Upload File

categories of attacks

5
Categories of Attacks When talking about a specific type of a security threat, it typically is categorized by using one of the following terms: A. Reconnaissance attacks B. Access attacks C. Denial of service (DoS) attacks A. Reconnaissance attacks In a reconnaissance attack, a hacker tries to gain information about your network, including its topology, the devices that reside inside it, the software running on them, and the configuration that has been applied to these devices. The hacker then uses this information to execute further attacks, such as DoS or access attacks. Reconnaissance attacks come in different types, including the following: A.1 Scanning The most common type of reconnaissance attack is a scanning attack. 1. A network scanning attack occurs when a hacker probes the machines in your network, a network scan tells the hacker only that there are machines in your network with a configured IP address; it does not tell what services are running on these machines 2. port-scanning utility probes the port numbers of a machine to detect whether a service is running. Using this approach, a hacker can determine whether the machine is running SMTP, Telnet, FTP, WWW, or other services A.2 Eavesdropping Eavesdropping is the process of examining packets as they are in transit between a source and destination device 1. protocol-analyzer tool to perform eavesdropping B. Access attacks A hacker attempts to gain unauthorized or illegal access to your network and its resources, particularly resources such as file, e-mail, and web servers B.1 Unauthorized Access Attack A hacker tries to gain illegal access to equipment in your network.

Upload: qais-saif-qassim

Post on 28-Mar-2015

87 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Categories of Attacks

Categories of Attacks

When talking about a specific type of a security threat, it typically is categorized by using one of the following terms:

A. Reconnaissance attacksB. Access attacksC. Denial of service (DoS) attacks

A. Reconnaissance attacks

In a reconnaissance attack, a hacker tries to gain information about your network, including its topology, the devices that reside inside it, the software running on them, and the configuration that has been applied to these devices. The hacker then uses this information to execute further attacks, such as DoS or access attacks. Reconnaissance attacks come in different types, including the following:

A.1 Scanning

The most common type of reconnaissance attack is a scanning attack.

1. A network scanning attack occurs when a hacker probes the machines in your network, a network scan tells the hacker only that there are machines in your network with a configured IP address; it does not tell what services are running on these machines

2. port-scanning utility probes the port numbers of a machine to detect whether a service is running. Using this approach, a hacker can determine whether the machine is running SMTP, Telnet, FTP, WWW, or other services

A.2 Eavesdropping

Eavesdropping is the process of examining packets as they are in transit between a source and destination device

1. protocol-analyzer tool to perform eavesdropping

B. Access attacks

A hacker attempts to gain unauthorized or illegal access to your network and its resources, particularly resources such as file, e-mail, and web servers

B.1 Unauthorized Access Attack

A hacker tries to gain illegal access to equipment in your network.

1. Guessing passwords2. protocol analyzer 3. Accessing a password file4. social engineering

B.2 Data-Manipulation Attack

Hacker changing information, these changes could be something as simple as modifying file contents on a file server or something as sophisticated as changing packet contents as they are in transit from a source to a destination machine.

Page 2: Categories of Attacks

B.3 Session Attacks

In a session attack, a hacker attacks a session layer connection, hoping either to use this information to mount another attack, or, through subterfuge, to take over the session in which he pretends to be either the source or the destination device. Four general categories of session attacks exist:

1. Masqueradingis an attack method that a hacker uses to hide his identity. He pretends to be a different machine by changing his source address in his IP packets. In TCP/IP, this form of an attack is called IP spoofing. To carry out an IP spoofing attack, a hacker typically uses a software program that changes the source address of packets

a. Hpingb. Nemesisc. IP spoofing

2. Session replayWhen a hacker executes a session-replay attack, he captures (actually, eavesdrops on) packets from a real session data transfer between two devices with a protocol analyzer. Then he uses this information to execute an attack on the source device, the destination, or both, at a later time.

3. Session hijackingA hacker attempts to take over an existing session between two computers. A session-hijacking attack typically involves a handful of other attacks, such as masquerading, eavesdropping, and data manipulation

4. RepudiationIs a process in which you cannot prove that a transaction took place between two entities. The goal of the hacker is to perform repudiation when executing session layer attacks.

