Topic: ATTACKS & malicious code.

By SARAH KEMUNTO MOGAKA

VARIOUS ATTACKS ON NETWORKS

1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

Spoofing DoS attacks Impersonation or Masquerading Eaves dropping Wiretapping Brute-force attack Hacking Cracker Phishing Script-kiddie

Common Types of Network Attacks

Without security measures and controls in place, your

data might be subjected to an attack. Some attacks are passive, meaning information is monitored; others are active, meaning the information is altered with intent to corrupt or destroy the data or the network itself. Your networks and data are vulnerable to any of the following types of attacks if you do not have a security plan in place.

INTRODUCTION
Network attacks come a variety of forms, some of

which are common enough to classify. A network attack consists of anything that attempts to prevent a system from performing its normal function over a network or remotely allows unintentional behavior. Some attacks are designed to be disable network services to prevent normal network function, a form of sabotage. Other attacks are designed to gain unauthorized access or control of a network, a form of espionage. The following is a discussion of the broader categories of network attacks.

1. IP Spoofing
used to gain unauthorized access to computers, whereby the

attacker sends messages to a computer with a forging IP address indicating that the message is coming from a trusted host. There are a few variations on the types of attacks that using IP spoofing. Non-Blind Spoofing - This attack takes place when the attacker is on the same subnet as the target who could see sequence and acknowledgement of packets. Blind Spoofing - This attack may take place from outside where sequence and acknowledgement numbers are unreachable.

2. Denial of Service Attack

Denial of Service attacks are network attacks that

exploit the quantity limitations of normal network services. Denial of Service (DoS) attacks come in various forms including distributed denial of service, SYN flooding, and mail bombing. The principal behind each DoS attack is to flood a service with so many fake requests that a real request gets denied due to the lack of resources to respond to all requests

Denial of Service Attack CONT

IP spoofing is almost always used in denial of service

attacks (DoS), in which attackers are concerned with consuming bandwidth and resources by flooding the target with as many packets as possible in a short amount of time. To effectively conducting the attack, attackers spoof source IP addresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic, it is very challenging to quickly block the traffic.

3. MAN IN THE MIDDLE ATTACK

A type of attack where a user gets between the sender and

receiver of information and sniffs any information being sent. In some cases, users may be sending unencrypted data, which means the man-in-the-middle can easily obtain any unencrypted information. In other cases, a user may be able to obtain the information from the attack but have to unencrypt the information before it can be read. Man In the Middle Attack is also called connection hijacking. In this attacks, a malicious party intercepts a legitimate communication between two hosts to controls the flow of communication and to eliminate or alter the information sent by one of the original participants without their knowledge. In this way, an attacker can fool a target into disclosing confidential information by spoofing the identity of the original sender or receiver.

4. Eavesdropping & wiretapping

It refer only to a passive attack in which the adversary merely

eavesdrops the line over which ciphertexts are being sent. Stronger types of attacks, culminating in the so-called Chosen Ciphertext Attach, may be possible in various applications. In their stronger form, such attacks are also related to the notion of non-malleability of the encryption scheme, where one requires that it should be infeasible for an adversary given a ciphertext to produce a valid ciphertext for a related plaintext [Dolev, Dwork, and Naor, 1991]. Encryption schemes secure against such attacks can be constructed under various assumptions (e.g., intractability of factoring).

Wiretapping
Telephone tapping (or wire tapping/wiretapping is the

monitoring of telephone and Internet conversations by a third party, often by covert means. The telephone or wire tap received its name because, historically, the monitoring connection was an actual electrical tap on the telephone line. Legal wiretapping by a government agency is also called lawful interception. Passive wiretapping monitors or records the traffic, while active wiretapping alters or otherwise affects it. Wiretapping is any interception of a telephone transmission by accessing the telephone signal itself. Electronic eavesdropping is the use of an electronic transmitting or recording device to monitor conversations without the consent of the parties. Although many types of conversations may be subject to electronic eavesdropping, this fact sheet deals only with eavesdropping on telephone conversations.

When you open up a phone, you can see that the technology inside is very simple. The simplicity of design makes the phone system vulnerable to surreptitious eavesdropping.

5. Brute-force attack
A type of password attack that does not attempt to decrypt any

information but simply continue to try different passwords. For example, a brute-force attack may have a dictionary of all words and/or a listing of commonly used passwords. To gain access to the account using a brute-force attack, the program would try all the available words it has to gain access to the account. Another type of brute-force attack is a program that runs through all letters and/or letters and numbers until it gets a match. Although a brute-force attack may be able to gain access to an account eventually, these types of attacks can take several hours, days, months, and even years to run. The amount of time it takes to complete these attacks is dependent on how complicated the password is. To help prevent brute-force attacks many systems will only allow a user to make a mistake in entering their username or password three or four times. If the user exceeds these attempts the system will either lock them out of the system or prevent any future attempts for a set amount of time.

6. Masquerading or impersonation
The perpetrator gains access to the system by

pretending to be an authorized user. The perpetrator must know the legitimate users ID and password. Once in the system, he enjoys the same privileges as the legitimate user.

7. Mobile Code
Mobile code is software transferred between systems, e.g.

transferred across a network or via a USB flash drive, and executed on a local system without explicit installation or execution by the recipient. Examples of mobile code include scripts (JavaScript, VBScript), Java applets, ActiveX controls, Flash animations, Shockwave movies (and Xtras), and macros

embedded within Office documents.

Mobile code can also download and execute in the client

workstation via email. Mobile code may download via an email attachment (e.g., macro in a Word file) or via an HTML email body (e.g., JavaScript). For example, the ILOVEYOU, TRUELOVE, and AnnaK email viruses/worms all were implemented as mobile code (VBScript in a .vbs email attachment that executed in Windows Scripting Host).

8. Hacking
Unauthorized access to and use of computer

systemsusually by means of a personal computer and a telecommunications network. Most hackers break into systems using known flaws in operating systems, applications programs, or access controls. Some are not very malevolent and mainly motivated by curiosity and a desire to overcome a challenge. Others have malicious intent and can do significant damage.

8. Cracker
Individual who is able to decipher codes and

passwords being able to break security systems for illegal reasons.

9. Phishing
Pronounced like fishing, phishing is a term used to describe a

malicious individual or group of individuals scamming users by sending e-mails or creating web pages that are designed to collect an individual's bank or credit information. Below is an example of what a phishing e-mail may look like.

Sending out a spoofed email that appears to come from a legitimate

company, such as a financial institution. EBay, PayPal, and banks are commonly spoofed. The recipient is advised that information or a security check is needed on his account, and advised to click on a link to the companys website to provide the information. The link connects the individual to a website that is an imitation of the spoofed companys actual website. These counterfeit websites appear very authentic, as do the emails.

10. Script-kiddie
Also known as an ankle biter, a script-kiddie is an individual

who utilizes information, scripts, or other types of software utilities to help exploit or break into a computer or computer program without having a full understanding of how the exploit works or how it was made. What makes a script-kiddie different from a hacker or an advanced user is that a hacker or advanced user commonly has a vast understanding of what he or she is doing, explores and locates the security vulnerabilities, and/or creates the programs or scripts that others may use.

Thank you!!!!!!