Network Attacks
- Denial of service (DoS)
- Attempts to prevent system from performing normal functions
- Ping flood attack
- Ping utility used to send large number of echo request messages
- Overwhelms Web server
- Smurf attack
- Ping request with originating address changed
- Appears as if target computer is asking for response from all computers on the network
- SYN flood attack
- Takes advantage of procedures for establishing a connection
- Distributed denial of service (DDoS)
- Attacker uses many zombie computers in a botnet to flood a device with requests
- Virtually impossible to identify and block source of attack
More after the break
Interception
- Man in the middle
- Interception of legitimate communication
- Forging a fictitious response to the sender
- Passive attack records transmitted data
- Active attack alters contents of transmission before sending to recipient
- Reply attacks
- Similar to passive man in the middle attack
- Attacker makes copy of transmission
- Uses copy at a later time
- EX: capturing logon credentials
- More sophisticated replay attacks
- Attacker captures network device's messages to server
- Later sends original, valid message to server
- Establishes trust relationship between attacker and server
Poisoning
- ARP poisoning
- Attacker modifies MAC address in ARP cache to point to different computer
- ARP gets the MAC address
- ARP only covers local networks
- DNS poisoning
- Domain name system is current basis for name resolution to IP address
- DNS poisoning substitutes DNS addresses to redirect computer to another device
- Two locations:
- Local host table
- External DNS server
*Side note: When you ipconfig /release in the CMD, your machine will receive a PIPPA
No comments:
Post a Comment