1、Copyright SUPINFO.All rights reservedNetwork AttacksCourse objectivesLearn how to use network weaknessesLearn about some interesting network hacksKnow how to protect your networkBy completing this course,you will:Physical AccessCourse topicsIntroductionDoS&DDoSSniffingMiTMWi-Fi HackingCountermeasure
2、sThese are the parts that we will approach:Physical AccessIntroductionNetwork AttacksMost Common CaseIntroductionUsually,its really difficult to grant a physical access to targets.But almost every society is connected to the internet or to a private network.More discreet than physical access But nee
3、d more IT skills.A large subjectIntroductionYou can do a lot of different things on a network.Logically,its the same for EH.Direct Attacks(DOS,DDOS)Infiltration(Man in the middle,Mac spoofing)Intrusion(Wi-Fi or VPN hacking)Spying(sniffing)Etc DoS&DDoSNetwork AttacksDefinitionDoS(Denial of Service)-i
4、s an attempt to make a computer resource unavailable to its intended users.DoS&DDoSDoSDoS&DDoSCan be directed at any network device:Routing devicesServersElectronic mailDNSWebSeveral ways to do itDoS&DDoSConsumption of computational resourcesDisruption of configuration informationEx:Routing informat
5、ionDisruption of state informationEx:TCP Reset floodingDisruption of physical network componentsObstructing the communication mediabetween the intended users and the targetDefinitionDDoS(Distributed Denial of Service)-multiple systems flood the bandwidth or resources of a targeted systemDoS&DDoSDDoS
6、 Two WaysDoS&DDoSCompromised systems(botnets)MalwareTrojanHacktivismEx:2023 Olympic Torch RelayChinese DDoS attack to CNN websiteExemple Syn FloodDoS&DDoSRequest a connectionTCP SYNBut dont respondno TCP ACKCreate an overchargeTarget cant respond to legitimate connection requestLabsPractice:SYN Floo
7、d example DoS&DDoSSniffingNetwork AttacksDefinitionSniffer-a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network.SniffingSniffersSniffingPrimarily,used for administration reasons:Network problems analyzingNetwork int
8、rusion detectionNetwork usage monitoringDebuggingNetwork statisticsEtc But has usual,really useful for hacking Many Kind of informationSniffingSniffing is used to get:Lot of information on networks isnt encryptedPasswordsTelnetPOPFTPCommunicationsMailsIMVoIPActivitiesDefinitionPromiscuous mode-confi
9、guration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it.SniffingHow?SniffingOne computerFrom OSI layer 2 to layer 7Specialized hardwareOr softwareTcpdumpSnoopWireshark.WiresharkSniffing free and open-source Or
10、iginally named Etherealrenamed in May 2023 the project due to trademark issuesCross-platformLinux,OS X,Solaris,BSD and WindowsThanks to GTK+and pcapTsharkTerminal based interfaceGNU General Public LicenceWiresharkSniffingLabsPractice:how to sniff with Wireshark?SniffingMiTMNetwork AttacksDefinitionM
11、an in The Middle Attack-type of attack where attackers intrude into an existing connection to intercept the exchanged data and inject false information.MiTMHow?MiTMIntercept all messages going between the two victims Inject new onesMaking the illusion of a normal private connectionHave to impersonat
12、e each endpoint to the satisfaction of the otherARP SpoofingMiTMEasiest technique:ARP link IP to Hardware(Mac)AddressesSo we just have to modify the ARP TableReplace target MAC by oursCan only be used on networks that actually make use of ARP and not another method of address resolutionEttercapMiTM
13、free and open source network security tool:Cross-platformLinux,OS X,Solaris,BSD and WindowsThanks to GTK+and pcapNumber 11 in the Top 100 Network Security Toolsby insecure.org in 2023GNU General Public LicenceLabsPractice:Ettercap usage exampleMiTMWi-Fi HackingNetwork AttacksWi-FI EverywhereWi-Fi Ha
14、ckingToday,a lot of stuffs integrates a Wi-Fi NICSmartphonesComputersIpodsWatchesAnd we found Wi-Fi sports everywhereAirportsNearly all societiesPersonals Internet AccessesBut almost every society is connected to the internet or an private network.More discreet than physical access.But need more IT
15、skills.A New ThreatWi-Fi HackingIn the past,it was really difficult to be connected to a private networkNeed wired connectionPhysical accessOr internet accessBut now,almost every network has Wi-Fi spotsReally easy to hackMost of the time not well securedTechniquesWardrinving/walking/flying:Tsearchin
16、g for Wi-Fi wireless networks by a person in movementTools like:NetStumbler,Kismet,SWScannerWi-Fi HackingTechniques(2)WarchalkingDrawing symbols in public places advertise about a vulnerable Wi-Fi wireless networkSymbol on a nearby objectWi-Fi HackingWi-Fi Security ProtocolsNetwork AttacksWi-Fi need
17、 securityWi-Fi Security ProtocolsIn Wi-Fi history,several protocols were designedWEPWPAWPA2LEAPWired Equivalent Privacy(WEP)Wi-Fi Security ProtocolsA deprecated security algorithm!Introduced as part of the original 802.11 protocol in 1997Since 2023,several serious weaknesses in the protocol have bee
18、n identifiedReally easy to crackWithin minutesLot of toolsLEAPWi-Fi Security ProtocolsLightweight Extensible Authentication ProtocolSimilar to WEPModified version of MS-CHAP Ciscos suggests to force users to have stronger,more complicated passwords or move to another authentication protocol also dev
19、eloped by Cisco,EAP-FAST,to ensure security.Wi-Fi Protected Access(WPA)Wi-Fi Security ProtocolsAn intermediate measure:Developed by the Wi-Fi AllianceIn response to WPE weaknessesintermediate measure to take the place of WEP pending the preparation of 802.11i(WPA2)Wi-Fi Protected Access(WPA2)Wi-Fi S
20、ecurity ProtocolsFinal solution?Compliance with the full IEEE 802.11i standardnot work with some older network cardsIntroduces CCMPnew AES-based encryption mode with strong securityFrom March 13,2023,WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademarkWEP CrackingNetwork A
21、ttacksStepsWEP CrackingChoose a networkDump packetsAirodump-ngIf necessary,Generate trafficAireplay-ngCrack the keyAirecrack-ngAirecrack-ngWEP CrackingAirodump-ngDump packets for encryption key crackingairodump-ng options Airecrack-ng(2)WEP CrackingAireplay-ngInject ARP-request packets into a wirele
22、ss network to generate trafficaireplay-ng options-x :Number of packets per second.-a :Set Access Point MAC address.-e :Set target SSID for Fake Authentication attack-h :Set source MAC address.Airecrack-ng(2)WEP CrackingAirecrack-ngKey crackerairecrack-ng x airodump.outPracticeJust dont!(Or only on a
23、uthorized networks,yours for example).WEP CrackingCountermeasures Network AttacksCountermeasuresCountermeasures Network Attacks can be avoided using simple countermeasures:Sniffer detectionMonitoring Network TrafficChoose WPA2+RadiusUse certificatesManage overcapacities casesSniffingDos&DDoSCourse summaryNetwork AttacksWi-Fi HackingMiTMThe EndPhysical access
