tailieunhanh - Lecture notes on Computer and network security: Lecture 24 - Avinash Kak

Lecture 24, the dictionary attack and the rainbow-table attack on password protected systems. The goals of this chapter are: The dictionary attack, thwarting a dictionary attack with log scanning, cracking passwords with direct table lookup, cracking passwords with hash chains, cracking password with rainbow tables. | Lecture 24: The Dictionary Attack and the Rainbow-Table Attack on Password Protected Systems Lecture Notes on “Computer and Network Security” by Avi Kak (kak@) April 12, 2016 4:03pm c 2016 Avinash Kak, Purdue University Goals: • The Dictionary Attack • Thwarting a dictionary attack with log scanning • Cracking passwords with direct table lookup • Cracking passwords with hash chains • Cracking password with rainbow tables • Password hashing schemes Computer and Network Security by Avi Kak Lecture 24 CONTENTS Section Title Page The Dictionary Attack 3 The Password File Embedded in the Conficker Worm 12 Thwarting the Dictionary Attack with Log Scanning 14 Cracking Passwords with Hash Chains and Rainbow Tables 27 Password Hashing Schemes 40 Homework Problems 51 2 Computer and Network Security by Avi Kak Lecture 24 : THE DICTIONARY ATTACK • Scanning blocks of IP addresses for the vulnerabilities at the open ports is in many cases the starting point for breaking into a network. • If you are not behind a firewall, it is easy to see such ongoing scans. All you have to do is to look at the access or the authorization logs of the services offered by a host in your network. You will notice that the machines in your network are being constantly scanned for open ports and possible vulnerabilities at those ports. • In this lecture I will focus on how people try to break into port 22 that is used for the SSH service. This is a critical service since its use goes way beyond just remote login for terminal sessions. It is also used for secure pickup of email from a mail-drop machine and a variety of other applications. • The most commonly used ploy to break into port 22 is to mount what is referred as a dictionary attack on the port. In a 3 Computer and Network Security by Avi Kak Lecture 24 dictionary attack, the bad guys try a large number of commonly used names as possible account names on the target .