<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns:o = "urn:schemas-microsoft-com:office:office"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<META content="MSHTML 6.00.2900.3698" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-US
style="FONT-SIZE: 15pt"><FONT face="Times New Roman">Some of Network Security
Issues during the 78<SUP>th</SUP> IETF
Meeting<o:p></o:p></FONT></SPAN></B></DIV>
<DIV>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><B
style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT size=3><FONT
face="Times New Roman">During the network deployment and the operation for the
78<SUP>th</SUP> IETF Meeting, I found some of the network security problems
which are very serious.<o:p></o:p></FONT></FONT></SPAN></B></P>
<H3
style="MARGIN: 13pt 0cm 13pt 21pt; TEXT-INDENT: -21pt; tab-stops: list 21.0pt; mso-list: l0 level1 lfo1"><FONT
face="Times New Roman"><SPAN lang=EN-US
style="mso-fareast-font-family: 'Times New Roman'"><SPAN
style="mso-list: Ignore"><FONT size=5>1.</FONT><SPAN
style="FONT: 7pt 'Times New Roman'">
</SPAN></SPAN></SPAN><SPAN lang=EN-US><FONT size=5>Dos
Attack</FONT></SPAN></FONT></H3>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><B
style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT size=3><FONT
face="Times New Roman">To produce a Dos Attack in a sub-network (wired or
wireless), it just needs to execute the following
command:<o:p></o:p></FONT></FONT></SPAN></B></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><B
style="mso-bidi-font-weight: normal"><SPAN lang=EN-US style="COLOR: red"><FONT
size=3><FONT face="Times New Roman">arpspoof -i wlan0
130.129.112.1<o:p></o:p></FONT></FONT></SPAN></B></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><B
style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT size=3><FONT
face="Times New Roman"><IMG height=262
src="cid:002101cb2ea3$3f28b350$1f01a8c0@tsinghuahvm" width=553
v:shapes="_x0000_i1025"><o:p></o:p></FONT></FONT></SPAN></B></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"
align=center><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT
size=3><FONT face="Times New Roman">Figure 1 Dos Attack in a
Sub-network<o:p></o:p></FONT></FONT></SPAN></B></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><B
style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT size=3><FONT
face="Times New Roman">This will crash the entire sub-network, and this attack
command can be executed by any host in the same sub-network without login as a
legitimate user.<o:p></o:p></FONT></FONT></SPAN></B></P>
<H3
style="MARGIN: 13pt 0cm 13pt 21pt; TEXT-INDENT: -21pt; tab-stops: list 21.0pt; mso-list: l0 level1 lfo1"><FONT
face="Times New Roman"><SPAN lang=EN-US
style="mso-fareast-font-family: 'Times New Roman'"><SPAN
style="mso-list: Ignore"><FONT size=5>2.</FONT><SPAN
style="FONT: 7pt 'Times New Roman'">
</SPAN></SPAN></SPAN><SPAN lang=EN-US><FONT size=5>Username and Password
Eavesdropping during ietf-portal Authentication</FONT></SPAN></FONT></H3>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT
face="Times New Roman" size=3>Even if the ietf-portal authentication web page is
transmitted via the Secure Socket Layer protocol SSL, the username and password
of the login account can still be decrypted by attacker, which can be shown in
Figure 2 and Figure 3.</FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"
align=center><SPAN lang=EN-US><FONT face="Times New Roman" size=3><IMG
height=452 src="cid:002201cb2ea3$3f28b350$1f01a8c0@tsinghuahvm" width=554
v:shapes="_x0000_i1029"></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"
align=center><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT
size=3><FONT face="Times New Roman">Figure 2<SPAN style="mso-tab-count: 1">
</SPAN>Login Account Stolen 每 a user is authenticating by username and password
via SSL <o:p></o:p></FONT></FONT></SPAN></B></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"
align=center><SPAN lang=EN-US><FONT face="Times New Roman" size=3><IMG
height=319 src="cid:002301cb2ea3$3f28b350$1f01a8c0@tsinghuahvm" width=487
v:shapes="_x0000_i1030"></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"
align=center><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT
size=3><FONT face="Times New Roman">Figure 3<SPAN style="mso-tab-count: 1">
</SPAN>Login Account Stolen 每 both the encrypted username and password had been
Eavesdropped and decrypted by attacker<o:p></o:p></FONT></FONT></SPAN></B></P>
<H3
style="MARGIN: 13pt 0cm 13pt 21pt; TEXT-INDENT: -21pt; tab-stops: list 21.0pt; mso-list: l0 level1 lfo1"><FONT
face="Times New Roman"><SPAN lang=EN-US
style="mso-fareast-font-family: 'Times New Roman'"><SPAN
style="mso-list: Ignore"><FONT size=5>3.</FONT><SPAN
style="FONT: 7pt 'Times New Roman'">
</SPAN></SPAN></SPAN><SPAN lang=EN-US><FONT size=5>Application Layer
Attack</FONT></SPAN></FONT></H3>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><B
style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT size=3><FONT
face="Times New Roman">After the login account has been decrypted by the
attacker, he/she can do many attacks as a legitimate user of the network, such
as DHCP attack, DNS attack and Application Layer Protocol attack etc.
