Home | Computer Security | Fun | About Vikram Phatak | Contact
 


 

Application Layer Attacks: Firewalls were developed with two things in mind, Access control and Protocol integrity. Not much attention was given to the vulnerability of the application layer. The hacker community realized this and changed their tactics to exploit weaknesses in applications - thereby circumventing the firewall.
    Their objective is to achieve one or all of the following:
  • Denial of service to legitimate users.
  • Gaining administrative privileges on the client/server machines.
  • Gain root privileges to execute malicious commands.
  • Install Trojans/Backdoors to destroy/access applications.
  • Hijack user accounts to get passwords and other valuable information.
In order to achieve these goals more effectively, hackers have developed several innovative and sophisticated ways to attack the application layer. We will have a brief look at some of the most commonly used techniques.

Buffer overflow: Programmers usually fail to fix a bound on the user input fields. An attacker can calculate the additional size that needs to be added to the string so that it exceeds the memory space allocated for the field. The hacker then sends this oversized field to the system causing a buffer overflow. Buffer overflows could lead to security exploits or simply denial-of-service.

Trojans: A Trojan is a malicious piece of code installed by a hacker on the victim's machine. A Trojan is a program that does something which is different from the purpose for which it was installed on the system. For e.g. antivirus software that introduces viruses into the system when installed can be considered as a Trojan.

Backdoors: A backdoor is a mechanism covertly installed on a victim system to gain unauthorized access to the system. A backdoor compromises the system to facilitate the subsequent entry of the hacker. A backdoor is only a port of entry into the system and does not claim to do something different as in the case of a Trojan.

Cross Site Scripting: A dynamic web-site returns user input to the client in different ways based on the browser settings of the client machine. It is possible for a hacker to insert malicious code (script) without the knowledge of the client or the server machine. This could result in cookie theft, account hijacking or spreading viruses.

CGI abuses: These attacks try to exploit the flaws in the CGI's of an application. For instance the Apache 2.0.x contains a default script /cgi-bin/test-cgi.bat. An attacker could use this CGI to execute arbitrary code by sending the | (pipe) character appended with the command as parameters.

The following table is a sample of a few of the most common application attacks.

    HTTP
  • Code Red, Nimda Worms & Mutations
  • SQL Injection
  • Directory Traversal Attacks
  • MDAC Buffer Overflows
  • Cross-Site Scripting Attacks
  • Chunked Transfer Encoding Attacks
    SMTP
  • SMTP Worm
  • MIME Attacks
  • SPAM Attack
  • Command Verification Attack
  • SMTP Error Denial-of-Service Attack
  • Mailbox Denial-of-Service Attack (excessive email size)
  • SMTP Mail Flooding
  • Address Spoofing
  • SMTP Buffer Overflow Attacks
    FTP
  • FTP Bounce Attack
  • FTP Port Injection Attacks
  • Directory Traversal Attack
  • TCP Segmentation Attack
    DNS
  • DNS Query Malformed Packet Attacks
  • DNS Answer Malformed Packet Attacks
  • DNS Query-Length Buffer Overflow
  • DNS Query Buffer Overflow - Unknown Request/Response
  • Man-in-the-Middle Attack
    Microsoft Networking
  • Bugbear Worm
  • Nimda Worm
  • Liotan Worm
  • Opaserv Worm
    SNMP
  • SNMP Flooding Attack
  • Default Community Attacks
  • Brute Force Attacks
  • SNMP Put Attack
    SSH
  • Buffer Overflow Attack
    MS SQL
  • Buffer Overflow attack
  • SQL Slammer Worm




Computer Security Home

The OSI and the TCP/IP Layers

TCP

IP

Network & Application Layer Attacks
    Network Layer DoS
        Syn Flood
        Ack Flood
        RESET Attack
        FIN Attack
        Teardrop Attack

    IP Spoofing
        Predicting TCP Sequence Numbers

    Application Layer Attacks
        Buffer Overflows
        Trojans
        Backdoors
        Cross-site Scripting
        CGI abuses

Firewalls
    Packet Filters
    Proxy Firewalls
        Circuit Level Proxies
        Application Level Proxies
    Stateful Inspection Firewalls
  Limitations of Firewalls

Intrusion Detection and Prevention Systems
    Signature Based
    Anomaly Based
        Statistical Anomaly Based
        Protocol Anomaly Based
    Host Based IDS (HIDS)
    Network Based IDS (NIDS)
        Protocol Anomaly Based NIDS
        Signature Based NIDS

Web Application Firewalls

Vulnerability Assesment
    Host Based Scanner
    Network Based Scanner
    Web Application Vulnerability Scanner

Content Filters

Encryption

Conclusion


Copyright © 2006 Vikram Phatak. All rights reserved.