A Literature Survey on Network Attacks and

Prevention
Abstract— The computer network mechanisms are growing quickly, and the growth of internet Usage over the peoples are very
fast, people more aware of the importance of the network security. Securing the network is the main problems of computing,
because attacks are developing each days. Every organization need to monitor their network functions and update their
equipment’s for more protection. Protecting the network and securing the device are essential to the organizations. The malicious
activities can create an issue in the network and applications. The malicious activities can use a malwares to perform the attack,
these attacks are spoof the information over the network and cause severe damage. Need to analysis the network, the paper
describes the network security attacks and the ways to protect the network from these attacks. Most of the attacks are based on
weak configuration and security loops on the networks.

Keywords—Attacks, Network attacks, Communication attacks, Security loopholes.

I. INTRODUCTION

Network security initialize with the permissions, usually with a name and the denoted password. Network security contains the
requirements and the rules to adopt by the administrator to denial and monitor unofficial access to the network, modification in
communication, unauthorized usage, or denial of the whole network and network oriented devices. Mostly network security
includes the approval of access to information in a network, which is organized by the admin. It has developed more significant
to individual computer workers, and administrations. If this approved, a firewall allow the contact policies such as what
information’s are permitted to be log on for network handlers. So that to stop illegal access to system, this module may fail to
verify the potentially damaging content such as worms, Trojans and malwares being spread over the network. Anti-virus
software and an intrusion detection system can support to detect the malicious activities. Nowadays abnormality may also
monitor the activities over the wire shark traffic and may be recorded for audit purposes then also used for high-level
investigation in the networks. Announcement among two system using a network may be uses for the encryption to preserve
the privacy. Devices and Network systems are a key knowledge for a widespread diversity of applications. It is a serious
condition in current state networks, there is an important absence of security approaches that can be simply implemented. There
happens a “message gap” among the makers of security methods and designers of networks. Network design is established
process that to be determined by the Open Systems Interface ideal. The OSI activities has numerous benefits when planning the
network security.

Fig 1 Basic Network Security

1
Above diagram shows the basic security mechanism used to protect the database and encryption over the networks. Firewall that
block the unauthorized access and they filter the every packet to verify the malicious activities present. Specifying access control
over the each connection is important to the security.

Network Security:

Network security either may be hardware or software type. Hardware are the device that used in the companies and organizations,
like Firewall, IDS, IPS and Honeypot (FIG 1). Software is the application’s that act like a hardware component, but they are only
for small companies, we can’t make wide bandwidth on applications. DMZ (Demilitarized zone) is the buffer between the public
traffic and organization network. The public server and mail server are in the DMZ, it’s a zone for public use and it's protected by
firewall to block the insecure traffic into the network. Mostly DMZ is not configured so securely in many companies, they don't
check the logs properly that the initial weakness of the organization and need to upgrade the firewall to the latest version. Ports are
the important one to identify the service based on its number, so need to know about the ports because ports are the major way for
the attackers to get into the service. Organizations should know about the port security before opening the ports. Even IDS and IPS
are used all over the organization, but still attacks are happening all over the world. Some attackers are footprint the service and
analysis the design of network to gather the details about the network devices. After, that the attacker starts to explore the device
weakness based on the device information. Securing internally is more important than securing the outside networks, because the
internal users can easily attack the network.

II. LITERATURE SURVEY

OWASP (open web application security project) is the security based platform, they gather the day to day vulnerabilities and attacks.
Network security is an important mechanism for information technology and can be characterized into four main parts containing
integrity, authorization, authentication and secure control. It is an idea of safeguarding and defensive network and information
communication from unofficial users who can practice the data for any purposes. It applications on safeguarding multiple networks
containing both open and remote communications and public services among trades, government institutions and entities. Network
security has developed a major element in the organization structure for the data passes over large number of organizations and
policies such as workstations and routers are becomes very weak to damage and attacks.

