Transcript Comparison of Network Attacks

Comparison of Network
Attacks
COSC 356
Kyler Rhoades

Two classes of Network Attacks
◦ Passive
◦ Active

Passive
◦ Non-evasive monitoring of transmissions
◦ Traffic Analysis
◦ Tricky to detect because data is unaffected

Active
◦ Attacker tries to bypass or break into a secured
system
◦ Results in the disclosure or dissemination of
data

Sniffing (Passive)
◦ AKA
 Eavesdropping
 Mapping

Sniffing
◦ Goals
 Intercept information traveling throughout a
network
 To gather information about a network

Sniffing
◦ How It Works
 Attacker gains access to a network path
 “Listen” to the data being transmitted back and
forth
◦ Plaintext format
◦ E-mail messages, User names, Passwords, Documents

Sniffing

Sniffing
◦ How To Combat Sniffing
 Strong encryption methods
◦ Key-agreement protocol
 Don’t use passive HUBS

Spoofing (Active)
◦ Impersonates another host
◦ IP Spoofing
 Trusted Source

Spoofing
◦ Goals
 Impersonate
◦ Malicious actions, if caught, will look as if another
legitimate user was behind the attack

Spoofing
◦ How It Works
 Find an IP address of a host connected to a
secure network
 Fakes his IP address to that the known host
 Any data transmitted will appear to becoming
from the known host

Spoofing

Spoofing
◦ Attacks can also set up a spoofed access point
 Legitimate users will think they are connected to
their network
 Attacker can easily monitor traffic and attack the
connected hosts

Man-In-The-Middle Attack (Active)
◦ Weakness in the TCP/IP protocol
 Headers
◦ Relies on spoofing

Man-In-The-Middle Attack
◦ How It Works
 An attacker makes connections between two
victims and controls the relay between them
◦ Victims appear that they are on a private connection
◦ Attacker must be able to impersonate both victims
 The attacker intercepts all the data transferred
between the victims
 The attacker then can take the data and
manipulate it and send it to the recipient

Man-In-The-Middle Attack

Man-In-The-Middle Attack
◦ Defense
 Strong mutual authentication protocols
◦ Key-agreement protocol

Denial of Service Attacks (DoS) (Active)
◦ Aims to prevent the normal use of a network or
device by legitimate users
 Consume computational resources
◦ Bandwidth
◦ Disk Space
◦ CPU Time

Denial of Service Attacks (DoS)
◦ How It Works
 Buffer overflow attack
◦ Sends more traffic to a network address then the
expected size of a given buffer.
◦ This can range from sending oversized internet control
message protocol packets to as simple as sending
emails that contain attachments with over 256
character file names.

Denial of Service Attacks (DoS)
◦ Smurfing attack
 Sends an IP ping request to a site that tells it to
send the number of hosts in a site’s local network
 The request appears to be sent from the target
host
 The result is that a large number of ping replies
flooding back to the target host with the intention
that the host will not be able to tell between real
and fake traffic.

Smurfing Attack

Denial of Service Attacks (DoS)
◦ SYN Floods
 When a computer wants to make a TCP/IP connection
to another computer, there is an exchange of TCP/SYN
and TCP/ACK packets.
 The computer that is trying to connect will send a
TCP/SYN packet to the client requesting to connect.
The client will return a TCP/ACK packet telling the
computer it is allowed to connect.
 The client then reserves a space for the incoming
connection and waits for the computer to respond with
another TCP/ACK packet.
 The address of the computer requesting a connection is
spoofed and when the client sends the TCP/ACK packet
it is never received by a device or is simply ignored. If
you do this multiple times to a given client, you will
take up all the reserved connections for unresolved
hosts and other legitimate hosts will not be able to
connection to the client.

SYN Floods

Distributed Denial of Service Attacks
(DDoS) (Active)
◦ Multiple attackers flood the resources and
bandwidth of a target host.
◦ This is done by gaining control over many
other hosts first and then installing a slave
program.
◦ The master program, controlled by the
attacker, will contact the slave programs on all
the different hosts to coordinate a denial of
service attack on a target host.

Distributed Denial of Service Attacks
(DDoS)