Академический Документы
Профессиональный Документы
Культура Документы
Viraj Dissanayake
Malware types
Virus – A malicious code. Need user interaction to execute. Need a host program to run. Have a
form of exe file.
Worm – Replicate by itself. Doesn’t need user interaction. Doesn’t need a host program
Trojan horse – Malicious code is hidden in a program/ function
Ransomware – Block service to legitimate user and ask money to unblock it again
Spyware – Gather user information without users’ permission
Adware – Display pop up ads and collect browser (cookie) data/ user data
Phishing – Convince users to give their information
Rootkits – Provide administrative control to the attacker
Network attacks
In DOS attacks attacker focus on one system. But in DDOS attacks, attacker target multiple systems at
once
Lecture – Layer 2 attacks
Attacker focus on switches to attack
CAM Table attack (attacker inject false MAC address to the CAM Table). To mitigate enable port
security
VLAN Hopping attack (Attacker use VLAN trunk port and access traffic). To mitigate disable DTP
(Dynamic Trunking protocol), use manual trunking
VLAN Double tagging attack (Attacker add another VLAN Tag to the segment). To mitigate assign
unused VLAN as native VLAN
DHCP Spoofing (Attacker pretend as a DHCP server)
DHCP starvation (Form of DOS attack. Attacker overload the DHCP Server)
To mitigate DHCP attacks - Dropping untrusted DHCP messages, configuring switch port’s DHCP
trust state
ARP spoofing (poisoning) – Attacker use unsolicited ARP Replies called “gratuitous ARPs”. To
mitigate use Dynamic ARP inspection
Address spoofing – Attacker use an address within the network and pretend as legitimate user.
And perform DOS attack. To mitigate, enable IPSG (IP Source guard) to filter IP addresses
STP Manipulation attack – Attacker use trunk port of a switch in the network and add a rogue
switch and make the bridge Id of it as 0. So it becomes the toot bridge. All the traffic goes
through attacker’s switch. To mitigate, disable DTP protocol (Disable trunking ports)
BPDU (Bridge protocol data unit) – contains switch id and MAC address
Root guard – prevent designated port becoming a root port
Loop guard – Prevent network loops by optimizing STP
ICMP is part of IP
TCP connection oriented and UDP is not connection oriented. So UDP is not reliable. UDP use in wireless
transmission (Wi-Fi). UDP is stateless and TCP is a stateful protocol
TCP features
Establishing a session
o Connection establishment
o Data transfer
o Connection termination
Reliable delivery
Same-Order delivery
Flow control
Athma, please go through the TCP Control bits lecture in DCCNII, or google it. You might need to know
about that
TCP Attacks
Information gathering
o TCP Port scan (searches for multiple TCP services on a single host) – (normal scan –TCP-SYN /
stealth scan – FIN, SYSN-FIN, null, push, fragmented packets)
o TCP Port/Host sweep (searches for a single TCP service on multiple hosts) - (normal scan –TCP-
SYN / stealth scan – FIN, SYSN-FIN, null, push, fragmented packets)
o OS Finger printing – TCP fields are varying from OS to OS.
Header abuse
UDP Attacks
Information gathering
Header abuse
o UDP Bomb attack – Form of a DOS attack. Triggers when the UDP length specified is less
than the IP length specified
o UDP Flood attack – Attacker send request load of asking open ports to the server. Server
get overload. A form of a DOS attack