Technical Session 1

Technical Session 1 - Attacks

Chair: Fred Avolio (avolio@tis.com)

Information Security Technology? Don't Rely on it. A Case Study in Social Engineering

Ira Winkler (winkler@c3i.saic.com) of Science Applications International Corporation presented an example of how his company does a security audit of a company's network. They call 800 #'s, pretend to be Human Resources to new hires, and other sneaky ways to get people to divulge what computer systems they use and their passwords. Mostly they exploited the fact that in a multi-thousand employee company, the HR people don't know the security people, etc. There was nothing new here that hasn't been written up in Phrack and 2600 for the past 8 years.

Some of the weaknesses exploited include:

intimidation (if you don't help me out by giving me your password, you're going to be in trouble), esp. to new hires
desire to help
end of day syndrome - the person to authorize has gone home, so someone gives out information they should not

A Simple Active Attack Against TCP

Laurent Joncheray (lpj@merit.edu) presented the method for and experiences doing an attack against a TCP session where an attacker can create a TCP packet that looks like it came from somewhere else. They must have a sniffer somewhere on the way (such as on a transit network). Red flags for detection of this attack:

Inconsistency in sequence numbers
Deterioration of response time
Increase in # of ACK packets (on transit networks)

Ways to prevent this attack:

Encrypt stream
TCP encryption package for SunOS 4.1.3 developed by author. Uses /dev/rand - random number generator, /dev/ipf - packet filter, IDEA key, TCPCRYPT - public-key encrypted TCP package. Performance: 20X slower; 100 KB/sec max on Sparc 20.

For more info, see his Security Page

WAN-hacking with AutoHack: Auditing Security Behind the Firewall

Alec Muffett (alec.muffett@uk.sun.com) of Sun, UK presented an overview of his tool to evaluate security inside of Sun. He has written a collection of scripts that do smart things like checking Sendmail versions and NFS exports of all hosts on all networks. To store 30,000 machines' worth of data on his machine takes only 320 MB. He has written report generators to create useful information. Availability: Sun won't let him release it right now. Possibility that they'll make it "unsupported freeware".