chapter 3 classes of attack. introduction network attacks come from both inside and outside...
TRANSCRIPT
CHAPTER 3
Classes of Attack
INTRODUCTION
Network attacks come from both inside and outside firewall.
Kinds of attacks: 1. Denial-of-service 2. Information Leakage 3. File Alteration 4. Misinformation 5. Database Access
DENIAL-OF-SERVICE (DoS)
This kind of attack unauthorized the availability of the resource to its regular authorized users.
Types of DoS: 1. Degrading Processes 2. Degrading Storage Capability 3. Destroying Files 4. Shutting Down
DENIAL-OF-SERVICE (DoS)
Degrading Processes 1. The attacker reduces performance by
overloading the target system, either by spawning multiple processes to eat up all available resources or spawning enough processes to overload CPU. Example: A simple UNIX fork bomb.
2. The attacker attack a network application such as File Transfer protocol (FTP) or Simple Mal Transfer Protocol (SMTP) by sending a flood of network.
DENIAL-OF-SERVICE (DoS)
3. The attacker attack a network service such as Internet protocol (IP) or the Internet Control Message Protocol (ICMP) also by sending a flood of network.
Examples of DoS attacks that degrade processes are:
1. Snork 2. Chargen 3. Smurf 4. SYN flood
DENIAL-OF-SERVICE (DoS)
Snork and Chargen affect Windows NT. Snork enables the attacker to send spoofed
Remote Procedure Call (RPC) datagrams to the User Datagram Protocol (UDP) destination port 135.
Chargen enables attacker sent a flood of UDP datagrams from a spoofed source IP to port 19.
Smurf performs a network-level against the target host.
SYN flood is accomplished by sending TCP connection request faster than a system can process them.
DENIAL-OF-SERVICE (DoS)
Degrading Storage Capability Attacker uses all of the given storage resources on
the target machine, such as spamming a mail server. For example: The Love Letter worm that use Windows and Exchange Server as their mail platform.
Destroying Files This type of DoS attack is a less often occur. The attacker delete files on the target server to
render it unusable. For example: A strain of Love Bug worm that overwrites all .bat, .com and .sys files on the system.
DENIAL-OF-SERVICE (DoS)
Shut Down Systems This kind of DoS enable attacker shutting down
the computer systems. For example: Ping of Death caused a great many windows NT machines to face the blue screen of death.
Distributed Denial-of-Service (DDoS) This is the newest threat of DoS and depends on
the use of a client, masters and daemons. The attackers use the client to initiate the attack
by using masters, which are compromised hosts that have a special programs running on them.
DENIAL-OF-SERVICE (DoS)
Some of the DDoS tools includes: 1. Trinoo 2. Tribe Flood Network 3. Stacheldraht 4. Shaft 5. Mstream
INFORMATION LEAKAGE
The attacker enable to get much information on the target as possible.
This class of attack can occur in many ways: 1. The attacker may use finger or Domain
Name System (DNS) to gather information about the users on your network.
2. The advertising of search engine can help attacker determine the type of web server being used.
INFORMATION LEAKAGE
3. It also can occur in SMTP or application banners (from telnet) because these items can give a piece of information about network.
Some tools used by individuals to gain information about network include port scanners and operating system detection software. For example, one of the best tool is nmap by Fyodor.
FILE ALTERATION
The attacker have capability to alter file includes create, read, modify and remove files from systems on the network.
In the past, attacker can create and remove files on systems utilizing Network File System (NFS) by utilizing vulnerabilities in statd (NFS file-locking status monitor).
MISINFORMATION
The attacker erase all their tracks to the system.
Bad logs The attacker go to the log files (after gaining root
server) to remove all traces of themselves. Attack noise It can be designed as simply diversionary tactic.
It means while user concentrate on defending area that being attacked, the reality is the attacker comes from the area which the defense are low.
DATABASE ACCESS
The attacker may try to gain access to a special file or database.
There are some area concerned by attackers to attack:
1. Use system’s operating system. For example: Attacker attack Registry (use to store operating parameters in Windows NT). By default, it can be controlled by Service Pack.
2. Attacker use the database user permission to gain the access.
To be continued…