Wireless DOS attacks
May 5, 2008 | Networking Security
While the Security of Wireless networks are improving, they are still very susceptible to DOS attacks and I doubt that will change anytime in the near future.
- RF jamming and overloading the network with traffic. On the physical layer these attacks are pretty devastating due to their effectiveness and ease to which they are done. Hint: you can use a mobile phone for that.
- Hidden Node problem: Well actually that’s a misconception, Its the use of the RTS/CTS (request to send /clear to send) which is used to SOLVE he hidden node problem that’s the issue. It can be used to DOS the network as the request to send basically stops the traffic till they hear the CTS signal.
- WPA: This DOS attack can be used in WPA and WPA2, which my lecturer describe as ”cute” involves the MIC (WPA improvement from WEP’s CRC). Basically if you introduce packets with incorrect MIC values then the Access Point will boot everyone off the network for one minute. Fun! I’m not sure if its dependent on implementation but it wouldn’t hurt for you to try this and see for yourself (well for at least a minute anyways hehe).
For more details:
RFC 791 Exploit
April 30, 2008 | Networking Security
An attacker is attempting to Telnet a specific host secured behind a firewall rule tht only allows inbound connections on TCP port 25.
- Send 2 packets, the first packet with the DF bit clear and the MF bit set, and the second packet with a fragmentation offset of 1 and a destination port of TCP 23
Aspects of RFC 791 (internet Protocol) can the attacker exploit to perform this attack.
two important guidelines to follow when implementing VTP
April 30, 2008 | Networking Security
- All switches in the VTP domain must run the same version of vtp.
- Enabling VTP pruning on a server will enable the feature fro the entire management domain.
ASA/PIX load-balance
April 30, 2008 | Networking Security
ASA/PIX Active/Active failover can be used to load-balance, On a per-context basis only.
Classifier
April 30, 2008 | Networking Security
Fig1 represents 3 security contexts all sharing a common VLAN(500) a single IP subnet corresponds to that VLAN. This is equivalent to connecting three security appliances using an ethernet switch. A property of the FWSM makes all interfaces all interfaces across the entire module use only one global MAC address. This is usually not a problem, until multiple contexts start sharing an interface which operational function within the FWSM handles this issue?
Classifier
MD5 authentication is added to an OSPF virtual link
April 30, 2008 | Networking Security
To increase security, MD5 authentication is added to an OSPF virtual link Company security policies dictate that all passwords must be changed after 90 days. If a second MD5 key is configured OSPF will authenticate both keys allowing the first key to be removed with no effect on OSPF
Access methods of the CS-Mars
April 30, 2008 | Networking Security
Telnet and SSH are access methods the CS-Mars can use to get configuration information from an Adaptive Security Appliance (ASA).
Anomly Detection
April 30, 2008 | Networking Security
Anomly Detection is an example of a security technlogy that could be enabled by Netflow
PIX version 7.0 features
April 30, 2008 | Networking Security
rate-Limiting
support for multiple virtual firewalls
Transparent firewall
RADIUS vendor Specific Attribute
April 30, 2008 | Networking Security
The RADIUS Vendor Specific Attribute type is decimal 26.
Vendor Specific Attribute MUST include the Legend field.
In Cisco’s vendor Specific attribute implementation, vendr-ID of 1 is commonly reffered to as Cisco AV (attribute Value) pairs.
NAC framework ACS server
April 30, 2008 | Networking Security
The ACS server used in the NAC framework, to authenticate devices based on quarantine information
Algorithms TKIP added to the 802.11 specification:
April 30, 2008 | Networking Security
Algorithms TKIP added to the 802.11 specification:
Key Mixing
Anti-replay sequnce counter
Message integrity check
ICMP type 3 messages
April 30, 2008 | Networking Security
Blind Connection reset represents a typical attack that takes advantage of RFC 792,ICMP Type 3 messages
TCP session hijack
April 30, 2008 | Networking Security
would an attacker figure out the initial sequence number:
1) Attacker sends SYN packet to server using a spoofed source IP address ot a trusted host
2)Server sens SYN, ACK packet to the trusted host
3) attacker sends Ack packet to server using the predicted server’s ISN
4) Attacker sends malicious data to server using the predicted Server’s ISN
GRE header
April 30, 2008 | Networking Security
The size of a point-to-point GRE header 4 bytes, and protocol number 47 at IP layer
MPPE encryption Not required for PPTP
April 30, 2008 | Networking Security
MPPE encryption Not required for PPTP
IOS easy VPN
April 30, 2008 | Networking Security
the IOS easy VPN server config:
To connect the remote VPN client will use a groupname of test
The remote vpn client will be assigned an internal IP address from the SDM_pool_1 ip address pool
emb_lim
April 30, 2008 | Networking Security
Using the emb_lim option in the static command, is one way to configure the security appliance to protect against DoS attacks
ACL AS-Path
April 30, 2008 | Networking Security
IP as-path access-list 1 deny_65104$ IP as-path access-list 1 permit AS-Path ACL is used to deny all the prefixes that originate in AS 65104 and permit all other prefixe
