Introduction to Attacks

Computer network that are currently connected to the internet are vulnerable to a variety of exploits
that can compromise their intended operations.

Types of attacks

There are two types of attacks

1. Non technical attacks

a. Social engineering attacks
b. Pretexting
c. Phishing
2. Technical attacks
a. Dos attacks
b. Input validation attacks
c. Key logger attacks
d. Sniffing attacks
e. Other type of high level attacks

1. Non Technical Attacks-

a. Social engineering attack :-
People are usually the weakest link in the security chain. Social Engineering is still the most
effective method getting around security abstracts. A skilled social engineer will often try to
exploit this weakness before spending time and effort on other methods to crack password.

Common Types of Social Engineering

Social Engineering can be broken in to :

1. Human based :- Human based refers to person to person interactions to retrieve the desired
information.
2. Computer Based:-Computer based refers to having computer software that attempts to retrieve
the desired information.

Countermeasures :-

The best way to defense against Social Engineering attacks combines raising the Bar of awareness
among student . Faculty & staff. Coupled with a sense of Personal Responsibility to protect the assets.

Vaibhav shukla (Network Administrator) Page 1

 b. Pretexting:-
Pretexting is the act of creating & using an invented scenario to obtain information from a
target usually over the telephone . It is more than simple lie , as it Regularly involves some
prior research & the piece of information.

c. Phishing:-
Phishing is criminality fraudulent to steal user sensitive information such as user ID
Passwords , Credit Card No. , Bank A/C No. Pin Code Etc. by sending the fake page & this
fake page sends the user sensitive information to attackers .
Phishing attacks use both Social Engineering & Technical subterfuge to steal
consumers personal identify data & Financial Account credentials .
2. Technical Attacks:-
a. Dos Attacks (denial of service attacks )
Dos attacks are commonly launched from one or more points on the internet that are external
to the victims own system.
DDos Attacks
DDos Attack is an advance version of Dos attack much like Dos also tries to block important
service by running on a server by flooding the destination server with packets.
The specialty Of DDos is that the Attacks Do not come from a single network or
host but from a number of different host or Network which have been previously compromised.

Types of Dos Attack –

1. Ping of death attacks-

Commonly known as POD attack . An attacker sends an ICMP echo request packet that larger
than the maximum IP packets Size since the received ICMP echo Request packet is larger than
the normal IP packet size it is fragmented . The target cannot reassembles the packet , so the OS
crashes Or reboots .

Note –

This vulnerability is present only on windows 98.

2. Land Attack-
When the attacker initiate a sync flood attack using the IP address of the victim as source and
destination IP address. Then it is said that the attacker has launched a land attack.
3. Tear drop attack-
This type of attack deals with fragmentation & reassembly of ip packets . an attacker could start
transmitting fragmented IP packets containing overlapped fragment offset making the victim
unable to reassemble them exhausting victim’s and crashing it.
4. Sync Flood attack-

Vaibhav shukla (Network Administrator) Page 2

 An attacker could deliberately flood the server with tcp sync segment with out acknowledging
back the servers sync response as a consequence the servers session table is filled up with
ongoing session .
This kind of attack is usually originated by a spoofed source ip address making it
harder to track down the attacker.
5. ICMP flood attack-
Similar to the sync flood attack An ICMP flood takes place when an attacker overloads it s victim
with a huge number of ICMP echo request with spoofed source ip address .
6. UDP Flood attack-
UDP flooding does not differ from ICMP flooding . the idea behind these attacks is the same and
we have already talked about it.
7. Smurf Attack-
Smurf Attack is the type of network level Dos attack by overwhelming the victim machine with
ICMP echo replies from computer in the same broadcast network by sending forged ICMP echo
request to an IP broadcast address using the ip address of the victim machine .
b. Input Validation Attack

Input validation attacks are where an attacker intentionally sends unusual input in the hopes of
configuring the application commonly known as IVA.

Types of IVA

1. SQL Injection Attack

SQL injection is an attack in which malicious code is inserted in to strings that are later passed to an
instance of SQL server for parsing & execution . even parameterized data can be manipulated by a
skilled attacker.

Preventing SQL injection Attack

The most common method to prevent this kind of SQL injection vulnerability are to check the user’s
input for dangerous character’s like single quotes & using prepared statements which tell the database
exactly what to expect before any user provided data is passed to it.

