Data driven attacks: sending data to an active service that causes unintended results, generally allowing access to the system
- Buffer Overflow: same Windows vulnerabilities (C programs). Countermeasures: basically good programming practices, testing, auditing, safer compilers, etc.
- Input Validation: failure in validating input and accepting extraneous input (hack code!!!). Produces similar results to buffer overflow and the countermeasure is the same: safe programming.
Shell access: after gaining access using a data driven attack the first objective is to open a shell window to enter commands.
- Traditional shell access: telnet, rlogin,ssh (admins can close most).
- Using X-Windows to run xterm in the remote (target) machine and display in the intruder machine, using its client/server features.
- Reverse telnet and back channels: admins can remove X, then what? Run nc (netcat) in the intruder and run malicious code in the target creating a telnet connection from target to intruder.
- Countermeasures: remove X (servers), chmod 750 telnet (Linux, root only), better yet only use ssh.