1 / 65

Attacking Networks Types of Attacks

Attacking Networks Types of Attacks. Broadly speaking, there are two types of attacks: External Attacks . These come from computers outside of the local network. Internal Attacks . These come from computers inside the local network. Attacking Networks Types of Attacks.

zarek
Download Presentation

Attacking Networks Types of Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Attacking NetworksTypes of Attacks • Broadly speaking, there are two types of attacks: • External Attacks. • These come from computers outside of the local network. • Internal Attacks. • These come from computers inside the local network.

  2. Attacking NetworksTypes of Attacks • Both internal and external attacks use the same exploits.

  3. Attacking NetworksTypes of Attacks • But, it is worthwhile treating external and internal attacks separately • Because network security measures tend to concentrate on watching for and stopping attacks coming into a network from the outside.

  4. Attacking NetworksTypes of Attacks • This is especially true for attacks coming from networks outside of an organization.

  5. Attacking NetworksTypes of Attacks • Both external and internal attacks can take the following form. • Intrusion-based attacks • Service interruption-based attacks • Resource-based attacks. • Data-based attacks.

  6. Attacking NetworksIntrusion-based Attacks • Intrusion-basedattacks are attempts to gain access to a system. • The goal is to gain system administrator access to the computer system.

  7. Attacking NetworksService Interruption-based Attacks • The second major class of attacks are Service Interruption-based Attacks. • The goal of these attacks are to prevent the computers from doing their job. • Some examples, • Making them so busy they crash, or cannot respond to requests from clients. • Sending them so many packets that they are inaccessible for potential clients.

  8. Attacking NetworksService Interruption-based Attacks • These attacks are specifically designed to limit access to these computers. • Particularly customers and employees of online companies and organizations.

  9. Attacking NetworksService Interruption-based Attacks • Popular attack of this type are • Denial of Service (DOS) attacks - Flooding the computers or the network itself with packets to make the servers inaccessible. • Web page corruption attacks - Break in to a site’s web servers and change the web pages they host.

  10. Attacking NetworksService Interruption-based Attacks • DOS attacks do not require an attacker to break in to a computer • Just keep others from accessing it.

  11. Attacking NetworksService Interruption-based Attacks • A web page defacement does require that an attacker gain at least partial access to a computer • In order to change the web pages it serves.

  12. Denial of Service

  13. Attacking NetworksDenial of Service • A classic DOS attack was the SYN flood • The attacker computer sends a stream of TCP SYN messages to the victim’s computer. • The victim computer responds to all of the SYN messages, startingupaconnectionforeachone. • The attacker does not respond to the victim’s ACK/SYN messages with ACKs. • The overhead from maintaining all of these open connections slows down the victim computer, disabling it or perhaps even causing it to crash.

  14. Attacking NetworksDenial of Service • There are many variations of the DOS attack. • They exploit different weaknesses of the network protocols.

  15. The Ping of Death

  16. Attacking NetworksICMP • The Internet Control Message Protocol (ICMP) allows routers to send error and control messages to other computers, especially routers, on the network. • ICMP operates at the network (routing) layer of the TCP/IP stack.

  17. Attacking NetworksPing • The most widely used ICMP message is the ping. • Basically, ping is used to see if packets are reaching a particular computer. • The client sends a ping request, and when it receives it, the server responds with a reply.

  18. Attacking NetworksPing • The ping of death uses the ICMP ping to DOS a computer by crashing it. • It does this by sending an illegally large ping packet. • In this case, more than 65,536 bytes. • The packet causes a buffer overflow that crashes the computer.

  19. Attacking NetworksPing • Modern versions of all major operating systems have fixed this vulnerability, and now check incoming ICMP packets to prevent a buffer overflow of this type.

  20. The Smurf Attack

  21. Attacking NetworksBroadcast • Normally, packets are sent to a single recipient. • But, they can be broadcast - sent to all computers on the local network.

