Attack Types

Three general kinds of network attacks include reconnaissance, access, and denial-of-service (DoS) attacks. The following sections describe these types of attacks in detail.

Reconnaissance Attacks

Reconnaissance attacks , as you would expect, occur when an unauthorized person observes and maps network systems, services, and vulnerabilities. As an analogy, a reconnaissance attack in the physical world could occur when an intruder searches for and discovers an unlocked door or window or learns specific times of the day and week when a house is empty. Ping, Nslookup, Netcat, Telnet, Nmap, and File Explorer are some common commands or utilities used during reconnaissance attacks.

Access Attacks

Access attacks occur when an unauthorized person manipulates data, accesses internal systems, or escalates his or her existing privileges. In the household analogy, a burglar or trespasser performs an access attack. Password guessing, Trojan horses, or exploitation of poorly controlled administrative services such as Internet Protocol (IP) and file sharing are often used as tools for access attacks.

You can expect to see questions related to shared folders and their role in access attacks on the exam.

DoS and Distributed DoS

Although access attacks occur when someone gains entry to restricted systems or resources, they might not cause damage or interruption to systems and services. DoS attacks, on the other hand, disable or compromise network systems and services. Resources such as memory, processing power, and bandwidth might be overloaded so that systems can no longer function. Ping or SYN floods, User Datagram Protocol (UDP) bombs , and unsolicited commercial email are examples of tools used in DoS attacks.

Distributed DoS (DDoS) attacks take DoS attacks to a whole new scale. Whereas a DoS attack involves a single hacker disrupting or halting services, a DDoS attack combines the efforts of up to thousands of systems to cripple a network. Typically, a hacker executes a DDoS attack by remotely installing software on and compromising agent systems, which in turn are instructed to execute attack programs on the target network.

The threat of DDoS attacks can be minimized by antispoofing, anti-DoS, and traffic ratelimiting features. Antispoofing measures, such as RFC 2827 filtering, prevent hackers from masking their identities.

RFC 2827 filtering blocks outbound traffic that has a source address which isn't a valid IP address within an organization's address range.

Limiting the number of embryonic , or half- open , connections that are allowed at any given time can also limit the effects of DoS and DDoS attacks. Finally, traffic ratelimiting measures such as limitations on the amount and source of Internet Control Message Protocol (ICMP) traffic can hinder the effects of DoS attacks.

ICMP-based attacks are common, so limiting the amount and controlling the source of ICMP traffic can provide a simple and effective way to protect against DoS attacks.

Controlling ICMP traffic does, however, introduce more administrative overhead and can limit a network administrator's ability to diagnose network connectivity problems. The main point here is that measures to prevent security breaches inevitably have an outcome for your network configuration and maintenance and management tasks . You need to continuously balance the risks against the potentially detrimental effects on your network.