Any method, technique or process used to attack and compromise the security of the network can be termed as a Network attack. There can be a number of motives behind the attacks like fame, terrorism, greed, etc. A few types of various malicious attacks are covered in this article.
The common and popular attacks would be
EavesdroppingDenial-of-ServiceSession HijackingIP SpoofingDNS SpoofingMan-in-the-Middle AttackEavesdropping is basically the act of secretly listening to the conversation of others, obviously without their permission. This definition can also be applied to network sniffing. In network sniffing, attacker secretly sniffs/listens to the data transmitted thorugh the network. The modules operating would be like this -
A machine is configured to “listen” mode and then it is used to capture the juicy data from the network! This can be done using readily available programs like Cain and Abel, Ehtercap, SSLsniff, etc.
Wikipedia - A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended respondents. It generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.
Smurf Attack
These attacks can be destructive. In this attack, an attacker sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses. These packets have spoofed IP address of the source pointing to the victim. To amplify the attack several intermediary sites are selected by the attacker. This results in lots of ping replies (ICMP echo Reply) and thus resulting in victim being compromised.
SYN Flood attack
SYN flood attacks exploits TCP three-way handshake. In this attack, attacker sends lots of TCP SYN packets to the victim with spoofed source IP address. These packets try to establish connection with the victim. Now what happens is that the victim sends back a TCP SYN-ACK packet and waiting for the response from the source. But as the source address is spoofed the response never comes thus creating half open connections.
This floods the available connection with the server and in the process keeps the server from responding to legitimate traffic.
This flooding if done in large volume can cause DoS.
Distributed Denial-of-service (DDoS) Attack
In DDoS attack, the attacker compromises large number of computers, mostly in different locations. These compromised machines are called as secondary victims or Zombies. Then these zombies are used as attack platform to attack the primary victim.
The zombies or the secondary victims may not be aware that they are being used to attack the primary victim. Trojans and viruses give the control attacker to these machines to launch attacks of the victim.
This attack is difficult to detect as the attack comes from several IP address. This is the most deadly attack of all and not easy to overcome.
Session hijacking exploits computer session between two machines. Here, computer session means connection between two machines.
When a TCP session is established a cookie is used to verify if the session is active or not. The attacker can steal these cookies by sniffing or using the saved cookies on victim’s computer. Since most of authentication is done only at the start of the session, this allows the hacker to assume the identity of the victim and gains the same access to the resources as that of the victim.
Types of Session Hijacking attacks
1. Active
2. Passive
In an Active attack, attacker hijacks an existing session on the network by doing a Man-in-the-middle attack. This allows the attacker to execute a various commands in order to maintain his access, delete the traces etc. The attacker can create accounts on the network which can be used to gain access later without having to do session hijack every time.
In Passive attack, attacker monitors the ongoing session in the network. This attack uses sniffer tools to sniff around the network and find juicy information!
The third type, Hybrid attack, uses the combination of the above mentioned attacks. This attack is used to sniff and modify the data simultaneously.
IP spoofing, also known as IP address forgery, is a technique that replaces the original IP address with another machine’s address in which an attacker impersonates as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network.
Here's how it works: The attacker obtains the IP address of a legitimate host and alters IP packet headers so that the legitimate host appears to be the source. So now when a visitor types in a URL of a legitimate site, he is taken to a fraudulent web page created by the attacker. For example, if the attacker has spoofed a site, say www.abc.com, then any visitor who types this in the URL would see spoofed content created by the attacker instead of the original content.
With this kind of attack, the attacker could gain access to juicy information such as passwords, credit cards numbers, etc or install malware or alter the data.
Domain Name Service (DNS) basically transforms a domain name, (say www.example.com) to its IP address (say 11.22.33.44). AND DNS spoofing is a technique where in a DNS entry to point to another IP rather than it is supposed to point to.
There are two methods of DNS spoofing:-
1. DNS Cache Spoofing: - DNS server cannot store information about all existing domain names and IP addresses in its cache. It is done to avoid constant repetitions of inquiries to login to servers of corresponding domains.
Now data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. Its maliciously crafted attack on the name server. It may also result from improper software design of DNS applications.
The second variant of the attack directed on substitution DNS, consists in change of a server cache DNS.
2. DNS ID spoofing:- The heading of a package of the DNS-protocol contains an identification field for conformity of inquiries and answers. The purpose of substitution DNS ID is to send the answer to DNS-inquiry before the present DNS-server will answer. For performance of it, it is necessary to predict the identifier of inquiry. Locally it is realized by simple listening of the network traffic.
In Man-in-the-Middle (MITM) attack, the attacker intercepts the traffic between two machines and make the victims believe that they are talking directly to each other, when in fact their conversation is controlled by the attacker.
The attacks starts with sniffing and eavesdropping and after the attacker gains access to the conversation, he can extract juicy information like passwords, credit cards numbers, etc. or can alter the data, install malwares.
No comments:
Post a Comment