  22. Attacking NetworksSmurf • The Smurf attack broadcasts a ping to all of the machines on a local network. • It forges (spoofs) the return address of the ping packet to be that of the victim. • All of the machines receiving the broadcast ping then send reply packets to the victim.

  23. Attacking NetworksSmurf • If enough computers (possibly thousands) receive the forged ping request, the sheer number of reply packets can crash the victim computer, or clog the network.

  24. Attacking NetworksSmurf • There is really no way for a potential victim to harden their computer against this attack.

  25. Attacking NetworksSmurf • Computers and networks can help prevent themselves from being used as intermediaries in the attack. • Computers do not reply to broadcast pings. • Block broadcast packets at the router. • This can help the potential intermediary, as they can also be a victim if the reply packets swamp their local network.

  26. Traffic Redirection

  27. Attacking NetworksDenial of Service • Traffic redirection DOS attacks make it impossible for packets to reach a server by altering information in routing tables. • In essence giving bad directions for routing packets.

  28. Attacking NetworksDenial of Service • DNS attack DOS attacks make a server’s site inaccessible by keeping client computers from getting a server’s IP address. • This is done by either • attacking and co-opting a DNS server, or • having clients access a fake DNS server controlled by the attacker. • The malicious DNS server then gives bad translations for the victim’s server.

  29. Attacking NetworksDenial of Service • As networks and server computers become faster and more robust, it is more difficult for an attacker to mount classic DOS attacks on an Internet site.

  30. Attacking NetworksDenial of Service • To counter this, attackers have taken to using Distributed Denial of Service (DDOS) attacks. • In a DDOS attack, large numbers of computers simultaneously connect to or otherwise attack a victim’s site.

  31. Attacking NetworksDenial of Service • Attackers get the large numbers of computers necessary for a DDOS attack by using large numbers of zombie computers that have been previously attacked and take over using viruses, worms, etc. • These zombies are given commands to take part in the DDOS attack.

  32. Session Hijacking

  33. Attacking NetworksSession Hijacking • A DOS attack that keeps a victim computer from responding over the network may allow the attacker to do a session hijacking attack to the victim.

  34. Attacking NetworksSession Hijacking • In a session hijacking attack, the attacker disables a computer in the middle of a network connection, and then impersonates the disabled computer.

  35. Attacking NetworksSession Hijacking • The computer at the other end of the hijacked connection still thinks it is connected to the original, disabled computer. • This may allow the attacker to access valuable information from the computer at the other end of the connection it has hijacked.

  36. Resource-based Attacks

  37. Attacking NetworksResource-Based Attacks • Resource-based attacks are designed to gain access to additional resources for the attacker. • Basically, taking over machines in order to set up illicit servers on them.

  38. Attacking NetworksResource-Based Attacks • Some resource-based attack examples -

  39. Attacking NetworksResource-Based Attacks • Data storage (ftp) servers to store files (e.g. illicit copies of software and media). • Warez.

  40. Attacking NetworksResource-Based Attacks • Message (IRC) servers to host chat sessions.

  41. Attacking NetworksResource-Based Attacks • Mail servers to send spam.

  42. Attacking NetworksResource-Based Attacks • Computers from which to launch subsequent attacks (zombies, bots).

  43. Attacking NetworksResource-Based Attacks • Resource-based attacks typically are intrusion attacks. • That is, the attacker gains control of the computer in order to set up their desired illicit server(s).

  44. Data-based Attacks

  45. Attacking NetworksData-Based Attacks • Data-based attacks are designed to steal or modify data. • Basically, high-tech theft and fraud. • These are also intrusion-based attacks, so the attacker can gain access to the data to steal or alter it.

  46. Attacking NetworksData-Based Attacks • Recent thefts of credit card data from a credit card purchase processing firm are high profile data-based attacks. • The attackers stole large number of credit card numbers, and possibly other data that can be used for fraudulent purchases or possibly identity theft.

More Related