Your Quick Guide to Common Attacks
"For a complete guide to security, check out 'Security+ Study Guide and DVD Training System' from Amazon.com"
Denial of Service (DOS/DDOS)
- A denial of service attack is any attack used to achieve the disruption of any service to legitimate users
- DDOS is the 'distributed' form of such an attack where many 'Zombies' that have been taken over by hackers launch simultaneous attacks to achieve a more effective denial of service attack
- Any opening left in a functional piece of software that allows 'unknown' entry into the system / or application without the owners knowledge.
- Many times, back doors are left in by the software creators
- Spoofing is a technique used to gain unauthorized access to computers
- A hacker must first find an IP address of a trusted host
- Once this information is gotten, then the hacker can use this information to make the recipient think that the hacker is the trusted sender
- Please use the link I provided to investigate spoofing deeper. It is very important that you fully understand it
Man in the Middle
- A Man in the Middle attack is when an attacker is able to intercept traffic by placing themselves in the middle of the conversation.
- Man in the Middle attacks involve a malicious attacker intercepting communications and fooling both parties into believing they are communicating with each other when they are really being watched
- The attacker can then do anything to the transmission they are now apart of to include eavesdropping or planting information
- Wireless systems are very susceptible to this form of attack.
- A Replay attack is when a Hacker uses a Sniffer to grab packets off the wire
- After packets are captured, then the hacker can simply extract information from the packets like authentication information and passwords
- Once the information is extracted, the captured data can be placed back on the network or replayed
- This is also called "Session Hijacking"
- A hacker can take over a TCP session between two machines
- A popular method is using source-routed IP packets
- DNS Poisoning is when your DNS files are poisoned with bad information
- In other words, if you have an A record that points to a trusted host, a hacker can change it and point you in the wrong direction for malicious intent
- Weak keys are secret keys with a certain value for which the block cipher in question will exhibit certain regularities in encryption or, in other cases, a poor level of encryption
- Mathematical (or Algebraic) attacks are a class of techniques that rely for their success on block ciphers exhibiting a high degree of mathematical structure
- Most times hackers try to attack the actual 'systems' to exploit their weaknesses
- Another form of attack is to exploit 'end user' weakness
- Exploiting the weakness of human nature to get someone to hand over their credentials to you from either peer pressure or trickery
- A birthday attack is a name used to refer to a class of brute-force attacks
- Please use the link provided to research this deeper. You have to understand hash functions and password cracking to fully understand this and the link provided will do that
- Password Guessing or 'cracking' is the attack on authentication credentials for any given system
- A form of Password Cracking
- Brute Force attacks will try every single key combination known to crack your password.
- The only protection against them is to either have a key length too long to crack anytime in this lifetime, or change the password frequently.
- A form of Password Cracking
- The term 'dictionary' comes from the actual book of known words... this is transferred into a file and loaded into a tool to try to help a hacker to crack your password
- The defense against this is to not use simple to guess and known dictionary words as passwords
- Attacks against a systems bugs or flawed code
- Use Hot Fixes and Service packs to fix them
- The process of running modem scanning tools against a PBX or any given dialup modem for the purpose of penetration.
- A war dialer is a computer program used to identify the phone numbers that can successfully make a connection with a computer modem.
- The program will dial a range of numbers you ask it to dial and will log failure and success ranges in a database
- The process of using an attack tool to penetrate wireless systems from outside the facility where the wireless system sits
- A wireless Ethernet card set to work in promiscuous mode is needed to War drive, and you will also need a powerful antenna if you are going to remain at a distance
- Buffer Overflow attacks take advantage of poorly written code
- If the code will not check the length of variable arguments then it can be susceptible to this kind of attack
- SYN Flood attacks exploit the three-way handshaking mechanism of the TCP/IP protocol
- A large number of half-opened connections is used to deny access to legitimate requestors
- Exploits ICMP
- Performed by transmitting an echo request packet to a network's broadcast address with a spoofed source address
- The victim is then quickly overwhelmed by a large number of echo replies
- Sniffing attacks use protocol analyzers to capture network traffic for password and other data capture
Ping of Death
- Used to attempt to crash your system by sending oversized packets to a host
- Ping of death can actually be run from older versions of Windows, Linux and Cisco routers.
- At a Windows command line, simply type:
ping -l 65550 192.168.1.X
- At a Linux command line, simply type:
ping -s 65550 192.168.1.X
- Port Scanning is performed by running a vulnerability scanner on a system to see what open ports are open
- The second have of the attack is to then exploit whatever you find via other attacks
- A flaw with TCP port 19 where if you connect via the port
- You can run what's called a Character Generator attack
- An exploit that targets IP fragmentation and reassembly code are common
- Numerous attacks have been performed upon the premise of overlapping fragments
- Attacks include: