1 / 67

SSLstrip Slowloris & IPv6 & Split Handshake Sam Bowne

SSLstrip Slowloris & IPv6 & Split Handshake Sam Bowne. Contact. Sam Bowne Computer Networking and Information Technology City College San Francisco Email: sbowne@ccsf.edu Web: samsclass.info. Topics. sslstrip – Steals passwords from mixed-mode Web login pages

madge
Download Presentation

SSLstrip Slowloris & IPv6 & Split Handshake Sam Bowne

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SSLstripSlowloris& IPv6& Split HandshakeSam Bowne

  2. Contact • Sam Bowne • Computer Networking and Information Technology • City College San Francisco • Email: sbowne@ccsf.edu • Web: samsclass.info

  3. Topics sslstrip – Steals passwords from mixed-mode Web login pages Slowloris – Denial of Service – Stops Apache Web servers IPv6 – The end of the world Split Handshake--simple trick that evades all tested IPS systems

  4. sslstrip

  5. The 15 Most Popular Web 2.0 Sites 1. YouTube HTTPS 2. Wikipedia HTTP 3. Craigslist HTTPS 4. Photobucket HTTP 5. Flickr HTTPS 6. WordPress MIXED 7. Twitter MIXED 8. IMDB HTTPS

  6. The 15 Most Popular Web 2.0 Sites • 9. Digg HTTP • 10. eHow HTTPS • 11. TypePad HTTPS • 12. topix HTTP • 13. LiveJournal Obfuscated HTTP • 14. deviantART MIXED • 15. Technorati HTTPS • From http://www.ebizmba.com/articles/user-generated-content

  7. Password Stealing Mediumssltrip EasyWall of Sheep Hard Spoofing Certificates

  8. Mixed Mode HTTP Page with an HTTPS Logon Button

  9. sslstrip Proxy Changes HTTPS to HTTP To Internet HTTPS Attacker: sslstrip Proxyin the Middle HTTP TargetUsingFacebook

  10. Ways to Get in the Middle

  11. Physical Insertion in a Wired Network To Internet Attacker Target

  12. Configuring Proxy Server in the Browser

  13. ARP Poisoning • Redirects Traffic at Layer 2 • Sends a lot of false ARP packets on the LAN • Can be easily detected • DeCaffienateID by IronGeek • http://k78.sl.pt

  14. ARP Request and Reply • Client wants to find Gateway • ARP Request: Who has 192.168.2.1? • ARP Reply: • MAC: 00-30-bd-02-ed-7b has 192.168.2.1 ARP Request ARP Reply Client Gateway Facebook.com

  15. ARP Poisoning Attacker ARP Replies: I am the Gateway Forwarded & Altered Traffic Traffic to Facebook Client Gateway Facebook.com

  16. Demonstration

  17. slowloris

  18. HTTP GET

  19. Send Incomplete HTTP Requests Apache has a queue of approx. 256 requests Each one waits approx. 400 seconds by default for the request to complete So less than one packet per second is enough to occupy them all Low-bandwidth DoS--no collateral damage!

  20. OSI Model

  21. Demonstration

  22. iClicker Questions

  23. Power failures brought down servers at 365 Main last year. What OSI Model was that attack in? • Layer 1 • Layer 2 • Layer 3 • Layer 4 • Layer 5 or higher

  24. Which type of website is the most dangerous? • HTTP • Mixed: HTTP with HTTPS elements • HTTPS

  25. What precaution protects you best when using a public Wi-Fi hotspot? • Open Access • WEP • WPA • VPN • 802.1x

  26. What precaution seems best against SlowLoris? • Do nothing and ignore it • Adjust Apache timeouts • Use a load-balancer • Add a module to Apache • Something else

  27. What sort of logins do users of your Website use? • Plaintext • Mixed-mode • HTTPS with a CA • Self-signed SSL • Something else

  28. What plans do you have to use IPv6? • I don't care about IPv6 at all • I'll implement IPv6, but not for years • Planning to implement it within a year • Planning to implement it sooner than a year • I am already using IPv6

  29. IPv4 Exhaustion • Available pool is 18 "/8 address ranges" • Each /8 has 16.8 Million Addresses • 203 already allocated • 35 Reserved for special uses • Data from 5-13-2010, CNIT 202E, link IPv6 3

  30. The End is Near

  31. The End of the World • No Reprieve • IANA will not re-purpose class D or E addresses for general use • People who ask for IPv4 addresses after exhaustion will not get them • Hoarding, scalping, and simple direct sale of IPv4 addresses will begin soon

  32. CNIT 202E - Link IPv6 2 (from 2003)

  33. Federal IPv6 Transition Timeline • Cisco, Sept 2009 (CNIT 202E, link IPv6 9)

  34. IPv6 Tunnels • Tunnelbroker.com • Free IPv4-to-IPv6 Tunnels • BUT your router needs to allow protocol 41 • I had to move to the DMZ to get it through

  35. IPv6 Certification • Get it now!

  36. :: can be used once to represent a string of zeroes

  37. From Zytrax: link IPv6 10

  38. IPv6 - IPv4 Addresses • A hybrid format may be used when dealing with IPv6 - IPv4 addresses where the normal IPv4 dotted decimal notation may be used after the first 6, 16 bit address elements:

  39. Examples

  40. Multiple Addresses • Note: Interfaces normally have two addresses, or even more • Link-local FE80::w.x.y.z • Global unicast

  41. Used by Ethernet

  42. Example Interface MAC 00-40-63-ca-9a-20 IPv6 Interface ID (EUI-64) ::0040:63FF:FECA:9A20 or ::40:63FF:FECA:9A20 link local FE80::40:63FF:FECA:9A20

More Related