Network Attack Methods


Attackers can access or abuse unprotected networks or hosts (computers) many different ways, including these:

  • Remote login Someone is able to connect to a computer and control it in some form. This control can range from being able to view or access files to running programs on the computer.

  • Application back doors Some programs have special features enabling remote access. Others programs contain bugs that provide a "back door," or hidden access, providing some level of control of the program.

  • SMTP session hijacking SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This spamming is done by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace.

  • Operating system bugs Like applications, some operating systems have back doors. Other applications provide remote access with insufficient security controls or have bugs an experienced attacker can use to gain advantage.

  • DoS This type of attack is nearly impossible to counter. When the server responds with an acknowledgement to a user (attacker) requesting to establish a connection, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, an attacker causes the server to slow to a crawl or crash.

  • E-mail bombs An e-mail bomb is often a personal attack. Someone sends the same e-mail hundreds or thousands of times until the recipient's e-mail system cannot accept any more messages and sometimes crashes as a result.

  • Macros To simplify complicated procedures, many applications enable the creation of a script of commands the application can run; this script is known as a macro. Attackers take advantage of this scripting capability to create their own macros that, depending on the application, can destroy data or crash a computer.

  • Viruses A virus is a small program that can copy itself to other computers. This self-replication enables the virus to spread from one system to the next. Viruses range from displaying harmless messages to erasing all of a machine's data.

  • Spam Spam is the electronic equivalent of junk mail but can be dangerous. Quite often, spam contains links to web sites outside the protected network. These web sites might use these cookies to provide an attacker a back door to the computer. (Cookies are messages given to a web browser by a web server. The message is then sent back to the server each time the browser requests a page from the server.)

  • Redirect bombs Hackers can use ICMP to change (redirect) the path information follows by sending it to a different router. Redirect bombs are one of the ways that a denial of service attack is initiated.

  • Source routing In most cases, the path a packet travels over a network (such as the Internet) is determined by the routers along that path. The source providing the packet can specify the route that the packet should travel. Attackers can take advantage of this to make information appear to come from a trusted source or even from inside the network. By default, most firewalls disable source routing, which in turn prevents this type of attack.

Firewalls are an effective solution against most of these attacks because they can stop an attacker outside the network from logging into a computer inside the network. Firewalls alone will not prevent all of these attacks. Firewalls with an Intrusion Detection System (IDS) and a virus monitor combine for an effective network security solution. You learn more about firewalls later in this chapter.



Network Sales and Services Handbook
Network Sales and Services Handbook (Cisco Press Networking Technology)
ISBN: 1587050900
EAN: 2147483647
Year: 2005
Pages: 269

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net