Various types of Attacks are:-

FIG 2 Classifications of Attacks

Above diagram that shows the different classifications of network attacks and these are classifications are based on OWASP most
considerable attack happing nowadays. Every organization should consider these attacks and protect their networks from these
attacks.
2
Network Attacks:

In passive attacks the attacker listen or check the information transferred to discovery the content of information communication or
to analyze the environment of message. Those type of attacks analyze transfers, monitors vulnerable infrastructures, decrypts
unprotected encoded information and captures reliable data such as PINs. In active attacks, the attacker attempts to damage or
breakdown into safe systems in the on-going message systems. Such type of attacks contains breaking into protected structures,
adding a malware codes and theft or altering complex data’s.

BROWSER ATTACKS

Browser-based network attacks are very frequent and common type of attack. They challenge to crack a machine over a web
browser, most shared methods people use the internet .Browser attacks frequently start at authentic, but affect the websites.
Attackers break the site and pollute it with malware. When new peoples arrive (through web browser), the infected site tries to force
malware in to their systems by manipulating weaknesses in their browsers.

WORM ATTACKS

Worm attacks extent by themselves. They are self-transmitting malware that does not need user contact. Naturally, they exploit
system weaknesses to spread over local networks and outside. WannaCry ransomware, which occur more than 500,000 computers
in a little days, used worm methods to attack networks and mechanisms. WannaCry directed a widespread Windows weakness to
slowly break a machine. When a machine was infected, the malware scanned the linked LANs and WANs to discovery and infect
other weak hosts.

MALWARE ATTACKS

 Phishing emails – Attackers make mails to the victims into believe that mail from genuine user, tricking them into copying
attachments that crack out to be malware.

 Malicious websites – Attackers can make websites that include malicious kits planned to find weaknesses in the system
of website visitors and practice them to force malware in to their systems. The websites can also be recycled to cover
malware as genuine downloads.

 Malvertising – smart attackers have exposed ways of using marketing networks to distribute their products. When clicked,
the malicious advisement can redirect the victim to a malware-hosting website. Some malvertising attack do not even need
user communication to infect a structure.

IDENTITY SPOOFING

Maximum networks and OS use the IP address as an information in a computer to classify a valid object. In certain circumstances,
it is likely for an IP information to be incorrectly assumed as identity taking. An attacker also use different programs to concept IP
packets that seem to create from valid addresses private the corporate intranet. When an attacker improvements access to the system
with a legal IP address, the attacker can modify, redirect, or erase your information and behavior other kinds of attacks. When an
attacker usages valid user explanation, the attacker performances like original user. Then, if the operator have ability to control the
administration, the attacker can also make records for following contact at a later time.

SNIFF ATTACKS

A sniffer is an application that can sniff the network information contacts then read network packs. A sniffer delivers an occupied
view of the information confidential the packet Even If they are not encrypted, summarized packets can be cracked open and read
except they are encrypted and the attacker can’t make the contact to the key. By using these attack, the attacker can interrupt the
target connect and the attacker can modify the access whatever the attacker want.

MAN IN THE MIDDLE

The MITM attack captures a message between two organizations. If an http deal the destination is the TCP link between user and
server. Using altered techniques, the attacker splitting the unique TCP connection divided into two new networks, one between the
user and the attacker then the other is the additional between the server and the attacker. When the TCP connection is captured, the
attacker turns as a proxy, being capable to read, addition and adapt the data in the stop communication.

3
ARP ATTACKS

ARP sniffing is a type of attack that works by the harmful performer sends false (Address Resolution Protocol) ARP
communications above a local area network. This effects in the connecting of an attacker’s physical address through the IP
information of a genuine processer or server on the network. When the attacker’s MAC address is linked to a reliable IP address,
the attacker will trigger getting any information that is planned for that IP address. ARP spoofing can allow malicious activities to
interrupt, change or even break data in-transit. ARP spoofing spasms can only happen on local networks that exploit the ARP.

BOTNET

The network of cooperated computers control under the malicious player. Individual machines on the botnet is mentioned to as a
bot and the bot is a shaped when a computer becomes infected by malware that allows third-party switch. Bots are also known as
“Zombies” due to their facility to operate below remote way without their holder’s knowledge. The attackers that controller botnets
are denoted to as “bot masters.”

DNS SPOOFING ATTACKS

DNS Servers keep a record of domain names and matching IP addresses. DNS Spoofing attacks are through by altering a domain
name entry of a genuine server in the DNS server to opinion to some IP other than it, and then takeover the individuality of the
server. In DNS cache destroying a DNS server is completed to cache entrances which are not formed from appreciated Domain
Name System sources. In DNS spoofing, an attacker attack the random ID in DNS invitation and reply a false IP address using the
hacked ID.

