2. some basic threats Virus: virus attempts to install it self on victim’s computer. Its main aim that these infected files will be transmitted to another system. Worm: working of worm is similar to the virus. But key diffrence is worm propogate it self without user involvement.
3. Contiunue.. Rootkit: it is a piece off software ,after installing it self on computer it opens up a port to allow hacker to communicate with it & take full control of system. Scanner: it interrogate machineon the internet to get information about system.
4. Advanced threats Ipspoofing Session hijacking Network sniffer Back orifice Botnet-attacks Anti forensic techniques
6. Dns What is dns ? Short for Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they're easier to remember. The Internet however, is really based on IP addresses, Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address.
10. Some basic fundamentals How TCP connects data flows across the Internet encapsulated within individual data packages ,to manage the uncertainity packet. Before packets of data can begin flowing from end-to-end over a TCP "connection" the endpoints must exchange their initial packet sequence numbers .
12. Continue… To begin establishing a connection, the Client chooses an Initial Sequence Number (Client ISN = CISN) for the packets, & sends its CISN in a packet . When the Server receives the "SYN" packet it knows that a new TCP connection is being requested. So it sets aside some of its RAM memory to hold the details of this new connection. The Client ISN (CISN) contained in the SYN packet is saved in this memory block along with the Client's "Source IP" address and "Source Port" number.
13. Continue… For the next step in TCP connection handshaking, our Server chooses its own Initial Sequence Number for the packets it will be sending. It sends this Server ISN (SI The third and final step in our 3-Way TCP connection handshake requires our Client to acknowledge the receipt of the Server's ISN.SN) back to the Client machine .
14. Ipspoofing a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. Many of the protocols in the TCP/IP suite do not provide mechanisms for authenticating the source or destination of a message. They are thus vulnerable to spoofing attacks when extra precautions are not taken by applications to verify the identity of the sending or receiving host. IP spoofing and ARP spoofing in particular may be used to leverage man-in-the-middle attacks against hosts on a computer network.
16. Ipspoofing.. small network of 3 peoples (Tony, Mark & Shane) sharing a single Internet Connection. All three computers are connected to a switch.
17. Continue.. Now, Shane wants to monitor the traffic of two of his other staff. to change his computer’s MAC address (11:22:3F:7E:F1:25) to the MAC Address of the Modem/Router (01:1B:22:FF:25:01).
18. Continue… Switch MAC Table is updated with Router’s MAC address for both Shane computer (10.1.1.3) and the Router (10.1.1.254). Now when Tony tries to connect to Internet, Switch receives the data packet and looks into its MAC Table. Then it forwards the data packet to both Router and Shane Computer.
19. Session hijacking What is session hijacking? Session Hijacking is the process of taking over a existing active session.reason for this is to bypass the authentication process and gain the access to the machine. Since the session is already active so there is no need of re-authenticating and the hacker can easily access the resources and sensitive information
20. Continue… Types of session hijacking (1)passive hacking (2)active hacking Active hijacking:n Active attack, hacker finds the active session and takes over it. This is done by forcing one of the parties offline which is usually achieved by DDOS attack (Distributed Denial of service attack). Now the hacker takes control over the active session and executes the commands on the system that either give him the seor allow him to login at later time.
21. Continue… Passive session hijacking:In Passive attack, the hacker Hijacks a session, but just sits back and watches and records all the traffic that is being sent from the computer or received by the computer. This is useful for finding the sensitive information like username passwords of websites,
23. Botnet attack What is bot? Internet bots, also known as web robots, WWW robots or simply bots, are software applications that run automated tasks over the Internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone.
24. How Botnets Work Elements of a botnet Botmaster A collection of compromised computers Controlled remotely by crackers. Command and control infrastructure. IRC remains the most popular botnet control method.
25. How Botnets Work Botmaster exploits the vulnerability on the victim. The victim downloads the actual bot binary. Bot contact the IRC server address in the executable, including resolving the DNS name. The bot joins an IRC channel. The botmaster sends out commands via IRC channel.
26. Botnet Detection IRC botnet IRC port, may be on non-standard port Monitor IRC payload for known command Behavioral characteristics Response Constant response time, fast join Long standing connection Bots are not talkative Machine learning techniques Using labeled data to build classifier. Track the botnet by honeypot Use honeypot to get infected
27. Control and Command Infrastructure IRC-based P2P botnet Servent bots Client bots Communicate via peer list. Only servent bots are in peer list Avoid single point of failure.
28. Denial of Service Attacks Denial of Service Attack:an attack on a computer or network that prevents legitimate use of its resources.[1] DoS Attacks Affect: Software Systems Network Routers/Equipment/Servers Servers and End-User PCs
30. Distributed Denial of Service Attacks As Defined by the World Wide Web Security FAQ:A Distributed Denial of Service (DDoS) attack uses many computers to launch a coordinated DoS attack against one or more targets. Using client/server technology. Typically a DDoS master program is installed on one computer using a stolen account.
31. procedure The master program, at a designated time, then communicates to any number of "agent" programs, installed on computers anywhere on the internet. The agents, when they receive the command, initiate the attack. Using client/server technology, the master program can initiate hundreds or even thousands of agent programs within seconds