Remote access

• Data driven attacks: sending data to an active service that causes unintended results, generally allowing access to the system

  • Buffer Overflow: same Windows vulnerabilities (C programs). Countermeasures: basically good programming practices, testing, auditing, safer compilers, etc.
  • Input Validation: failure in validating input and accepting extraneous input (hack code!!!). Produces similar results to buffer overflow and the countermeasure is the same: safe programming.

• Shell access: after gaining access using a data driven attack the first objective is to open a shell window to enter commands.

  • Traditional shell access: telnet, rlogin,ssh (admins can close most).
  • Using X-Windows to run xterm in the remote (target) machine and display in the intruder machine, using its client/server features.
  • Reverse telnet and back channels: admins can remove X, then what? Run nc (netcat) in the intruder and run malicious code in the target creating a telnet connection from target to intruder.
    • Countermeasures: remove X (servers), chmod 750 telnet (Linux, root only), better yet only use ssh.

Previous slide

Next slide

Back to first slide

View graphic version