

Setuid-root


Insecure clients

• This is not the same as TCP hijacking

• encryption on the link won’t fix this

• any persistent connection is vulnerable– rlogin, ftp, ssh

• Tsutomu left an rlogin session running when he went skiing

• YOU HAVE TO BE ABLE TO TRUST YOUR CLIENT– laptop PCs vs. terminal rooms


Insecure clients:attacker takes over client host

Client Server

Attacker


Insecure clients:attacker takes over client host…

Client Server

Attacker


…installs the TAP kernel load module…

Client Server

Attacker

TAP


…user makes authenticated connection to server…

Client Server

Attacker

TAP


hacker takes over terminal connection with “TAP”

Client Server

Attacker

TAP


We’ve been losing ground for decades

• Bad guys are figuring out attacks that we have been waiting for over the years– Very few surprises

• Defense has not improved much– Ssh– IPsec– Better Linux and Unix systems

of 172

How Do We Fix All This?

of 172


Hide behind a perimeter defense?

FirewallsPerimeter defenses


Firewalls: Not a panacea

• Backdoors usually diminish the effectiveness

• Commercial firewalls are probably OK

• May give community a false sense of security

• The firewall is often the only secure part of a configuration– People go

around them– People go

through the bad ones

– No protection from insiders

of 172

Anything large enough to be called

an “intranet” is probably out of control


This wasSupposedTo be aVPN


Some intranet statisticsfrom Lumeta clients

Intranet sizes (devices) 7,900 365,000Corporate address space 81,000 745,000,000Address space usage efficiency% devices in unknown address space 0.01% 20.86%

% routers responding to "public" 0.14% 75.50%% routers responding to other 0.00% 52.00%

Outbound host leaks on network 0 176,000% devices with outbound ICMP leaks 0% 79%% devices with outbound UDP leaks 0% 82%

Inbound UDP host leaks 0 5,800% devices with inbound ICMP leaks 0% 11%% devices with inbound UDP leaks 0% 12%

% hosts running Windows 36% 84%


You don’t know to whom you are connected

• Modems are cheap and easy to hook up.– Sun’s “fax”

machines

• Home commuting networks may link to spouse’s company, or the Internet.– even routing

worked!

• Remote managers can make extranet connections that aren’t authorized.– these

connections can be very hard to find

– but the security threat is still there


You don’t know how many hosts you have

• Most control is at the network level, not the host level.

• Name server entries are optional.

• Nobody keeps the reverse name service information up-to-date.

• Mapping takes work, and doesn’t catch hosts that are down

• Some network links are ephemeral.


Lucent’s intranetc. 1997

Allentown

MurrayHill

ColumbusHolmdel

SLIPPPPISDNX.25cable

...

Lucent - 130,000, 266K IP addresses, 3000 nets ann.

MurrayHill

The Internet

~200 business partnersthousands of

telecommuters

of 172

None of this protects us from an insider threat, so…

of 172


Life without a firewall

“skinny dipping”


Secure computing needs…

• Safe clients

• Secure communication

• Safe servers

• Strong, 2-factor authentication– Something you have and something you

know– Emergency 1-factor authentication,

something you know, used extremely rarely


Safe clients and servers need:

• A trustable Trusted Computing Base

• Simple, well-specified and debugged kernel– Check out the semantics of setuid in Unix

flavors (Setuid Demystified. Chen, Wagner, and Dean; Usenix Security 2002)

– MAC controls: more permissions, use of file system permissions, and programs that know how to use them• “root” is bad; see Multics!)

– Better, more routing sandboxing• Make chroot much better, and easier


Free, new servers by Don Knuth?

• He’s busy with Volume 4

• Literate programming of key servers might be the way to go

• Other languages might be better: C and C++ still have buffer overflow problems– Modula 3?– Java?


We need better suspenders

• We should never trust the application writers to get it right, though they should try hard

• Jails/chroot/sandboxes need to be easy and common-place– More restrictive jails should be possible– Unprivileged user should be able to set

these up, even if he is already in a jail• The /etc/passwd problem

– Static builds should be easier– Careful documentation of what a program

needs to access.


