Kali/Layer 4 Attacks: Difference between revisions
From charlesreid1
| Line 1: | Line 1: | ||
=Transport (Layer 4) Attacks= | =Transport (Layer 4) Attacks= | ||
This page covers the use of Kali to carry out attacks on layer 4. Also see [[Kali/Workflow]]. | This page covers the use of Kali to carry out attacks on layer 4, the transport layer. Also see [[Kali/Workflow]]. | ||
==Review== | ==Review== | ||
| Line 9: | Line 9: | ||
{{NetworkStack}} | {{NetworkStack}} | ||
Layer 4 is the Transport layer. It handles the transport of packets. | Layer 4 is the Transport layer. It handles the transport of packets. This includes conversation protocols, packet types, and creating encrypted transport layers. | ||
==Scenario== | ==Scenario== | ||
Once you're on a network and have been assigned an IP, you can see various packets flying around the network. The routing and transport of these packets is Layer 4. Attacks that can occur on this layer occur through the use and manipulation of packet traffic. | Once you're on a network and have been assigned an IP, you can see various packets flying around the network. The routing and transport of these packets is Layer 4. Attacks that can occur on this layer occur through the use and manipulation of packet traffic. | ||
Transport layer attacks can have different approaches: | |||
* Passive monitoring - recording all traffic, no tampering | |||
* Active monitoring - actively monitoring traffic and injecting, removing, or modifying traffic on the fly | |||
* Active attacks - denial of service, modification | |||
==Passive monitoring== | |||
Normally, when two computers are making a connection, they perform a three-way handshake: the client sends a SYN, the server | The transport layer is a rich source of information. You can learn all sorts of things by monitoring network traffic in Wireshark. Often, packet payloads are unencrypted HTTP connections, and contain images, web URLs, and other web content in the clear. This traffic can be monitored by tricking the network into forwarding '''all''' network traffic to an attacker's machine, not just traffic intended for it. | ||
==Active monitoring== | |||
Passive monitoring can be thwarted through the use of SSL and TLS, both encryption protocols that are implemented on Layer 4. These protocols create a way for computers to transport encrypted packets back and forth, with the packets passing encrypted across the public channel and being decrypted by both parties at either end. | |||
Active attacks are a way of forcing sheep to use insecure protocols like HTTP instead of HTTPS. [[SSLStrip]] is an example of an active monitoring Layer 4 Transport attack. The intent is to actively tamper with the communication stream in order to force the usage of insecure protocols and enable a [[Man in the Middle]] attack at Layer 4. | |||
===Active attacks: Denial of Service=== | |||
There are also ways of creating chaos on Layer 4. For example, suppose an attacker's goal is to create a denial of service on a computer. On the physical layer, or [[Kali/Layer 1 Attacks|Layer 1]], an attacker would create a denial of service by jamming the radio signal, or physically tampering with a network line. On the transport layer, or Layer 4, a denial of service is created by jamming up the workings of the transport layer. This is done by abusing the TCP handshake protocol. | |||
Normally, when two computers are making a connection, they perform a three-way handshake: the client sends a SYN packet, the server responds with a SYN-ACK packet, and the client responds back with an ACK packet. The TCP connection between the two machines is then officially established. To abuse this handshake process, an attacker can send a [[SYN Flood]], a flood of SYN packets, and do nothing when the server responds with a SYN-ACK packet. The server politely waits for the other end to respond with an ACK packet, and because bandwidth is fixed, the hardware only has a fixed number of connections it can make. Eventually, the SYN packets max out the available connections to a server with hanging connections. New visitors will experience a denial of service. | |||
A [[SYN Flood]] can bring down your servicer if it isn't configured properly - each SYN packet will use up another spot in the queue, which will quickly eat up all available TCP connections, and lead to a denial of service. By using a reverse proxy, and putting different rules in place, these kinds of attacks can be thwarted. | |||
This attack occurs on the transport layer - it jams up the normal workings of the transport layer and interferes with the normal delivery of packets. | This attack occurs on the transport layer - it jams up the normal workings of the transport layer and interferes with the normal delivery of packets. | ||
Revision as of 18:59, 19 August 2016
Transport (Layer 4) Attacks
This page covers the use of Kali to carry out attacks on layer 4, the transport layer. Also see Kali/Workflow.