BACKDOOR ATTACKS

Backdoor in an OS or application is a technique of bypassing usual verification and gain access. Through the growth of an OS or
application’s, programmers enhance back entrances for different matters. The backdoors are uninvolved when the product is
prepared for delivery or manufacture. When a backdoor is noticed, which is not uninvolved, the vendor announces a conservation
update or cover to close by the back door.

Additional type of back door can be connected program or could be an alteration to a current program. The installed package may
allow a user record on to the computer without a password with organizational rights. Many plans are accessible on internet to make
back door attacks on schemes. One of the new current tools is Back Orifice which is also accessible for free transfer on internet.

III. APPROACHES TO PREVENT NETWORK AND WEB SERVICES ATTACKS

FIG 3 Attacks percentage on 2017

4
Based on the offensive security analysis, above diagram shows the major attacks occurred on 2017. MITM take a top place and still
one the powerful attack to interrupt the communication. Botnets are the developing attack that easily affect the client device and
cause the data theft over command and control service. Backdoor attacks are target the applications weakness and misconfiguration
of service, then using over the payloads these attacks are affect both client and server.

1. MAN IN THE MIDDLE:

The attack might also be complete over the https construction by via the same method, the one difference contains in the formation
of two self-determining SSL periods, over separate TCP construction. Browser groups an SSL construction by the attacker, then
the attacker founds additional SSL link to the server. Overall the browser advises the handler that the digital certificate mentioned
that is not legal, then the user may overlook the notice since the user doesn’t know the threat. Now some particular contexts it’s
probable that the notice doesn’t look, as intended, for example, once the Server certificate is separated by the attacker or after the
attacker certificate is contracted by a reliable CA then the CN is the similarity of the unique web service.

PREVENTION:

STRONG ENCRYPTION:

Consuming a strong encryption methods on wireless access points stops annoying users from linking your system fair by being
close. Weak encryption method be able to permit an attacker to perform the brute-force his method into a system and start man-in-
the-middle attack. Making the strong encryption implementation, the harmless one.

VPN:

VPNs are mainly used to make a secure situation for complex data inside a local network. They practice key-oriented encryption to
make a subnet to provide safe message. This method, if an attacker occurs to acquire the network that is public, attacker will not be
capable to decode the information in the VPN.

HTTPS:

HTTPS make user secure communicate over the HTTP via key exchange methods. This stops an attacker after having some use of
the information that the attacker may be sniff. Websites only use HTTPS for high secure communication like authentication and
banking. Customers can connect browser plugins to apply continuously using HTTPS on requirements.

2. BACKDOOR ATTACK:

This is the division of malware that rejects get into system in normal way. Thus, permitting attackers to remotely contact record,
organizer servers, subject classification commands and bring up-to-date malware. It provides attackers the influence to contact the
cooperated network and interruption into the group short of being recognized.

Backdoors are connected by attractive benefit of weaknesses originate in web based application mechanisms. When it is connected
on the device it very difficult to be recognize. Usually it is recycled in the fact of record or command and control

PREVENTION:

Noticing backdoor attacks is not informal as it turns without viewing considerable functions of its presence. Many finding tools are
not able to detect it and defend the organization. Thus, it’s important to study methods that can support in decreasing the danger of
a crack.

 The main protection one should accept is to have a firewall working on the network. It prevent the access point illegal
access significance implementation of port required backdoor was very hard.
 Need very strong network monitoring particularly for exposed source established programs and form that they originate
from reliable sources program.
 Enhance extra layer of safety to network observing as it is the important to defend beside backdoor attacks. Network
monitoring promises that any doubtful action won’t occur unobserved. Then the command and control server is assemble
the data the network administrator will become to see and they can gross amount to break the attack and modify the any
damage.

5
  Usage of an anti-malware scripts, approximately backdoor attacks operate with the network transportation to sort it look
unaffected and don’t knockout the alerts. So, to evade such positions an inform anti-malware is very important to
implement. It can find and easily notice the backdoors. Anti-malware are really help to control the malware and deny the
backdoor that are present and secure the network.

