Other Techniques

• TCP hijacking

  • Juggernaut: spy on a TCP connection and issue commands as the logged user.
  • Hunt: spy on a TCP connection (works with shared and switched nets)
  • Countermeasures: encrypted protocols such as IPSec, SSH.

• TFTP: Trivial File Transfer Protocol.

  • Used by routers, and there are free servers for Windows.
  • Standard client in Windows 2000: TFTP.EXE protected by Windows File Protection so it can't be removed.
  • Prevent its use by Nimda :
    • Edit the services file: systemroot/system32/drivers/etc/services
    • Find this line tftp 69/udp
    • Replace it with tftp 0/udp

• Social Engineering

  • Help desk information: on the Web, e-mail, voice
  • User information: on the Web, e-mail, voice
    
    

Previous slide

Back to first slide

View graphic version