Review
Let's review the network stack before we launch into network layer attacks.
| Layer | Name | Function |
|---|---|---|
| 7 | Application | Topmost layer, provides users a means to access network resources (only level seen by end user) |
| 6 | Presentation | Transforms data received into a format that is readable by the application layer. Handles encryption/description for secure data |
| 5 | Session | Manages communication sessions between computers. Manages connections with other devices. Half-duplex or full duplex. |
| 4 | Transport | Provide reliable data transport services to lower layers. |
| 3 | Network | Routes data between physical networks. Handles addressing, via IP. Handles packet fragmentation and error detection. Router level. Most complex layer. |
| 2 | Data Link | Transports data across a network. Provides addressing scheme to identify physical devices, bridges, switches, MAC addresses. |
| 1 | Physical | The physical medium for the network communication signals. |
(Please Do Not Touch Steve's Pet Alligator)
(Phys Dat Net Trans Sesh Prezzy App)
Layer 4 is the Transport layer. It handles the transport of packets. This includes conversation protocols, packet types, and creating encrypted transport layers.
Scenario
Once you're on a network and have been assigned an IP, you can see various packets flying around the network. The routing and transport of these packets is Layer 4. Attacks that can occur on this layer occur through the use and manipulation of packet traffic.
Transport layer attacks can have different approaches:
- Passive monitoring - recording all traffic, no tampering
- Active monitoring - actively monitoring traffic and injecting, removing, or modifying traffic on the fly
- Active attacks - denial of service, modification
Passive monitoring
The transport layer is a rich source of information. You can learn all sorts of things by monitoring network traffic in Wireshark. Often, packet payloads are unencrypted HTTP connections, and contain images, web URLs, and other web content in the clear. This traffic can be monitored by tricking the network into forwarding all network traffic to an attacker's machine, not just traffic intended for it.
Active monitoring
Passive monitoring can be thwarted through the use of SSL and TLS, both encryption protocols that are implemented on Layer 4. These protocols create a way for computers to transport encrypted packets back and forth, with the packets passing encrypted across the public channel and being decrypted by both parties at either end.
Active attacks are a way of forcing sheep to use insecure protocols like HTTP instead of HTTPS. SSLStrip is an example of an active monitoring Layer 4 Transport attack. The intent is to actively tamper with the communication stream in order to force the usage of insecure protocols and enable a Man in the Middle attack at Layer 4.
Active attacks: Denial of Service
There are also ways of creating chaos on Layer 4. For example, suppose an attacker's goal is to create a denial of service on a computer. On the physical layer, or Layer 1, an attacker would create a denial of service by jamming the radio signal, or physically tampering with a network line. On the transport layer, or Layer 4, a denial of service is created by jamming up the workings of the transport layer. This is done by abusing the TCP handshake protocol.
Normally, when two computers are making a connection, they perform a three-way handshake: the client sends a SYN packet, the server responds with a SYN-ACK packet, and the client responds back with an ACK packet. The TCP connection between the two machines is then officially established. To abuse this handshake process, an attacker can send a SYN Flood, a flood of SYN packets, and do nothing when the server responds with a SYN-ACK packet. The server politely waits for the other end to respond with an ACK packet, and because bandwidth is fixed, the hardware only has a fixed number of connections it can make. Eventually, the SYN packets max out the available connections to a server with hanging connections. New visitors will experience a denial of service.
A SYN Flood can bring down your servicer if it isn't configured properly - each SYN packet will use up another spot in the queue, which will quickly eat up all available TCP connections, and lead to a denial of service. By using a reverse proxy, and putting different rules in place, these kinds of attacks can be thwarted.
This attack occurs on the transport layer - it jams up the normal workings of the transport layer and interferes with the normal delivery of packets.
Session Hijacking
Session hijacking involves an attacker taking control of an ongoing session between two nodes. This is possible because authentication happens only at the start of a conversation. Thus an attacker masquerades as an end node of the session and hijacks the session.
Flags
 |
Attack Layers pages addressing attack vectors, tools, and methodologies for each layer of the network stack.
1 Physical Attacks: Kali/Layer 1 Attacks 2 Data/MAC Attacks: Kali/Layer 2 Attacks 3 Network Attacks: Kali/Layer 3 Attacks 4 Transport Attacks: Kali/Layer 4 Attacks 5 Session Attacks: Kali/Layer 5 Attacks 6 Presentation Attacks: Kali/Layer 6 Attacks 7 Application Attacks: Kali/Layer 7 Attacks
Template:MITMFlag · Template:DoSFlag · Template:MetasploitableFlag Category:Attacks · Category:Kali Attack Layers Flags · Template:KaliAttackLayersFlag · e |