3. BOTNETS:

These attack can also offers chances for attacker to rob the personal and financial data, weak protected important documents and
watching keystrokes with the purpose of taking passwords and gaining the authentication into bank details.

PREVENTION:

Undoubtedly taking your computer engaged into a botnet is really bad and it’s not fair to everyone otherwise on the internet who
force end up to be affected by junk and attacks thrown from your appropriated computer.

 Route anti-virus and anti-spams, assured that system keep is to be updated.

 Route other safety software that may be a firewall, make your system as not vulnerable for that.
 Make other software, apps are updated too because many new weaknesses are originate all the time, approximately of
which are broken by virus writers in their efforts to produce the scope of the botnet. Making the automatic updates to
update it once they got any update is really helpful.
 Be aware about the link that are came over the mail and before opening the mail, check about the mail details and other
information about that.
 Smart phones are the easy target for botnet to perform the command and control, because the application installment.
Before installation, check about the application is original or fake.

IV.ANALYSIS OF ADVANCED TOOLS USED TO DETECTION THESE ATTACKS

Sr. Attacks Tools Platform Methodology Advantage Disadvantage

No
1 MITM ETTERCAP LINUX / WINDOWS It is a specific tool used for the
man in the middle attack. It
support both active and passive
attacks. It can also use to sniff the
particular data over the connection
and we can also overwrite it by our
need.
2 DOS XERXES LINUX One of the powerful DOS method
used by the attacker using this tool.
It was modified by many user and
it was written in C.
One of the advanced It won’t decrypt the
MITM attack tool that packet from secure
comes with overwrite connection, it hide its
on the connection. work in background and
They are also widely we can’t decode those
used by pen-tester to connection.
check the network.
It collect the detail of It not work on all targets,
the target first and cloud flare are able to
explore over it. It pass these attack easily.
simple to use directly.

3 BOTNET UFONET LINUX The tool that attack the target using It use direct IP or the Some of the Firewall,
DDOS attack by define the domain address for IDS and IPS can easily
botnet’s on target system. It create the communication block these payload and
a payload and send to the and it was easy to it consume lot of time to
destination then it start to provide explore. establish the botnet
once it connected.
the command and control system
for the attacker. Then attacker can
able to do DDOS attack.
4 BACKDOOR THE FAT RAT LINUX It was one of the best exploration It was unique tool It consume lot of time
method to establish the backdoor used to create and these payloads are
and it not only designed to create backdoor using the need to open by the user
the backdoor, it also designed to help of metasploit and to gain the backdoor.
create the undetectable payload. It msfvenom. Some payload can be
support more to create the payload It bypass most of the block at network level.
for android also. antivirus.

6
 5 BROWSER BEEF LINUX / Browser based exploring tool that It’s a ruby and It’s a client oriented tool
ATTACK WINDOWS support to gain access via plugins JavaScript based and its need access from
and it explore the client side method. It hook the the target to explore the
weakness. It look the parameter of victim browser and weakness. It take user
the network then it try find the get the connection permission over the
vulnerabilities on client based over the process access.
activities.

6 SOCIAL SETOOLKIT LINUX It is the collection of social
ENGGINERING engineering techniques and major
one is phishing. The tool that
contain the clone option to obtain
the page as same like as the
original.
It’s a combination of It only work to some
kits and it connect to people, everyone is
the server for further aware for the social
exploitation. It create engineering and
the MSF console for phishing attack
nowadays.
payload.

V. CONCLUSION

Attacks are increasing every day and attackers are smart to handle these thing to obtain the data’s. Every organization should need
to pen-test their network and service to find the loopholes and it help to avoid the organization from these attacks. Nowadays
students are started to find the bugs on every websites and reporting to admin and they get some rewards, but we can’t believe
everyone should report the vulnerabilities. Every organization should need to upgrade their services every day and for upcoming
days, every organization need pen-testing team to analysis the network. Dark web is the source that control the many groups and
target the financial companies to attack, they are having multiple underworld cybercrime groups. They are now targeting the all
organization under his control and demand money to obtain back to normal. So security of the network and services are essential
for every companies. Over these prevention mechanisms are helpful to secure the service. Monitoring the service and network will
provide the additional security.