An Example 骤 想界 mount-e Shimomura(S) Trusted (T) Finger @s Attack when no one is around showmount -e What other systems it trusts? Send 20 syn packets to s Mitnick Determine ISN behavior 15-411: F08 security 16
An Example Shimomura (S) Trusted (T) Mitnick Finger • Finger @S • showmount –e • Send 20 SYN packets to S • Attack when no one is around • What other systems it trusts? • Determine ISN behavior Showmount -e SYN 15-411: F08 security 16
An Example 骤 Shimomura(S) Trusted (T) Syn flood Finger @s Attack when no one is around showmount -e What other systems it trusts? Send 20 syn packets to s Mitnick Determine ISN behavior · SYn flood t T wont respond to packets 15-411: F08 security
Shimomura (S) Trusted (T) Mitnick An Example • Finger @S • showmount –e • Send 20 SYN packets to S • SYN flood T • Attack when no one is around • What other systems it trusts? • Determine ISN behavior • T won’t respond to packets Syn flood X 15-411: F08 security 17
An Example SYNACK 骤 Shimomura(S) SYN ACK Trusted (T) Finger @s Attack when no one is around showmount-e What other systems it trusts? Send 20 SYn packets to s Mitnick Determine ISN behavior SYn flood t T wont respond to packets Send syn to s spoofing as t · s assumes that it has a · Send ack to s with a session with T guessed number 15-411: F08 security 18
Shimomura (S) Trusted (T) Mitnick An Example • Finger @S • showmount –e • Send 20 SYN packets to S • SYN flood T • Send SYN to S spoofing as T • Send ACK to S with a guessed number • Attack when no one is around • What other systems it trusts? • Determine ISN behavior • T won’t respond to packets • S assumes that it has a session with T X SYN SYN|ACK ACK 15-411: F08 security 18
An Example 骤 Shimomura(S) ++>hosts Trusted (T) Finger @s Attack when no one is around showmount -e What other systems it trusts? Send 20 SYN packets to s Mitnick Determine ISN behavior SYN flood T T wont respond to packets Send sYn to s spoofing as t · s assumes that it has a · Send ack to s with a session with T guessed number Give permission to anyone ·Send"echo++>~ rhosts” from anywhere 15-411: F08 security 19
Shimomura (S) Trusted (T) Mitnick An Example • Finger @S • showmount –e • Send 20 SYN packets to S • SYN flood T • Send SYN to S spoofing as T • Send ACK to S with a guessed number • Send “echo + + > ~/.rhosts” • Attack when no one is around • What other systems it trusts? • Determine ISN behavior • T won’t respond to packets • S assumes that it has a session with T • Give permission to anyone from anywhere X ++ > rhosts 15-411: F08 security 19