Attack at the Honeypot
Being a normal network host, a honeypot is exposed to the risk of various DoS attacks. The most vulnerable point is the network sensor, the responsibilities of which consist of tracking all traffic. If the hacker puts it out of operation, then the intrusion will be unnoticed for some time. The attacked host must remain up and running; otherwise , there will be nothing to attack. Assuming that the sensor receives all packets, the hacker can cause its failure by sending a packet addressed to a nonexistent host or any unneeded host.
As a variant, it is possible to flood the network with SYN packets (there are lots of descriptions of SYN flood attacks on the Internet) or cause an ECHO death (a flood of ICMP packets directed to the target of attack from several dozen powerful servers, which can be achieved by IP address spoofing ” in other words, by sending echo requests on behalf of the target of the attack).
The attack itself is usually implemented over protocols stable to traffic sniffing and supporting transparent encryption, which blinds the network sensor. Most often, SSH is used to achieve this goal. However, this limits the attacker's choice to the hosts that explicitly support it, and this drawback neutralizes all advantages of encryption.
EAN: 2147483647
Pages: 164
- The Second Wave ERP Market: An Australian Viewpoint
- The Effects of an Enterprise Resource Planning System (ERP) Implementation on Job Characteristics – A Study using the Hackman and Oldham Job Characteristics Model
- Data Mining for Business Process Reengineering
- Intrinsic and Contextual Data Quality: The Effect of Media and Personal Involvement
- Healthcare Information: From Administrative to Practice Databases