B.4 Virus, Trojan Horse, and Worm Attacks

Viruses, worms, and Trojan horses are probably the most well-known attacks on computer systems because these are the most publicized, as well as the most likely to affect the general user public. Many different views actually exist regarding the definition of these three types of attacks.

1. a virus is a program or a piece of code that is loaded onto and run on your computer without your knowledge. Many viruses also replicate themselves to spread their damage. Unlike bugs, viruses are manmade.

2. A worm is a program that replicates itself over a network with some malicious intent in mind, such as crashing a system or using up all the resources on the system. Many people view viruses and worms as the same type of attack.

3. A Trojan horse is a program loaded onto your computer that acts as a benign application, waiting for the user to activate it through normal computer and application activity. Unlike viruses and worms, Trojan horses do not replicate themselves. Sometimes Trojan horses pretend to be your antivirus software or replace it, hoping to add instead of remove viruses from your system.

C. Denial of service (DoS) attacks

C.1 Application Attack

An application attack is simply an attack against an application running on a server. Hackers typically attack such popular applications as Microsoft's IIS web server, web browsers such as Microsoft Internet Explorer and Netscape Navigator, and e-mail applications such as Sendmail and Microsoft Exchange and Outlook because of their widespread use. Hackers try various methods, such as buffer overruns and e-mail bombs, to disable a system or to send information back to the hacker to be used for other types of attacks.

Page 3: Categories of Attacks

C.2 E-Mail Bomb

An e-mail bomb is a form of an attack that a hacker uses to tie up e-mail resources on your system or possibly even compromise the security of your e-mail server. An unsophisticated hacker typically sends large messages to your e-mail server, hoping to fill up the disk space and crash it. A sophisticated hacker, on the other hand, includes Trojan horses, viruses, or worms that either are embedded in the e-mail or are included as an attachment. If a user activates these, they can cause damage to your system or open a security hole that will allow a hacker into the networking device.

C.3 CPU Hogging Attack

CPU hogging is a type of attack that affects the CPU cycles of a service. This is a general category of a DoS attack in which more specific attacks, such as packet fragmentation or chargen, are used.

C.4 Chargen Attack

Chargen is a character generator that produces serialized character output. Typically, chargen uses UDP, but it can be implemented with TCP. Chargen runs on port 19 and usually is enabled on most operating systems. Hackers sometimes send garbage data to this port, hoping that your resource will process this information and thus take away CPU cycles from other legitimate processes on the resource.

C.5 Packet Fragmentation And Reassembly Attack

A packet fragmentation and reassembly attack is an ingenious attack in which a hacker sends hundreds of fragments to a destination service, hoping that the destination device will perceive these as valid connections and thus waste both buffer space and CPU cycles to process them. A good hacker makes this flood of fragments appear as a set of legitimate connections, which can cause a buffer overrun on the destination and possibly crash the machine. Even if the machine does not crash, the hacker is tying up buffer space, which prevents legitimate traffic from being processed.

C.6 Land.c Attack

Land.c is a program that sends TCP segments to a destination where both the source address and destination are the same in the packet. Upon receiving the packet, the destination tries to forward the packet to itself. To make it even more confusing for the destination device, the packet might contain the same port number for both the source and the destination. In some instances, this can cause the device to try repeatedly to establish connections to itself, tying up resources.

C.7 Java Or Activex Scripts Attack

Hackers sometimes use Java or ActiveX scripts to create malicious applets. When downloaded to user's desktop, these applets sometimes can damage the user's file system or send information back to the hacker that he then can use to attempt further attacks.

C.8 Ping Of Death Attack Attack

A ping of death attack is one of my favorite attacks because of its simplistic beauty. A hacker sends a single ICMP message with an offset field indicating that the data is larger than 65,535 bytes. On some systems, this crashes the device. When this bug was discovered, for a period of two or three days, many companies were disconnecting their connection to the Internet to prevent hackers and curious people from bringing down their resources.

