INTRODUCTION TO CYBER SECURITY

MODULE 3

Tools and Methods Used in

Cybercrime.
Scareware
 It consist of scam software with malicious payloads
which are sold to consumers via certain unethical
marketing practices using social engineering.

 Some websites display a pop up advertisement with text

such as “ Your Computer may be infected with harmful
Spyware programs, Immediate removal may be required . To
scan click “YES” below.
Malvertising
 It is a Malicious advertising - Malware +Advertising.

 Cyber Criminals attempt to distribute malware through

advertising.
 Possible vector attacks include Malicious Code hidden
within an advertisement, embedded into a webpage or
within software which is available to download.
 Clickjacking

 It is a malicious technique of tricking the users into

revealing confidential information and taking control of
their system while clicking on certain webpages.

 Cyber Criminals take the advantage of vulnerability

across a variety of browsers and platforms to launch this
type of attack.
Ransomware
 It is a computer malware that holds a computer system
or the data it contains hostage against its user by
demanding a ransom for its restoration.

 It typically propogates as a conventional computer worm,

entering a system through for example vulnerability in a
network service or an Email attachment.
 Ransomware Contd.......
 It may then

 Disable an essential system service or lock the display at

system start up and
 Encrypt some of the user’s personal files.

 In both cases , the malware may extort by urging the user to

buy a decryption or removal tool.
 Proxy Servers
 Proxy Server is a computer on a network which acts as an
intermediary for connections with other computers on that network.
 The attacker connects to the proxy server and establishes a
connection with target system through existing connection with proxy.
 This enables an attacker to surf on the Web anonymously and hide the
attack.
 Proxy Servers Contd.......

 A proxy server has following purposes:

1. Keep the systems behind the curtain mainly for security reasons.

2. Speed up access to a resource. It is used to cache the webpages from a

web server.

3. Specialised proxy servers are used to filter unwanted content such as

advertisements.

4. Proxy server can be used as IP address multiplexer to enable to

connect number of computers on the Internet, whenever one has
only one IP Address.
 Proxy Servers Contd.......

 One of the advantages of a proxy server is that its cache

memory can serve all users.
 If one or more websites are requested frequently, may be by
different users, it is likely to be in the proxy’s cache memory,
which will improve user response time.
 In fact there are special servers available known as cache
servers.
 Anonymizers Contd.......

 An Anonymizer or a Anonymous proxy is a tool that attempts

to make activity on the Internet untraceable.
 It accesses the Internet on the user’s behalf, protecting personal
information by hiding the source computer’s identifying
information.
 Anonymizers are services used to make Web surfing anonymous
by utilizing a website that acts as a proxy server for web client.
 PHISHING

 Phishing (pronounced: fishing) is an attack that attempts to steal

your money, or your identity, by getting you to reveal personal
information -- such as credit card numbers, bank information, or
passwords -- on websites that pretend to be legitimate.
 How Phishing works
1. Planning:

Criminals called Phishers, decide the target and determine how to get
Email address.

2. Setup:

Once the Phishers know who their victims are, they will create methods
for delivering the message and to collect data about the target. Most
often this involves Email address and webpage.
3. Attack:

In this step the phisher sends a message that appears to be from a reputable
source.

4. Collection:

Phishers record the information of victims entering into webpages or pop

up windows.

5. Identity theft and fraud:

Phishers use the information that they have gathered to make illegal
purchases or commit fraud.
 Password Cracking
 Password cracking is a process of recovering passwords from the
data that have been stored in or transmitted by a computer system.
 The purpose of password cracking is as follows:

1. To recover a forgotten password.

2. To check for easily crackable passwords

3. To gain unauthorized access to a system.

 Manual Password Cracking:

Manual password cracking is an attempt to login with different

passwords. The attacker follows the following steps.

1. Find a valid user account such as Administrator or Guest.

2. Create a list of possible passwords.

3. Rank the passwords from high to low probability.

4. Key in each password.

5. Try again until a successful password is found.

 Passwords can be guessed sometimes with the knowledge of users
personal information. Examples of guessable passwords
include:

1. Blank (none).

2. The words like “password”, “passcode” and “admin”.

3. Series of letters from the keyboard, for example “qwerty”,

“asdf” or “qwertyuiop”.

4. User’s name or login name.

5. Name of User’s friend, relative or pet.

6. User’s birth place or date of birth or relative’s or friend’s.

7. User’s vehicle number, office number, house number or

mobile number.

