advertisement

Undead Attack

50 %
50 %
advertisement
Information about Undead Attack
Technology

Published on December 1, 2008

Author: diegocasati

Source: slideshare.net

Description

Talk that I delivered during the What the Hack! conference.
advertisement

Diego Protta Casati Leandro Spínola Rodrigues

Quem somos nós?

Como surgiu? ● Criar um Hackathon em Santa Rita do Sapucaí/MG ● 1° Hackathon: 07/03/2004 ● Análise de pacotes TCP, utilizando OpenBSD, FreeBSD e Windows XP, na tentativa de encerrar uma conexão de Telnet

Uma breve explicação da falha O que descobrimos? ● Condição anormal na pilha do TCP/IP ● Estado não previsto na implementação da pilha Qual o problema disso? ● Aumento do consumo de CPU ● Queda de performance da rede Quem esta vulnerável???

Sistemas Afetados Microsoft Windows XP Professional SP2 Microsoft Windows NT Enterprise Server 4.0 SP5 Microsoft Windows XP Professional SP1 Microsoft Windows NT Enterprise Server 4.0 SP4 Microsoft Windows XP Professional Microsoft Windows NT Enterprise Server 4.0 SP3 Microsoft Windows XP Home SP2 Microsoft Windows NT Enterprise Server 4.0 SP2 Microsoft Windows XP Home SP1 Microsoft Windows NT Enterprise Server 4.0 SP1 Microsoft Windows XP Home Microsoft Windows NT Enterprise Server 4.0 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows 98SE Microsoft Windows Server 2003 Web Edition Microsoft Windows 2000 Server SP4 Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows 2000 Server SP3 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows 2000 Server SP2 Microsoft Windows Server 2003 Standard Edition Microsoft Windows 2000 Server SP1 Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows 2000 Server Microsoft Windows Server 2003 Enterprise Edition 64-bit SP1 + Avaya DefinityOne Media Servers Microsoft Windows Server 2003 Enterprise Edition 64-bit + Avaya IP600 Media Servers Microsoft Windows Server 2003 Enterprise Edition SP1 + Avaya S3400 Message Application Server Microsoft Windows Server 2003 Enterprise Edition + Avaya S8100 Media Servers Microsoft Windows Server 2003 Datacenter Edition 64-bit SP1 Microsoft Windows 2000 Professional SP4 Microsoft Windows Server 2003 Datacenter Edition 64-bit Microsoft Windows 2000 Professional SP3 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows 2000 Professional SP1 Microsoft Windows NT Server 4.0 SP6a Microsoft Windows 2000 Professional Microsoft Windows NT Server 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Server 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Server 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Server 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Server 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Server 4.0 SP1 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Server 4.0 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Enterprise Server 4.0 SP6

Microsoft Windows NT Terminal Server 4.0 SP6a Linux kernel 2.6.9 Linux kernel 2.6 Microsoft Windows NT Terminal Server 4.0 SP6 Linux kernel 2.6.8 rc3 Linux kernel 2.4.30 rc3 Microsoft Windows NT Terminal Server 4.0 SP5 Linux kernel 2.6.8 rc2 Linux kernel 2.4.30 rc2 Microsoft Windows NT Terminal Server 4.0 SP4 Linux kernel 2.6.8 rc1 Linux kernel 2.4.30 Microsoft Windows NT Terminal Server 4.0 SP3 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.4.29 -rc2 Microsoft Windows NT Terminal Server 4.0 SP2 + Ubuntu Ubuntu Linux 4.1 ia64 Linux kernel 2.4.29 -rc1 Microsoft Windows NT Terminal Server 4.0 SP1 + Ubuntu Ubuntu Linux 4.1 ppc Linux kernel 2.4.29 Microsoft Windows NT Terminal Server 4.0 Linux kernel 2.6.8 Linux kernel 2.4.28 Microsoft Windows 2000 Datacenter Server SP4 Linux kernel 2.6.7 rc1 Linux kernel 2.4.27 -pre5 Microsoft Windows 2000 Datacenter Server SP3 Linux kernel 2.6.7 Linux kernel 2.4.27 -pre4 Microsoft Windows 2000 Datacenter Server SP2 Linux kernel 2.6.6 rc1 Linux kernel 2.4.27 -pre3 Microsoft Windows 2000 Datacenter Server SP1 Linux kernel 2.6.6 Linux kernel 2.4.27 -pre2 Microsoft Windows 2000 Datacenter Server Linux kernel 2.6.5 Linux kernel 2.4.27 -pre1 Microsoft Windows 2000 Advanced Server SP4 Linux kernel 2.6.4 Linux kernel 2.4.27 Microsoft Windows 2000 Advanced Server SP3 Linux kernel 2.6.3 Linux kernel 2.4.26 Microsoft Windows 2000 Advanced Server SP2 Linux kernel 2.6.2 Linux kernel 2.4.25 Microsoft Windows 2000 Advanced Server SP1 Linux kernel 2.6.1 -rc2 Linux kernel 2.4.24 -ow1 Microsoft Windows 2000 Advanced Server Linux kernel 2.6.1 -rc1 Linux kernel 2.4.24 Linux kernel 2.6.11 .6 Linux kernel 2.6.1 Linux kernel 2.4.23 -pre9 Linux kernel 2.6.11 .5 Linux kernel 2.6 .10 Linux kernel 2.4.23 -ow2 Linux kernel 2.6.11 -rc4 Linux kernel 2.6 -test9-CVS Linux kernel 2.4.23 Linux kernel 2.6.11 -rc3 Linux kernel 2.6 -test9 Linux kernel 2.4.22 Linux kernel 2.6.11 -rc2 Linux kernel 2.6 -test8 + Devil-Linux Devil-Linux 1.0.4 Linux kernel 2.6.11 Linux kernel 2.6 -test7 + Devil-Linux Devil-Linux 1.0.5 Linux kernel 2.6.10 rc2 Linux kernel 2.6 -test6 + MandrakeSoft Linux Mandrake Linux kernel 2.6.10 Linux kernel 2.6 -test5 9.2 + RedHat Fedora Core2 Linux kernel 2.6 -test4 + MandrakeSoft Linux Mandrake + RedHat Fedora Core3 Linux kernel 2.6 -test3 9.2 amd64 + Ubuntu Ubuntu Linux 5.0 4 amd64 Linux kernel 2.6 -test2 + RedHat Fedora Core1 + Ubuntu Ubuntu Linux 5.0 4 i386 Linux kernel 2.6 -test11 + Slackware Linux 9.1 + Ubuntu Ubuntu Linux 5.0 4 powerpc Linux kernel 2.6 -test10 Linux kernel 2.6 -test1