C.9 Rerouting Attack

Page 4: Categories of Attacks

One of the most difficult attacks to implement is an attack on your router's routing protocols, called a rerouting attack. In this type of attack, a hacker tries to feed your routers with either bad routing information that will cause your packets to be routed to a dead end, or misinformation that will cause your packets to be routed back to the hacker so that he can perform eavesdropping and use this information to execute another attack. Typically, a hacker uses a protocol analyzer and special software to implement this type of attack.

C.10 TCP SYN Flood Attack

TCP SYN flood attacks occur when a hacker floods a particular service with TCP SYN segments without any intent of completing the connection. With this kind of attack, the hacker basically is tying up the connection resources on a particular server.

C.11 Smurf Attack

Smurf attacks occur when a hacker sends ICMP traffic to a destination (a directed broadcast address) but replaces its own source IP address in the packet header with the IP address of the device that it wants to attack. When the ICMP traffic reaches the destination network, the devices respond to the spoofed source address, which is the device that the hacker wants to flood.

C.12 WinNuke Attack

WinNuke is a program that was developed to take advantage of a bug in certain versions of Microsoft operating systems, including 95, 98, Me, XP, NT, and 2000. The hacker sends out-of-band information to port 139, hoping to bring down the server.

C.13 IP Spoofing Attack

Most DoS attacks use IP spoofing


CATEGORIES OF ADOPTERS

Categories of Aspects

SECURE, PREVENT AND PROTECT - NCR · Typically, these attacks fall into three major categories: • Black box attacks • Malware in the network • Malware installed on the ATM In

Attacks Attacks AND Attacks!

Categories Of Behavior

Enriched Categories, Internal Categories and Change of Base

Effects of Bullying. The 4 categories of bullying Physical victimization Verbal victimization Social exclusion (exclusion from peer group) Attacks on

CATEGORIES OF COMPUTERS

Denial of Service Attacks - cs.columbia.edusmb/classes/f06/l22.pdf · Denial of Service (DoS) Attacks Denial of Service Attacks Denial of Service (DoS) Attacks History What Can be

Universal DDoS Mitigation Bypass - Black Hat Briefings · PDF filefending against “Kill ’em All”-type attacks. 2 DDoS Attack Categories The crudest form of DDoS attack are

Stable model categories are categories of modules · Stable model categories are categories of modules ... i.e., as spectrum valued diagram categories. We also prove a Morita theorem

Conceptualizing syntactic categories as semantic categories: Unifying part … · 2019-05-28 · Conceptualizing syntactic categories as semantic categories: Unifying part-of-speech

NAVAL POSTGRADUATE SCHOOL“Mumbai-style” attacks, the consequences of terrorism can no longer be neatly classified into traditional hazardous materials’ categories that include

Categories of Satellites

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks

Categories of effects

RADIOGRAPHY OF ATTACKS

Categories Of Animals

Categories of Numbers

Categories of art

Classifying Categories of SCADA Attacks in a Big Data

“Categories” of Stuff

A Taxonomic Approach for Classifying and Identifying ... · handle attacks by organizing them into taxonomic categories. Because attacks can often be similar in modality but require

WEB APPLICATION SECURITY: SHELL ACCESSindex-of.es/Attacks/XSS injection attacks/master... · OWASP Top 10, McGraw’s 7 Vulnerability categories or WE/SANS 25 Top Most Dangerous Vulnerabilities

Categories of Evidence

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks

Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks

Dissecting Social Engineering Attacks · Dissecting Social Engineering Attacks “A trend reported during the first half of 2012 is the increase of targeted attacks. These attacks

STABLE MODEL CATEGORIES ARE CATEGORIES OF MODULES …bshipley/classTopFinal.pdf · STABLE MODEL CATEGORIES ARE CATEGORIES OF MODULES ... topy theory and homological algebra. Speci

Categories of Tawheed

Chapter 9 Phase 3: Denial-of-Service Attacks. Fig 9.1 Denial-of-Service attack categories

Categories of Illustration

Categories of industry

Categories of Functors

Mobile and Embedded Computing · LINGI2146 Project RPL Attacks Framework 2.2. Tested attacks From the three discussed categories, our goal is to choose a sample of attacks and to