8. Name of celebrity who is considered to be an idol by the user.

9. Simple modification of one of the preceding, such as suffixing

a digit, paticularly 1 or reversing the order of letters.
 An attacker can also create a script file (automated
program) which will be executed to try each password in a
list.
 This is still considered as manual cracking, is time
consuming and not usually effective.
Classification of Password Cracking Attacks :

 Online Attacks.

 Offline Attacks.

 Non Electronic Attacks ( Eg: Social Engineering, Shoulder

Surfing and Dumpster Diving. )
 Online Attacks
 An attacker can create a script file (i.e, an automated program)
that will be executed to try each password in a list and when it
matches, an attacker can gain the access to the system.
 The most popular online attack is man in the middle (MITM)
attack, which is form of active eavesdropping in which the attacker
establishes a connection between the victim and the server to which
a victim is connected.
 This type of attack is used to obtain the passwords for Email
accounts on public websites such as Yahoo, Hotmail and Gmail
and can also be used to get the passwords for financial websites
that would like to gain the access to banking websites.
Offline Attacks

 Mostly offline attacks are performed from a location other

than the target (i.e, either a computer system or while on the
network) where these passwords reside or are used.

 Offline attacks usually require physical access to the computer and

copying the password file from the system onto removable

media.
 Different types of offline password attacks
TYPE OF ATTACK DESCRIPTION EXAMPLE OF A
PASSWORD

Dictonary Attempts to match all the words Administrator

Attack from the dictonary to get the
password.
Hybrid Attack Substitutes numbers and symbols to Adm1n1strator
get the password.

Brute Force Attempts all possible permutation Adm!n@09

Attack combination of letters, numbers and
special characters.
 Strong, Weak and Random Passwords
 A weak password is one which could be easily guessed, short,
common and a system default password that could be easily
found by executing a brute force attack and by using a subset of all
possible passwords, such as words in the dictonary, proper names
and words based on the username.
 Passwords that can be easily guessed such as date of birth, pet’s
name are considered to be very weak.
 Examples of weak passwords

1. Comman Personal Name.

2. Repeated letters. aaaa

3. Common Name of a pet.

4. Common passwords. abc123, admin, 1234, password

5. Sequence of adjacent letters on keyboards. QWERTY.

6. Date of personal importance.

7. Username of the account.

8. Simple letter substitutions. p@$$W0rd

9. Very often used words. password

10.Using the date of forced password change is very common.

 A strong password is long enough, random or otherwise
difficult to guess.
 The length of time deemed to be too long will vary with the
attacker, the attacker’s resources, the ease with which the
password can be tried and the value of the password to the
attacker.
 A student’s password might not be worth more than a few seconds
of computer time, while a password controlling access to a large
bank’s electronic money transfer system might be worth many
Examples of strong passwords

1. Convert_$100 to Euros! Such phrases are long, memorable

and contain an extended symbol to increase the strength of
the password.

2. 382465304H It is a mix of numbers and letter at the end

which can be generated randomly.

3. 4pRte!ai@3 It is not a dictionary word.

4. Mo0o0fln245679 It is long with both alphabets and numbers.

5. t3wahSetyeT4 It is not a dictionary word.

 Random Passwords
 Most secured passwords are long with random strings of
characters and are generally most difficult to remember.
 Password is stronger if it includes a mix of upper and lower case
letters, numbers and other symbols.
 The difficulty in remembering such a password increases the
chance that the user will write down the password, which makes it
vulnerable if the paper is stolen or lost and the password
discovered.
 A password can be random For Eg: 26845. Although short it is
not easily guessed.
 Using random passwords ensures that the password will have no
connection with the user.
The General Guidelines Applicable to the Password Policies

1. Passwords and user login identities (IDs) should be unique to each

authorized user.

2. Passwords should consist of a minimum of eight alphanumeric

characters.

3. There should be computer controlled lists of prescribed password

rules and periodic testing to identify any password weaknesses.
4. Passwords should be kept private. They should not be
noted down anywhere.

5. Passwords shall be changed every 30/45 days.

6. User accounts should be frozen after five failed logon

attempts.

7. Sessions should be suspended after 15 minutes of

inactivity or require the passwords to be re entered.
8. Successful logons should display the date and time of the last
logon and logoff.

9. Logon IDs and passwords should be suspended after a

specified period of non - use.

10. For high - risk systems, after excessive violations, the system
should generate an alarm.
 Password Guidelines to be practiced to avoid
being victims of Email accounts hacked:
1. Passwords used for business Email accounts, personal Email
accounts and banking / financial accounts should be kept seperate.