Linux kernel 2.4.21 pre7 Linux kernel 2.4.19 Linux kernel 2.4.6 Linux kernel 2.4.21 pre4 Linux kernel 2.4.18 pre-8 Linux kernel 2.4.5 + MandrakeSoft Linux Mandrake 9.1 Linux kernel 2.4.18 pre-7 + Slackware Linux 8.0 + MandrakeSoft Linux Mandrake 9.1 ppc Linux kernel 2.4.18 pre-6 Linux kernel 2.4.4 Linux kernel 2.4.21 pre1 Linux kernel 2.4.18 pre-5 Linux kernel 2.4.3 Linux kernel 2.4.21 Linux kernel 2.4.18 pre-4 Linux kernel 2.4.2 + Conectiva Linux 9.0 Linux kernel 2.4.18 pre-3 Linux kernel 2.4.1 + MandrakeSoft Linux Mandrake 9.1 Linux kernel 2.4.18 pre-2 Linux kernel 2.4 .0-test9 + MandrakeSoft Linux Mandrake 9.1 ppc Linux kernel 2.4.18 pre-1 Linux kernel 2.4 .0-test8 + RedHat Desktop 3.0 Linux kernel 2.4.18 x86 Linux kernel 2.4 .0-test7 + RedHat Enterprise Linux AS 3 Linux kernel 2.4.18 Linux kernel 2.4 .0-test6 + RedHat Enterprise Linux ES 3 Linux kernel 2.4.17 Linux kernel 2.4 .0-test5 + RedHat Enterprise Linux WS 3 Linux kernel 2.4.16 Linux kernel 2.4 .0-test4 + S.u.S.E. Linux Enterprise Server 8 Linux kernel 2.4.15 Linux kernel 2.4 .0-test3 + S.u.S.E. Linux Personal 9.0 Linux kernel 2.4.14 Linux kernel 2.4 .0-test2 + S.u.S.E. Linux Personal 9.0 x86_64 Linux kernel 2.4.13 Linux kernel 2.4 .0-test12 Linux kernel 2.4.20 + Caldera OpenLinux Server 3.1.1 Linux kernel 2.4 .0-test11 + CRUX CRUX Linux 1.0 + Caldera OpenLinux Workstation 3.1.1 Linux kernel 2.4 .0-test10 + Gentoo Linux 1.2 Linux kernel 2.4.12 Linux kernel 2.4 .0-test1 + Gentoo Linux 1.4 + Conectiva Linux 7.0 Linux kernel 2.4 + RedHat Linux 9.0 i386 Linux kernel 2.4.11 + Slackware Linux 9.0 Linux kernel 2.4.10 + WOLK WOLK 4.4 s Linux kernel 2.4.9 Linux kernel 2.4.19 -pre6 Linux kernel 2.4.8 Linux kernel 2.4.19 -pre5 Linux kernel 2.4.7 Linux kernel 2.4.19 -pre4 + RedHat Linux 7.2 Linux kernel 2.4.19 -pre3 + S.u.S.E. Linux 7.1 Linux kernel 2.4.19 -pre2 + S.u.S.E. Linux 7.2 Linux kernel 2.4.19 -pre1 Referência: www.securityfocus.com/bid/13215

Sistemas Não Afetados .... OpenBSD Único sistema operacional testado que não é afetado até o momento

Últimas Descobertas ● Mac OS X Tiger ● NetBSD 2.0 ● FreeBSD 6.0 Beta ● Linux 2.6.13RC3 Descobertos durante o What the Hack!

