Transcript Chap03 Class of Attack

CHAPTER 3
Classes of Attack
INTRODUCTION







Network attacks come from both inside and
outside firewall.
Kinds of attacks:
1.
2.
3.
4.
5.
Denial-of-service
Information Leakage
File Alteration
Misinformation
Database Access
DENIAL-OF-SERVICE (DoS)






This kind of attack unauthorized the
availability of the resource to its regular
authorized users.
Types of DoS:
1.
2.
3.
4.
Degrading Processes
Degrading Storage Capability
Destroying Files
Shutting Down
DENIAL-OF-SERVICE (DoS)



Degrading Processes
1. The attacker reduces performance by
overloading the target system, either by
spawning multiple processes to eat up all
available resources or spawning enough
processes to overload CPU. Example: A simple
UNIX fork bomb.
2. The attacker attack a network application
such as File Transfer protocol (FTP) or Simple
Mal Transfer Protocol (SMTP) by sending a
flood of network.
DENIAL-OF-SERVICE (DoS)






3. The attacker attack a network service such
as Internet protocol (IP) or the Internet Control
Message Protocol (ICMP) also by sending a
flood of network.
Examples of DoS attacks that degrade processes
are:
1. Snork
2. Chargen
3. Smurf
4. SYN flood
DENIAL-OF-SERVICE (DoS)





Snork and Chargen affect Windows NT.
Snork enables the attacker to send spoofed
Remote Procedure Call (RPC) datagrams to the
User Datagram Protocol (UDP) destination port
135.
Chargen enables attacker sent a flood of UDP
datagrams from a spoofed source IP to port 19.
Smurf performs a network-level against the
target host.
SYN flood is accomplished by sending TCP
connection request faster than a system can
process them.
DENIAL-OF-SERVICE (DoS)





Degrading Storage Capability
Attacker uses all of the given storage resources
on the target machine, such as spamming a
mail server. For example: The Love Letter
worm that use Windows and Exchange Server
as their mail platform.
Destroying Files
This type of DoS attack is a less often occur.
The attacker delete files on the target server to
render it unusable. For example: A strain of
Love Bug worm that overwrites all .bat, .com
and .sys files on the system.
DENIAL-OF-SERVICE (DoS)





Shut Down Systems
This kind of DoS enable attacker shutting down
the computer systems. For example: Ping of
Death caused a great many windows NT
machines to face the blue screen of death.
Distributed Denial-of-Service (DDoS)
This is the newest threat of DoS and depends on
the use of a client, masters and daemons.
The attackers use the client to initiate the attack
by using masters, which are compromised hosts
that have a special programs running on them.
DENIAL-OF-SERVICE (DoS)






Some of the DDoS tools includes:
1. Trinoo
2. Tribe Flood Network
3. Stacheldraht
4. Shaft
5. Mstream
INFORMATION LEAKAGE




The attacker enable to get much
information on the target as possible.
This class of attack can occur in many ways:
1. The attacker may use finger or Domain
Name System (DNS) to gather information
about the users on your network.
2. The advertising of search engine can help
attacker determine the type of web server being
used.
INFORMATION LEAKAGE


3. It also can occur in SMTP or application
banners (from telnet) because these items
can give a piece of information about network.
Some tools used by individuals to gain
information about network include port
scanners and operating system detection
software. For example, one of the best tool is
nmap by Fyodor.
FILE ALTERATION


The attacker have capability to alter file includes
create, read, modify and remove files from
systems on the network.
In the past, attacker can create and remove files
on systems utilizing Network File System (NFS)
by utilizing vulnerabilities in statd (NFS filelocking status monitor).
MISINFORMATION





The attacker erase all their tracks to the
system.
Bad logs
The attacker go to the log files (after gaining
root server) to remove all traces of themselves.
Attack noise
It can be designed as simply diversionary tactic.
It means while user concentrate on defending
area that being attacked, the reality is the
attacker comes from the area which the defense
are low.
DATABASE ACCESS




The attacker may try to gain access to a
special file or database.
There are some area concerned by attackers to
attack:
1. Use system’s operating system. For example:
Attacker attack Registry (use to store operating
parameters in Windows NT). By default, it can
be controlled by Service Pack.
2. Attacker use the database user permission
to gain the access.

To be continued…