2. Passwords should be of minimum eight alphanumeric characters.

3. Passwords should be changed every 30/45 days.

4. Passwords should not be with relatives and/or friends.

5. Password used previously should not be used when renewing the

password.
6. Passwords of E - Mail accounts should be changed from a secured
system, within couple of days, if these E - Mail accounts has been
accessed from public Internet facilities such as cybercafes/hostels/
libraries.

7. Passwords should not be stored in mobile phones or Computer

systems or any memory devices.

8. In the case of receipt of an E - Mail from banking/ financial

institutions, instructing to change the passwords, before clicking the
weblinks displayed in the E - Mail, legitimacy of the E - Mail should
be ensured to avoid being a victim of Phishing attacks.
9. Similarly, in case of receipt of SMS from banking/financial
institutions, instructing to change the passwords, legitimacy of
the SMS should be ensured to avoid a victim of Smishing
attacks.

10. In case of E - Mail accounts/ User accounts have been hacked,

respective agencies/ institutes should be contacted
immediately.
 Malwares
 Malwares are malicious softwares designed to infiltrate a computer system without the owner’s informed consent.

Malwares can be classified as follows:

1. Viruses and Worms 5. Spyware

2. Trojan Horses 6. Botnets

3. Rootkits 7. Keystroke loggers

4. Backdoors
 Keyloggers
 Keystroke logging often called as keylogging is the practice of
noting the keys struck on a keyboard in a hidden manner so that
the person using the keyboard is unaware that such actions are
being monitored.
 Keystroke logger or keylogger is a quicker and easier way of
capturing the passwords and monitoring the victim’s IT
behavior.
 It can be classified as software keylogger and hardware
keylogger.
 Software Keyloggers

 Software keyloggers are programs installed on the computer system

which usually are located between the OS and the keyboard hardware and
every keynote is recorded.
 Software keyloggers are installed on a computer system by Trojan and
Viruses without the knowledge of the user.
 A keylogger usually consists of two files that get installed in the same
directory: a dynamic link library (DLL) file and an executable (EXE) file
that installs the DLL file and triggers it to work. DLL does all the recording
of the keystrokes.
 Hardware Keyloggers

 To install these keyloggers, physical access to the computer

system is required.
 These are connected to the PC or the keyboard and save every
keystroke into a file or in the memory of the hardware device.
 Cybercriminals install such devices on ATM machines to
capture the ATM Card’s PIN’s.
 Each keypress on the keyboard of the ATM gets registered
by these keyloggers.
 These keyloggers look like an integrated part of such
systems; hence customers are unaware of their presence.
 AntiKeyloggers

 Antikeylogger is a tool that can detect the keylogger installed on the

computer system and also can remove the keyloggers.
 Advantages

 Firewalls cannot detect the installations of the keyloggers on the system;

hence antikeyloggers can detect the installations of keylogger.
 Antikeylogger does not need regular updates to work effectively such as
other antivirus and antispy programs.
 It prevents ID theft and secures E- Mail and instant messaging/
chatting.
 Spywares
 Spyware is a type of malware that secretly monitors the user.

 The presence of spyware is typically hidden from the user.

 Spywares such as keyloggers are installed by the owner of the

shared, corporate or public computer on purpose to secretly
monitor other users.
 The features and functions of Spywares are beyond simple
monitoring.
 Spyware programs collect personal information about the
victim, such as internet surfing habits/ patterns and
websites visited.
 Spyware may result in slowing of the internet connection
speeds and slowing of response time.
 To overcome the emergence of Spywares, aniti Spyware
softwares are available .
 Viruses and Worms
 Computer Virus is a program that can infect legitimate programs
by modifying them to include a copy of itself.
 Viruses spread themselves without the knoweldge of the users
and passes from computer to computer.
 Viruses may also contain malicious instructions that may cause
damage.
 Viruses can start on event - driven effects, time - driven effects
or can occur at random.
 Viruses can take some typical actions:

1. Display a message to prompt an action which may set off the

virus.

2. Delete files inside the system into which viruses enter.

3. Scramble data on a hard disk.

4. Cause erratic screen behavior.

5. Halt the system or PC.

6. Just replicate themselves to propagate further harm.

 Viruses spread through

1. The Internet: Virus is intentionally uploaded to an internet server

and distributed via E- Mail.

2. A stand alone computer system: When virus infected removable

disk is inserted to a computer system, the hard disk is infected. A
clean removable disk loaded into this computer will be infected
with the virus.