<o:p></o:p></FONT></FONT></SPAN></B></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><B
style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT size=3><FONT
face="Times New Roman">In Figure 4, I just show you an example of email account
information eavesdropping attack. <o:p></o:p></FONT></FONT></SPAN></B></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><B
style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT size=3><FONT
face="Times New Roman"><IMG height=187
src="cid:002401cb2ea3$3f28b350$1f01a8c0@tsinghuahvm" width=554
v:shapes="_x0000_i1031"><o:p></o:p></FONT></FONT></SPAN></B></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"
align=center><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT
size=3><FONT face="Times New Roman">Figure 4<SPAN style="mso-tab-count: 1">
</SPAN>Application Layer Attack 每 both the encrypted username and password had
been stolen and decrypted by attacker<o:p></o:p></FONT></FONT></SPAN></B></P>
<H3
style="MARGIN: 13pt 0cm 13pt 21pt; TEXT-INDENT: -21pt; tab-stops: list 21.0pt; mso-list: l0 level1 lfo1"><FONT
face="Times New Roman"><SPAN lang=EN-US
style="mso-fareast-font-family: 'Times New Roman'"><SPAN
style="mso-list: Ignore"><FONT size=5>4.</FONT><SPAN
style="FONT: 7pt 'Times New Roman'">
</SPAN></SPAN></SPAN><SPAN lang=EN-US><FONT size=5>Decryption of Encrypted
Protocol</FONT></SPAN></FONT></H3>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT
face="Times New Roman" size=3>Some attackers can even steal information even if
it is transmitted via encrypted traffic. As an example, In Figure 5, 6 and 7, I
show you the username and password decryption attack in SSH
protocol.</FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT
face="Times New Roman" size=3>To get the encrypted SSH username and password,
the attacker just need to start a simple command shown in Figure 5.
</FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"
align=center><SPAN lang=EN-US><FONT face="Times New Roman" size=3><IMG
height=211 src="cid:002501cb2ea3$3f28b350$1f01a8c0@tsinghuahvm" width=553
v:shapes="_x0000_i1026"></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"
align=center><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT
size=3><FONT face="Times New Roman">Figure 5<SPAN style="mso-tab-count: 1">
</SPAN>SSH Username and Password Decryption 每 Start the SSH Man-In-The-Middle
Attack<o:p></o:p></FONT></FONT></SPAN></B></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT
face="Times New Roman" size=3>During the authentication of SSH username and
password mode (as shown in Figure 6), the information about the username and
password provided by the SSH client is captured and decrypted by the attacker as
shown in Figure 7.</FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"
align=center><SPAN lang=EN-US><FONT face="Times New Roman" size=3><IMG
height=307 src="cid:002601cb2ea3$3f28b350$1f01a8c0@tsinghuahvm" width=548
v:shapes="_x0000_i1027"></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"
align=center><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT
size=3><FONT face="Times New Roman">Figure 6<SPAN style="mso-tab-count: 1">
</SPAN>SSH Username and Password Decryption 每 A SSH Client is authenticating
with the SSH Sever<o:p></o:p></FONT></FONT></SPAN></B></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"
align=center><SPAN lang=EN-US><FONT face="Times New Roman" size=3><IMG
height=315 src="cid:002701cb2ea3$3f28b350$1f01a8c0@tsinghuahvm" width=488
v:shapes="_x0000_i1028"></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"
align=center><B style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><FONT
size=3><FONT face="Times New Roman">Figure 7<SPAN style="mso-tab-count: 1">
</SPAN>SSH Username and Password Decryption 每 The encrypted username and
password have been decrypted by attacker<o:p></o:p></FONT></FONT></SPAN></B></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><B
style="mso-bidi-font-weight: normal"><SPAN lang=EN-US><o:p><FONT
face="Times New Roman"
size=3> </FONT></o:p></SPAN></B></P></FONT></DIV></BODY></HTML>