Upload
idsecconf
View
651
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
BRUTE FORCE, DICTIONARY ATTACK,AND THE IMPLEMENTATION
Linggar PrimahastokoIDSECCONF 2011
BACKGROUND
Public Information Sensitive Secured System
WHY ?
SQL INJECTION X REMOTE FILE INCLUSION X DIRECT URL ACCESS X …. X …. X DICTIONARY ATTACK ? BRUTE FORCE ?
BRUTE FORCE
TRY THE VARIETY KEYS
BRUTE FORCE
LIMITING THE BRUTE FORCE
DICTIONARY ATTACK
TRY THE POSSIBLE KEYS
DICTIONARY ATTACK
Implementation
Looking for the wrong sign Check that there are no wrong sign if it's true Make the automation
system
keys
attacker1. Looking for the wrong sign
2. G
et th
e ke
y on
e by
one
3. Try the key
4. if there is a wrong sign,back to second step
5. if there is no wrong sign,save the key and exit
The Enemies
Connection Firewall Captcha Limit Login Attempt Time
Conclusions
Simple way to make a simple brute force attack Need more additional way to secure the system No system that 100% secure
THANK YOU