3. Local networks: Viruses are planted into a legitimate program

code and transmitted via data transmission links through the local
networks.
 A Worm spreads itself automatically to other computers
through networks by exploiting the security vulnerabilities.
 Worms just like virus may harm the system’s data or
performance.
 DIFFERENCE BETWEEN COMPUTER VIRUS AND WORM
SL FEATURE VIRUS WORM
.N
O

1 DEFINITION A computer virus is a A computer worm is a

software program that software program self
can copy itself and infect replicating in nature,
the data or information which spreads through a
without the user’s network.
knowledge.

2 SPREAD Needs a host program to Self, without user

MODE spread intervention
 DIFFERENCE BETWEEN COMPUTER VIRUS AND WORM

SL.N FEATURE VIRUS WORM

O

3 TYPES Boot sector viruses. Email Worms.

Program viruses. Instant Messaging Worms.
Stealth Virus. Internet Worms.
Multipartite viruses Internet Relay Chat (IRC)
Polymorphic Code Worms.
Virus. File Sharing Network
Macroviruses. Worms.
 DIFFERENCE BETWEEN COMPUTER VIRUS AND WORM
SL. FEATURE VIRUS WORM
NO

4 INCEPTION The creeper virus was The Morris Worm or

considered as the first Internet Worm is
known virus which considered as the first
spread in 1970 Worm which spread in
1988.

5 PREVALENCE 15% of Malwares are 8% of Malwares are

Viruses. Worms.
 Types of Viruses

1. Boot sector viruses:

It infects the storage media on which OS is stored and which is
used to start the computer system. Eg: Hard Drives and Floppy
disks.
The entire data / programs are stored on the floppy disks or hard
drives in smaller sections called sectors.The first sector is called
the BOOT and it carries the master boot record (MBR),
MBR’s function is to read and load OS that is it enables computer
system to start through the OS.
 Hence if a virus attacks an MBR or the boot record of a floppy disk
, such floppy disk infects victims hard drive when he/she reboots
the system while the infected disk is in the drive.
 Once the victims hard drive is infected all the disks that are being
used in the system will be infected and when these infected disks
are shared these viruses often spread to other systems.
2. Program viruses:
 These viruses become active when the program file usually with
extensions .bin, .com, .exe is executed or opened.
 Once these program files are infected the virus makes copies of
itself and infects the other programs on the computer system.

3. Multipartite viruses:
 It is a hybrid of a boot sector and program viruses.

 It infects the program files along with the boot record when the
infected program is active.
4. Stealth Viruses:
 It camouflages and masks itself and so detecting this type of
virus is very difficult.
 It can disguise itself in such a way that antivirus software also
cannot detect it.
 It alters its file size and conceals itself in the computer memory
to remain in the system undetected.
 Brain was the first stealth virus.
5. Polymorphic viruses:
 It acts like a chameleon that changes its virus pattern every time it
spreads through the system.
 Hence it is always difficult to detect polymorphic virus with the
help of an antivirus program.

6. Macroviruses:
 Many applications such as Microsoft Word and Microsoft Execl
support MACRO’s.
 These macros are programmed as a macro embedded in a
document,
 Once a macrovirus gats onto a victim’s computer then every
document he/she produces will become infected. This type of virus
is relatively new and may get slipped by the antivirus software if
the virus does not have the most recent version installed on his
computer.
7. Active X and Java Control:
 Active X and Java Control are the web browser settings to allow
certain functions to work - such as enabling or disabling pop up’s,
downloading files and scanning the computer for viruses using free
online antivirus scanners.
 Although there are benefits to using Active X there are known
security threats and malware that use Active X because it can
interface outside the browser.
 Trojan Horses
 Trojan Horse is a program in which malicious or harmful code
contained inside apparently harmless programming or data in
such a way that it can get control and cause harm.
 Trojan is a code that appears to be harmless but hides malicious
functions.
 Trojans can get into the system in a number of ways, including
from a web browser, via Email or in a bundle with other software
downloaded from the internet.
 Trojan Horses contd....
 Trojans do not replicate themselves but they can be equally
destructive.
 Trojans account for 58% of all computer malware.

 For example: waterfalls.scr is a waterfall screen saver, however it

can be associated with malware and become a Trojan to unload
hidden programs and allow unauthorised access to the user’s PC.
 Some typical examples of threats by Trojans are as follows

1. They erase, overwrite or corrupt data on a computer.

2. They help to spread other malware such as viruses.

3. They deactivate or interfere with antivirus and firewall programs.

4. They allow remote access to your computer.

5. They upload and download files without your knowledge.

6. They gather Email addresses and use them for Spam.

7. They log keystrokes to steal information such as passwords and credit

card numbers.
8. They copy fake links to false websites, display images and play
sounds/videos.

