17-01-2011, 12:31 PM
[attachment=8262]
BY:-Bablu Joshi
UNDER THE GUIDENCE OF:-
Ankit Agarwal
AGENDA
An overview to Buffer
Buffer overflow
Buffer overflow Attack
Counter measures
Stack Guard
WExecute
Address Space Layout Randomly
Buffer overflow attack in terms of C language
Stack Smashing
Heap Attack
Function Pointer Attack
Return-into-libC Attack
Attacking Behaviours
Keylogging
Sniffing Traffic
Spamming
Distributed Denial Of Services(DDOS)
Overview to Buffer overflow
Buffer: memory used to store user input, has fixed maximum size.
Buffer overflow: when user input exceeds max buffer size.
Extra input goes into unexpected memory locations.
Buffer overflow Attack: Buffer overflow attacks, the attackers injects in a sequence into the victim application and transfers the control of application to injected code.
Counter Measures
1. Stack Guard
1.1 Protection against hijacking of control flow
1.2 Canary to identify the overflow
2. WExecute
2.1 Either to write to a memory page or to execute
2.2 We cannot do both
3. Address Space Randomization
3.1 Address layout of program is randomized
3.2 ASLR implemented in July 2001
3.3 Three area of randomized in ASLR
3.3.1 Executable
3.3.2 Mapped
3.3.3 Stack
Buffer overflow attacks in terms of C language
Stack smashing attacks
Function calls results in an activation frame
being pushed onto a memory area called the
STACK.
System function takes an arbitrary command line as an argument, checking the argument validity, loads into the register R.
The attackers can arrange for R to an attacker supplied string and system will treat attacker supplied string as command line argument and execute it.
Heap Attack
HEAP is a region of Virtual memory used by application.
Heap allocation has a min
size of 8bytes and additional
overhead of 8bytes.
Heap overflow techniques
overwrites dynamic memory
allocation linkage
Function Pointer Attack
Buffer overflow vulnerability appers where an application need to read external information such as character string.
The receiving buffer is relatively small compared to size of input string.
its means attacker can change information as it wants by overwriting.
Series of machine
language cmds
as a string that
leads to the
execution of the at
code by changing
the return address
to the address to
the address of the
attack code
Return-into-libC Attack
The attacker does not inject code to stack any more but instead executes a functions of the libC.
Keylogging
Cyber criminals gets information from many methods to obtain information, one now from keyboard by we say keylogging or key stroke logging.
Sniffing Traffic
Means that attacker is able to view network traffic and will try to steal information data.
It can be done through physical access to the network.
If stolen data is encrypted the attackers use a cracker to decrypt the data.
Spamming
Peer-to-peer network enable sharing the files amongst users in such a way that computing power and network brandwidth required to these files are shifted from relatively few servers to user which request them.
Types of spamming Attacks
Poisioning: Client can be provided a content which doesn’t match with description.
Defection: Which slow down the downloading ratio.
Virus: Sending tile with virus on online shopping.
Identify: Where client anonmity is not protected.
Distributed Denial Of Services(DDOS)
Distributed denial of services attacker takes control of one computer to attack large number of computers.
Modes of Attacks
1. Consumption of network resources.
2. Tampering of configration information.
3. Physical destruction or alteration of network components.
