Network Attacks

November 11, 2010, by | Start Discussion

Any method, technique or process used to attack and compromise the security of the network can be termed as a Network attack. There can be a number of motives behind the attacks like fame, terrorism, greed, etc.  A few types of various malicious attacks are covered in this article.

Types of Network Attacks

The common and popular attacks would be

  1. Eavesdropping
  2. Denial-of-Service
  3. Session Hijacking
  4. IP Spoofing
  5. DNS Spoofing
  6. Man-in-the-Middle Attack

Eavesdropping

Eavesdropping is basically the act of secretly listening to the conversation of others, obviously without their permission. This definition can also be applied to network sniffing. In network sniffing, attacker secretly sniffs/listens to the data transmitted thorugh the network. The modules operating would be like this –

A machine is configured to “listen” mode and then it is used to capture the juicy data from the network! This can be done using readily available programs like Cain and Abel, Ehtercap, SSLsniff, etc. 

Denial-of- Service

Wikipedia – A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended respondents. It generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.

Methods of attacks
 

Smurf Attack

These attacks can be destructive. In this attack, an attacker sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses. These packets have spoofed IP address of the source pointing to the victim. To amplify the attack several intermediary sites are selected by the attacker. This results in lots of ping replies (ICMP echo Reply) and thus resulting in victim being compromised.

SYN Flood attack

SYN flood attacks exploits TCP three-way handshake.  In this attack, attacker sends lots of TCP SYN packets to the victim with spoofed source IP address. These packets try to establish connection with the victim. Now what happens is that the victim sends back a TCP SYN-ACK packet and waiting for the response from the source. But as the source address is spoofed the response never comes thus creating half open connections.

This floods the available connection with the server and in the process keeps the server from responding to legitimate traffic.
This flooding if done in large volume can cause DoS.

Distributed Denial-of-service (DDoS) Attack

In DDoS attack, the attacker compromises large number of computers, mostly in different locations. These compromised machines are called as secondary victims or Zombies. Then these zombies are used as attack platform to attack the primary victim.
The zombies or the secondary victims may not be aware that they are being used to attack the primary victim. Trojans and viruses give the control attacker to these machines to launch attacks of the victim.

This attack is difficult to detect as the attack comes from several IP address. This is the most deadly attack of all and not easy to overcome. 

Session Hijacking

Session hijacking exploits computer session between two machines. Here, computer session means connection between two machines.

When a TCP session is established a cookie is used to verify if the session is active or not. The attacker can steal these cookies by sniffing or using the saved cookies on victim’s computer. Since most of authentication is done only at the start of the session, this allows the hacker to assume the identity of the victim and gains the same access to the resources as that of the victim.
 

Types of Session Hijacking attacks
1.    Active
2.    Passive
 

In an Active attack, attacker hijacks an existing session on the network by doing a Man-in-the-middle attack.  This allows the attacker to execute a various commands in order to maintain his access, delete the traces etc. The attacker can create accounts on the network which can be used to gain access later without having to do session hijack every time.
In Passive attack, attacker monitors the ongoing session in the network. This attack uses sniffer tools to sniff around the network and find juicy information!

The third type, Hybrid attack, uses the combination of the above mentioned attacks. This attack is used to sniff and modify the data simultaneously.

IP Spoofing

IP spoofing, also known as IP address forgery, is a technique that replaces the original IP address with another machine’s address  in which an attacker impersonates as a trusted host to conceal his identity, spoof a Web site, hijack browsers, or gain access to a network.

Here's how it works: The attacker obtains the IP address of a legitimate host and alters IP packet headers so that the legitimate host appears to be the source. So now when a visitor types in a URL of a legitimate site, he is taken to a fraudulent web page created by the attacker. For example, if the attacker has spoofed a site, say www.abc.com, then any visitor who types this in the URL  would see spoofed content created by the attacker instead of the original content.

With this kind of attack, the attacker could gain access to juicy information such as passwords, credit cards numbers, etc or install malware or alter the data.

DNS Spoofing

Domain Name Service (DNS) basically transforms a domain name, (say www.example.com) to its IP address (say 11.22.33.44). AND DNS spoofing is a technique where in a DNS entry to point to another IP rather than it is supposed to point to.
There are two methods of DNS spoofing:-

1.    DNS Cache Spoofing: – DNS server cannot store information about all existing domain names and IP addresses in its cache. It is done to avoid constant repetitions of inquiries to login to servers of corresponding domains.


Author bio not avialable

Leave a Reply