Improve chroot

• Already some new work in this area: FreeBSD jail

• Goal: routine jailing of everything that processes external input– Netscape client routinely jailed– mail readers– SpamAssassin– Openssl (!)

• See Plan 9 for some good ideas– Network access through the file system?!


Related chroot wishes

• Easier builds of static binaries: dynamic libraries make the TCB tougher to build

• Chroot options to all the useful network services: they should jail themselves!– Apache (Ben Laurie is considering this)– Samba– Ntp– DNS (done)


Microsoft desperately needs to do this

• I am convinced that they actually are trying to get better

• They have a long way to go

• I wonder if they can wedge good sandboxing into their OS


Simpler Software

• One of the underlying problems with Microsoft applications is creeping featurism– For most uses, is Word much better than

WordStar or any of the other early word processors?

– Is this version of PowerPoint that much better than the first ones (bugs aside)?


Simpler Software in Unix

• Skim through the Unix V7 man pages (http://plan9.bell-labs.com)

• How many options does cat(1) need?

• How many setuid-to-root programs does your system have?


New file system switch

• Revisit the DOOFUS wars of the mid 80s

• Check Plan 9 for possible uses

• Kernel file system switch that has userland file system computation– Must be robust…hung inodes, etc.– Does not involve the network, as NFS

does

• Reimplement SFS, Samba client, etc.,

of 172

Communications


Communication encryption options

• Ssh

• IPsec

• SSL


Communications solutions: ssh

• Source code is available

• Widely examined

• But: 2 protocol flaws found so far

• stack smashing scare

• Tunneling is valuable

• IPsec has better crypto, maybe


IPsec

• Protocol well-vetted by expert community

• We have the CPUs, I want everyone to use it, for all communications

• Needs simpler setup– Microsoft requires certificates, no?– Secret key pairs are fine for small setups

• Key exchange daemons worry me– They gotta run as root, no?– They can use complicated crypto libraries,

and are exposed network services


SSL

• Well-documented and ver. 3 is probably ok

• Implemented by openssl…

• …which uses X.509…

• …which uses ASN.1…

• …which is complicated, a monoculture, and has had several bugs exposed

• Can you jail the SSL parts of your web server? (I have: sslwrap + chroot)

of 172

Authentication


Security doesn’t need to be inconvenient

• Modern hotel room keys

• Modern car keys


Some solutions:Hardware tokens

Digital PathwaysSNK-004

• SecureID– time-based

• S/Key– software or printout

solution

• Many others– usually proprietary

server software– New USB dongles

are just the ticket!


One-time Passwords

RISC/os (inet)

Authentication Server.

Id? chesEnter response code for 70202: 04432234

Destination? cetus$


How does it work? Server and client share a secret key

Client Server

Secret keySecret key


How does it work? Server generates a unique challenge

Client Server


challenge70202


How does it work? The client encrypts the challenge with key…

Client Server


70202


How does it work?…and returns the result

Client Server


70202

04432234


How does it work?The server checks the result

Client Server


70202

04432234

04432234


One-time passwords

• The client proves he has the key, without revealing it

• With hardware, he may not even know the key

• the keys are computer-generated– no weak passwords

• If the challenges don’t repeat, an eavesdropper can’t predict the answer, unless the encryption (DES) is broken


One-time passwords

• The key can be generated from a password but the challenge/response pair is subject to a dictionary attack

• This extra work for the user is worth the effort:– very strong authentication– spies use this– needs about a page of C code– can be implemented in a remote

authentication server


Human-computed one-time password: a research project

challenge: 00193 Wed Sep 11 11:22:09 2002response: ab0dh1kd0jkfj1kye./


Not Gory Enough For You?

• Bugtraq mailing list

• Firewalls and Internet Security

• Chapman and Zwicky

• Keyword search in search engines for hacking tools– “rootkit”


Questions

• http://research.lumeta.com/ches/

• [email protected]

• Yes, I’d love to sign your book

Slide 1 of 172 Internet Attacks: The Gory Details Bill Cheswick [email protected].

Documents

Transcript of Slide 1 of 172 Internet Attacks: The Gory Details Bill Cheswick [email protected].