Advisories

http://nvd.nist.gov/nvd.cfm?cvename=CAN-2005-1184

www.securityfocus.com/bid/13215

Princípios básicos

Pacote Ethernet * Tamanho [Bytes]

Pacote IP * Tamanho [ bits]

Pacote TCP * Tamanho [bits]

Three Way Handshake A B Conexão estabelecida

Encerramento de conexão A B Conexão encerrada

TCP Keep Alive A B Cenário anterior TCP Keep Alive concluído

O Ataque

O Ataque A B Detecta-se uma conexão TCP Z Enxurrada de pacotes TCP ACK

Undead Attack A B Cenário anterior Z Enxurrada de pacotes TCP ACK

Cenários de Ataque

Cenário I Denial of Service (DDoS) Zumbi Alvo

Cenário II Distributed Denial of Service (DDoS) Alvo Zumbi Zumbi Zumbi Zumbi Zumbi

Como defender? Pacote forjado é perfeitamente aceito pelo receptor!

Screenshots

Windows 98 – Second Edition

Windows 2000 Server

Windows XP – Service Pack 2

Windows 2003 Server

Microsoft “... At this point, we have completed our initial investigation of this issue and have determined that the most apropriate ship vehicle to fix this issue is a Service Pack for the affected suported plataforms. This decision was arrived at after weighing the seriousness of the vulnerability as well as the likelihood of exploitability. ...”

Referências TCP/IP Illustrated – W. Richard Stevens [Advisory] http://www.securityfocus.com/bid/13215 [Exploit] http://www.securityfocus.com/data/vulnerabilities/exploits/storm.c [What the Hack] http://wiki.whatthehack.org/index.php?title=Undead_Attack

Segurança é um processo e não um produto Bruce Schneier Criador do Blowfish

E-mails Diego Protta Casati diego-casati@inatel.br Leandro Spínola Rodrigues leandro-rodrigues@inatel.br

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Attack of the Undead - Film 2010 - FILMSTARTS.de

Attack of the Undead, Ein Film von Turner Clay mit Jay Hayden, Andy Stahl. Übersicht und Filmkritik. Im malerischen Montgomery County explodiert eines ...
Read more

Attack of the Undead - Film, Kino, DVD

Attack of the Undead | Eine Chemikalie verursacht bei den Menschen Mutationen, die sie zu wütenden Kannibalen machen. Eine Gruppe Überlebender versucht ...
Read more

Attack of the Undead [Blu-ray]: Amazon.de: Jay Hayden ...

Amazon.de: Finden Sie Attack of the Undead [Blu-ray] in unserem vielfältigen DVD- & Blu-ray-Angebot. Gratis Versand durch Amazon ab einem Bestellwert von ...
Read more

Attack of the Undead Trailer OV - FILMSTARTS.de

Attack of the Undead Trailer OV. Attack of the Undead, einem Film von Turner Clay mit Jay Hayden, Andy Stahl. Finde weitere Trailer, Teaser, Videoclips und ...
Read more

Attack of the Undead (HD Trailer Deutsch) - YouTube

Attack of the Undead (HD Trailer Deutsch) Tiberius Film. ... Undead Trailer - Duration: 2:29. by Digital Retribution 232,297 views. 2:29
Read more

Attack of the Undead - Stream Film online anschauen auf ...

Attack of the Undead stream online anschauen - Eine Explosion in einer Chemiefabrik erschüttert Montgomery County. Jim muss hilflos mit ansehen, wie seine ...
Read more

Attack of the Undead - Film 2011 - Scary-Movies.de

Den Film Attack of the Undead mit deutschem Trailer und Review. DVD, Blu-ray und ggf. Kinostart. Film Infos zu Attack of the Undead bei Scary-Movies.de ...
Read more

Attack of the Undead (2011) Stream online anschauen und ...

Attack of the Undead stream online anschauen - Nach einer verheerenden Explosion in einer Chemiefabrik herrscht in einer Kleinstadt der Ausnahmezustand.
Read more

Attack of the Undead online schauen - Video on Demand von ...

Attack of the Undead online schauen. Jetzt den Film Attack of the Undead bei Videoload als Stream oder Download ansehen.
Read more

Attack of the Undead: Amazon.de: Bret Hopkins, Jay Hayden ...

Amazon.de: Finden Sie Attack of the Undead in unserem vielfältigen DVD- & Blu-ray-Angebot. Gratis Versand durch Amazon ab einem Bestellwert von 29€.
Read more