The last day of HES has begun with a conference about new generation of botnets presented by Itzik Kotler and Ziv Gadot from Radware. According to their presentation, lots of technologies have been introduced by botnets so it's one reason why they are interested. Of course, botnets are also re-using technologies invited by researchers and others people. Botnet masters use different kinds of protocols to communicate with theirs botnets, for example HTTP (Twitter...), IRC or P2P network architecture can be used. If we analyse Conficker, we can see that in its 3 first versions (A, B, C), it was based on HTTP and random domain name to communicate. Last versions (D, E) was based on a more flexible communication way : the P2P.
An important thing that a botnet master wants for his botnet is that it is SPOF (Single Point Of Failure) resilient. The utilization of protocols like HTTP permits to blend botnet traffic into the common traffic which will pass organization security policy, work behind NAT and minimize potential network footprint.
Their aim was to do a blend botnet with SPOF resilience, so they have looked to communication methods which respond to this criteria :
- Internet clipboard e.g. pastebin.com
- Disposable E-mail Address (DEA)
- User generated content e.g. comments on cnn.com
- Url shortening e.g. tinyurl.com
They have introduced the "room concept" which correspond to the communication method. It's possible to use private room to communicate with one bot, this will send an unicast message. The negotiation of the room between the bot and the bot master is a 4 steps action, I advise you to look slides it's very well explained. Their proof of concept is written in python and is called Turbot (this name has no relation with the speed of their botnet, because at this moment it's quite slow). We didn't have a demonstration of their botnet POC because of a network problem at the conference. [Slides]
After the lunch, Renaud Lifchitz has started the afternoon with a very interesting talk which was the first in french (2 others will follow). First, I will define "clock-skewing". This is a little clock variation in comparison to a reference clock. The aim is to create a footprint from clock-skewing (because all clock are different), so the measure precision is very important.
A computer has 2 clocks :
- hardware clock (Real Time Clock)
- software/system clock managed by the OS
A computer has 2 clocks :
- hardware clock (Real Time Clock)
- software/system clock managed by the OS
Here, it's the second clock which is interesting. To measure clock-skewing, Renaud takes an interest in NTP protocol which contact atomic clock using UDP on port 123. According to the time difference between the atomic clock and the system clock, NTP will increase or slow down clock rate to put right the time (if time changements will be curt, some processes could be disturbed). NTP is the most precise method to measure time, but it's also possible by sniffing packets or by sending ICMP Timestamp request (Type 13, Code 0) and answer is ICMP Timestamp reply (Type 14) wich return number of millisecond after midnight. So Renaud has chosen NTP for its precision.
These are steps to fingerprint a machine :
- every 5 seconds, adjust the clock (of your computer) with a NTP server and save victim's timestamp
- after 1 or 2 minutes, you will be able to have a precise fingerprint (which correspond to an average skew).
This method can be used to identify a stolen hardware on a LAN (even if IP address, MAC address and hard drive have changed it works, but not if operating system has changed), detect virtual machines (all VM can have the same clock than host machine) ... But there are some disadvantage with this method, it's imprecise on the Internet and results can be affected by network latency, temperature variation, altitude and victim's activity. To protect you against this fingerprint method, you can often sync your clock (every 5-10 seconds) and disabled TCP/ICMP Timestamp Request/Replies. [Slides]
This talk has been followed by another french one named "A5/1 application & crack via GPU" and presented by Gloire Gwendal (Kalkulator’s Knights Project). He has presented the A5 protocol family :
- A5/1 http://en.wikipedia.org/wiki/A5/1
- A5/2 http://en.wikipedia.org/wiki/A5/2
- A5/3 http://en.wikipedia.org/wiki/A5/3
A5/1 is a weak encryption algorithm wich use only a 64 bits key in theory (and 54 in practice because 10 are fixed to zero). Because of its weakness, lots of researcher have tried to owned A5/1 :
- 1997 : first attack, A5/1 complexity reduction
- 1999 : publication of A5/1 which has been discovered by Reverse Engineering
- 2000 : some complexity reductions
- 2003-2004 : attacks on the key
- december 2009 : Karsten Nohl announced his attack during the Chaos Computer Congress. It's a rainbow table attack which can be done in 30 minutes. A demonstration will be done in august 2010.
There is few risks to see attacks on A5/1 in a near future, because a superpower calculation is needed (GPU cluster, FPGA cluster ...) and rainbow table generation needs some months. [Slides]
Then Julien Vanegue from Microsoft has talked about "Automated vulnerability analysis of zero-size heap allocations" [Slides] and this conference day ended with the conference "Stack Smashing Protector in FreeBSD" presented by Paul Rascagneres (in french). [Slides]
These are steps to fingerprint a machine :
- every 5 seconds, adjust the clock (of your computer) with a NTP server and save victim's timestamp
- after 1 or 2 minutes, you will be able to have a precise fingerprint (which correspond to an average skew).
"more imprecise is victim's clock, more precise is fingerprint"
This talk has been followed by another french one named "A5/1 application & crack via GPU" and presented by Gloire Gwendal (Kalkulator’s Knights Project). He has presented the A5 protocol family :
- A5/1 http://en.wikipedia.org/wiki/A5/1
- A5/2 http://en.wikipedia.org/wiki/A5/2
- A5/3 http://en.wikipedia.org/wiki/A5/3
A5/1 is a weak encryption algorithm wich use only a 64 bits key in theory (and 54 in practice because 10 are fixed to zero). Because of its weakness, lots of researcher have tried to owned A5/1 :
- 1997 : first attack, A5/1 complexity reduction
- 1999 : publication of A5/1 which has been discovered by Reverse Engineering
- 2000 : some complexity reductions
- 2003-2004 : attacks on the key
- december 2009 : Karsten Nohl announced his attack during the Chaos Computer Congress. It's a rainbow table attack which can be done in 30 minutes. A demonstration will be done in august 2010.
There is few risks to see attacks on A5/1 in a near future, because a superpower calculation is needed (GPU cluster, FPGA cluster ...) and rainbow table generation needs some months. [Slides]
Then Julien Vanegue from Microsoft has talked about "Automated vulnerability analysis of zero-size heap allocations" [Slides] and this conference day ended with the conference "Stack Smashing Protector in FreeBSD" presented by Paul Rascagneres (in french). [Slides]
These 3 days at Hackito Ergo Sum in Paris was very interesting, I'm very happy to have assisted to these different talks and I think that I'll be present at HES2011. I want thank HES team for its work and I want to say : "See you in 2011 ;)".
If you read some errors or want make some remarks, don't hesitate comments are here for that.