DEFCON 20 (2012) DEFCON 19 (2011) Three Generations of DoS Attacks (with Audience Participation, as Victims)Abstract: Denial-of-service (DoS) attacks are very common. They are used for extortion, political protest, revenge, or just LULz. Most of them use old, inefficient methods like UDP Floods, which require thousands of attackers to bring down a Web server. The newer Layer 7 attacks like Slowloris and Rudy are more powerful, and can stop a Web server from a single attacker with incomplete Http requests. The newest and most powerful attack uses IPv6 multicasts, and can bring down all the Windows machines on an entire network from a single attacker. I will explain and demonstrate these tools: Low Orbit Ion Cannon, OWASP Http DoS Tool, and flood_router6 from the thc-ipv6 attack suite. This deadly IPv6 Router Advertisement Flood attack is a zero-day attack--Microsoft has known about it since June 2010 but has not patched it yet (as of May 4, 2011). Audience Participation: Bring a device to test for vulnerability to the Router Advertisement Flood! Some cell phones and game consoles have been reported to be vulnerable--let's find out! If your device crashes, please come to the Q&A room so we can video-record it and arrange disclosure to the vendor. Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON, Toorcon and BayThreat, and taught classes and seminars at many other schools and teaching conferences. Sam has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign. His Industry Certifications are: Associate of (ISC)^2, Certified Ethical Hacker, Microsoft: MCP, MCDST, MCTS: Vista; Network+, Security+, Hurricane Electric IPv6 Guru, CCENT. Twitter: @sambowne Links: Windows 7 DoS with IPv6 Router Advertisements "Layer 7 Attacks and Defenses" video, from the LayerOne conference, May 28, 2011
DEFCON 18 (2010) Who Cares About IPv6?(Click image for video) Abstract: What is IPv6? Why should you care? If we ignore it, will it just go away? The current Internet Protocol numbering scheme, IPv4, is nearing its end-of-life. Within two years, all the IPv4 numbers will be allocated, so that new devices will not be able to connect directly to the Internet. We all will be forced to adapt to the new IPv6 system soon. But how can we get started? This talk explains why IPv6 is necessary, how it works, and how everyone can quickly and easily start using it now. I will explain and demonstrate how to set up a free tunnel to access the Internet via IPv6. I will also explain the Hurricane Electric IPv6 certifications. The certifications are great because they guide a novice through the stages of IPv6 knowledge: connecting as a client, setting up an IPv6-enabled Web server, email server, DNS server, and glue records. There are large security implications to IPv6 too. I will explain several important IPv6 vulnerabilities and countermeasures, including auto-configuration privacy risks, torrents over IPv6, bypassing VPNs with IPv6, Routing Header Zero packet amplification attacks, and the ping-pong IPv6 DoS vulnerability. My goal is to convince the audience to pay attention to IPv6 and to guide them to an easy way to start learning about it and using it now. All my students at City College San Francisco will have IPv6 homework from now on--you need to get on board now or be left behind! LinksDefcon-talk-1: crowded-train.jpgDefcon-talk 2: Essential Next Steps in the US Government Transition to Internet Protocol version 6 (IPv6) (pdf) Defcon-talk 3: IPv4 Address Report Defcon-talk 4: DoD IPv6 Timeline Defcon-talk 5: gogo6 | IPv6 products, community and services Defcon-talk 6: SixXS - IPv6 Deployment & Tunnel Broker Defcon-talk 7: Hurricane Electric Free IPv6 Tunnel Broker Defcon-talk 8: Scanning on IPv6 with THC-IPv6 Defcon-talk 9: utorrent app now supports IPv6/teredo directly Decfon-talk 10: Routing Header Zero Packet Amplification Vulnerability Defcon-talk 11: The ping-pong phenomenon with p2p links Defcon-talk 12: Hurricane Electric Free IPv6 Certification Exploiting the LNK Vulnerability with Metasploit(link fixed on 9-10)DEFCON 17 (2009) Materials Hijacking Web 2.0 Sites with SSLstrip and Slowloris--Hands-on Training
sslstrip PowerPoint
Slowloris PDF
SSLstrip Instructions
Wall of Stripped Sheep
Slowloris Instructions Hijacking Web 2.0 Sites with SSLstrip and SlowlorisSam Bowne Instructor, City College San Francisco, Computer Networking and Information Technology Department Many Websites mix secure and insecure content on the same page, like Facebook. This makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike's SSLstrip tool. I will explain and demonstrate this attack. Slowloris is a very new layer 7 denial-of-service attack created by RSnake that stops Apache web servers completely with very low bandwidth--one packet every 2 seconds. The Apache developers were notified of this vulnerability and decided it was unimportant and not worth patching. I will explain and demonstrate this attack, and discuss various ways to protect your Apache servers. I will provide complete instructions so that anyone can easily set up both these attacks on their own machines. DEFCON 15 (2007) Materials Teaching Hacking at College |
Last modified: 8-12-13