Computer Security Buffer Overflows Denial of Service MIE456 - - PowerPoint PPT Presentation

computer security
SMART_READER_LITE
LIVE PREVIEW

Computer Security Buffer Overflows Denial of Service MIE456 - - PowerPoint PPT Presentation

Feb 06, 2023 256 likes •407 views

Computer Security Buffer Overflows Denial of Service MIE456 Joseph Kong Overview Program Exploitation Buffer Overflows Memory Declaration Smashing The Stack TCP/IP Three Way Handshake Denial of Service SYN Flooding

slide-1
SLIDE 1

Computer Security

Buffer Overflows Denial of Service

MIE456 Joseph Kong

slide-2
SLIDE 2

Overview

 Program Exploitation  Buffer Overflows

 Memory Declaration  Smashing The Stack

 TCP/IP Three Way Handshake  Denial of Service

 SYN Flooding  Smurf Attacks  System Overloads

 Summary

slide-3
SLIDE 3

Program Exploitation

 Definition:

 Exploiting a program is simply a clever

way of getting the computer to do what you want it to do, even if the currently running program was designed to prevent that action

 Programs follow the letter of the law

slide-4
SLIDE 4

Buffer Overflows Memory Declaration

 Null Byte Termination  Program Memory Segmentation

 text  data  bss  heap  stack

slide-5
SLIDE 5

Buffer Overflows Memory Declaration Cont.

 Extended Instruction Pointer (EIP)  Program Flow

1.Read the instruction that EIP is pointing to 2.Add the byte-length of the instruction to EIP 3.Execute the instruction that was read in step 1 4.Go to step 1

slide-6
SLIDE 6

Buffer Overflows Memory Declaration Cont.

void test(int a, int b, int c, int d){ char flag; char buffer; } void main(){ test(1, 2, 3, 4) }

High addresses Low addresses buffer flag return address a b c d

The top of the stack

slide-7
SLIDE 7

Buffer Overflows Smashing The Stack

void overflow (char *str){ char buffer [20]; //function that copies str to buffer strcpy(buffer, str); } int main(){ char big_string[128]; int i; for(i=0; i < 128; i++){ //fill big_string with 'A's big_string[i] = 'A'; }

  • verflow(big_string);

exit(0); } $ gcc -o overflow overflow.c $ ./overflow Segmentation fault $

  • verflow.c code

buffer return address

  • verflow.c results
slide-8
SLIDE 8

TCP/IP Three Way Handshake

client client server server

  • 1. initial SYN sent
  • 2. ACK sent with reply SYN
  • 3. final ACK sent
slide-9
SLIDE 9

Denial of Service SYN Flooding

SYN Attack Using A Spoofed Return Address

server random computer hacker

IP Address: 192.168.0.1 IP Address: 192.168.0.5

spoofed SYN packet IP Addr: 192.168.0.5 Reply SYN ACK Packet Sent To Spoofed Addr: 192.168.0.5

slide-10
SLIDE 10

Denial of Service Smurf Attacks

 Broadcast Address

 One address that every computer will

answer to

 Used to update name lists and other

necessary items that computers need to keep the network up and running

 Broadcast Storm

 send a request to a network using the

broadcast address with the return address of the broadcast address

slide-11
SLIDE 11

Denial of Service System Overloads

 DOS attack directed against the

software running on the target computer

 Average 5-50 bugs/thousand lines of

code

 If an attacker knows how to exploit a

specific bug, she can shut down the target computer

slide-12
SLIDE 12

Summary

 Hacking is really just the act of finding

a clever and counterintuitive solution to a problem

 A buffer overflow attack is exactly what

its name implies

 A DOS simply prevents access to a

service or resource

slide-13
SLIDE 13

References

  • 1. Erickson, Jon. (2003) Hacking: The Art Of Exploitation. San

Francisco: No Starch Press

  • 2. Hoglund, Greg, and Gary McGraw. (2004) Exploiting

Software: How To Break Code. Boston: Addison Wesley

  • 3. Peikari, Cyrus and Seth Fogie. (2003) Maximum Wireless
  • Security. Indiana: Sams