2. CSS/XSS Attacks

Cross site scripting is generally believed to be one of the most common layer of application hacking
techniques. In general css refers to that hacking techniques that leverages vulnerabilities in the code of
web application to allow an attacker to send malicious content from an end user & collect some type
data from victim .

CSS allow an attacker to embed malicious JavaScript vbscript activex HTML or flash in to a
vulnerable dynamic page to fool the user executing the script on his machine in order to gather data .

To check for css vulnerabilities use any web vulnerability scanner.

Vaibhav shukla (Network Administrator) Page 3

Preventing CSS attacks

To prevent these attacks dangerous characters must be filtered out both in their ASCII & hex values.

3. Buffer Overflow Attack

In computer security & programming a buffer overflow or buffer overrun is an anomaly where a process
stored data outside the memory the programmer set aside for it.

A buffer overflow occurs a process or program running on your computer system use more
memory than it was allocated & has to store extra data in temporary location called buffer.

There are two main types of buffer overflow Attack

(a) Heap Based Buffer Overflow Attack

Heap based attacks are for less than stack based attacks & involves flooding the memory space
reserved for a program or process . heap based attacks are difficult to perform & are rarely
used.
(b) Stack based overflow attack
In a stack based BOF attack the program being exploited uses a memory location known as stack
to store user input . A memory stack does not have infinite size . If the user’s input is longer than
the amount of space reserved for it . then the stack will overflow.
(c) Key logger Attack

This is one of the oldest & simplest method of hacking a computer A key logger is a piece of H/W or S/W
that logs everything someone types . Key loggers may program the to email you all the logs after a
particular time & may delete all logs itself.

Key logger prevention

Anti key loggers software will detect and block key loggers I used anti keylogger shield to block any
known or unknown key loggers on my computer.

(d) Sniffing Attack

Sniffing is observing packets passing by on a network . sniffing is a popular way to steal data from a
network usually inform of passwords id name etc.

Sniffer attack against the transport control protocol . there is a method hackers use in which the
attack lets a hacker redirect to the tcp stream through the hacker’s machine .

(e) Password attack

Any attack designed to allow an unauthorized users access to an authorized password

Types of password attacks

Vaibhav shukla (Network Administrator) Page 4

 1. Default password
2. Dictionary password
3. Brute force password

1. Default attack password - a default password is common password that is supplied with new
equipment that is password protected . Manufacturers of such equipment typically use a single
password such as admin or password thus users will change the password when they used it.
2. Dictionary Password Attack –A dictionary attack is a method of breaking in to a password
protected computer or server by systematically entering every word in a dictionary as a
password. Dictionary attack work because many computer user’s and business insist on using
ordinary words as passwords .Dictionary attack are rarely successful against system that employ
random combination & upper case or and lower case letters mixed up with numerals.
3. Brute force Password Attack-A brute force attack consist of trying every possible code
combination or password until you find right one .

Determining the Difficulty of Brute force Attack

The difficulty of a brute force attack consists of trying passwords depends on several factors such as –

a. How long can key be

b. How long will it take to attempt each key
c. Is there a mechanism which will lock the attacker out after a number of failed attempts ?

As an example imagine a system which only allows 4 digital pin codes . this means that there are a
maximum of 10000 possible pin combination

Backdoor
Introduction - a secret or understand means of access ( to a place or a position) or an undocumented
way to get access to a system .A backdoor is a method of bypassing normal authentication or securing
remote access to a computer while attempting to remain hidden from casual inspection .

Examples of Backdoors

Remote connection also known as redneck is a dangerous backdoor that gives the remote
attacker full access to a compromised computer the parasite can shutdown or restart a pc
manage files record users keystrokes install & run virus programs take screen shot & perform
other malicious actions Remote connection runs or every window s startup other examples of
backdoors are net master net bus etc.

Root kits

A root kit is a collection of tools that enable administrator level access to a computer or computer
network . typically a cracker installs a root kit on a computer after first obtaining user level
access either by exploiting a known vulnerability or cracking a password.

Vaibhav shukla (Network Administrator) Page 5

Vaibhav shukla (Network Administrator) Page 6