Friday, February 26, 2010

TYPES OF ATTACKS

  • DoS- Denial of Service
  • Trojan Horse - Comes with other software.
  • Virus - Reproduces itself by attaching to other executable files.
  • Worm - Self-reproducing program. Creates copies of itself. Worms that spread using e-mail address books are often called viruses.
  • Logic Bomb - Dormant until an event triggers it (Date, user action, random trigger, etc.).
Hacker Attacks are various forms that exploit weakneses in security. Many of these may cause loss of service or system crashes.
  • IP spoofing - An attacker may fake their IP address so the receiver thinks it is sent from a location that it is not actually from.
  • Gaining access through source routing. Hackers may be able to break through other friendly but less secure networks and get access to your network using this method.
  • Man in the middle attack -
    • Session hijacking - An attacker may watch a session open on a network. Once authentication is complete, they may attack the client computer to disable it, and use IP spoofing to claim to be the client who was just authenticated and steal the session.
  • Server spoofing - A C2MYAZZ utility can be run on Windows 95 stations to request LANMAN (in the clear) authentication from the client. The attacker will run this utility while acting like the server while the user attempts to login. If the client is tricked into sending LANMAN authentication, the attacker can read their username and password from the network packets sent.
  • DNS poisoning - This is an attack where DNS information is falsified. This attack can succeed under the right conditions, but may not be real practical as an attack form. The attacker will send incorrect DNS information which can cause traffic to be diverted. The DNS information can be falsified since name servers do not verify the source of a DNS reply. When a DNS request is sent, an attacker can send a false DNS reply with additional bogus information which the requesting DNS server may cache. This attack can be used to divert users from a correct webserver such as a bank and capture information from customers when they attempt to logon.
  • Password cracking - Used to get the password of a user or administrator on a network and gain unauthorized access.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)