9. They slow down, restart or shut down the system.

10. They re install themselves after being disabled.

11. They disable the task manager.

12. They disable the control panel.

 Backdoors
 A backdoor is a means of access to a computer that bypasses security
mechanisms.
 A programmer may sometimes install a backdoor so that the program can be
accessed for trouble shooting or other purposes.
 Attackers always use backdoors that they detect or install themselves.

 A Backdoor works in background and hides from the user.

 A Backdoor is one of the most dangerous malware as it allows a malicious

person to perform any possible action on a compromised system.
 Most backdoors are automatic malicious programs.
 Functions of Backdoors:

1. It allows an attacker to create, delete, rename, copy or edit any

file, execute various commands change any system settings, alter
the windows registry, run, control and terminate applications,
install arbitrary software and parasites.

2. It allows an attacker to control computer hardware devices,

modify related setting, shut down or restart a computer without
asking for user permission.
3. It steals sensitive personal information, valuable documents,
passwords, login names, ID details, logs user activity and tracks
web browsing habits.

4. It records the keystrokes that a user types on a computer’s

keyboards and captures screen shorts.

5. It sends all gathered data to a predefined Email address. uploads it

to a predetermined FTP server or transfers it through a background
Internet connection to a remote host.

6. It infects files, corrupts installed applications and damages the entire

system.
7. It distributes infected files to remote computers with certain
security vulnerabilities and performs attacks against hacker
defined remote hosts.

8. It installs hidden FTP server that can be used by malicious

persons for various illegal purposes.

9. It degrades Internet connection speed and overall system

performance, decreases system security and causes software
instability.

10. It provides no uninstall feature, and hides processes.

 Examples of Backdoor Trojans:
1. Back Orifice: It is a backdoor Trojan designed for remote system
administration. It enables a user to control a computer running the
microsoft windows OS from a remote location.

2. Bifrost: It is a backdoor Trojan which can infect Windows 95 and

Vista. It uses a typical server, server builder and client backdoor
program configuration to allow access to a remote attacker.
3. SAP Backdoors: SAP is an Enterprise Resource Planning (ERP)
system and nowadays ERP is the heart of the business
technological platform. These systems handle the key business
processes of the organization such as procurement, invoicing,
human resources management, billing, stock management and
financial planning.
4. Onapsis Bizploit: It is the open source ERP penetration testing
framework developed by the Onapsis Research Labs. Bizploit
assists security professionals in the discovery, exploitation,
vulnerability assessment and exploitation phases of specialized
ERP penetration tests.
How to protect from Trojan Horses and Backdoors

1. Stay away from suspect websites/ web links. Avoid downloading

free/pirated software.

2. Surf on the Web Cautiously. Avoid connecting with or downloading

any information from peer to peer (P2P) networks, which are most
dangerous networks to spread Trojan Horses and other threats.

3. Install Antivirus / Trojan remover software. Nowadays antivirus

software have built in feature for protecting the system not only from
viruses and worms but also malware such as Trojan Horses
 Steganography
 Steganography is a Greek word that means “Sheltered Writing”.

 It is a method that attempts to hide the existence of

communication.
 Steganography is the art and science of embedding secret
messages in a cover message in such a way that no one, apart
from the sender and intended recipient, suspects the existence of
the message.
 The different names for steganography are data hiding, information
hiding and digital watermarking.
 Depending on the nature of the actual object in which data is
embedded Steganography can be divided into 5 types
 Text Steganography.

 Image Steganography.

 Video Steganography.

 Audio Steganography.

 Network Steganography.
How Steganography Works:
 Steganography Tools
1. DiSi Steganograph: It is a very small DOS based Steganographic
program that embeds data in images.

2. Invisible Folders: It has the ability to make any file or folder

invisible to anyone using your PC even on a network.

3. Invisible Secrets : It not only encrypts the data and files for safe
keeping or for secure transfer across the Net but also hides them in
places such as picture or sound files or webpages. These types of files
are a perfect disguise for sensitive information.
 Steganalysis

 The practice of detecting Steganography is called ‘Steganalysis’.

 The goal of Steganalysis is to identify suspected packages and to

determine whether or not they have embedded messages into
them and if possible recover them.
 There are several tools that can detect the presence of hidden data
such as StegExpose, StegAlyzer and StegSpy.
 Steganalysis Tools

1. StegAlyzerAS: It is a digital forensic analysis tool designed to scan

“suspect media” or “forensic images” of suspect media for
known artifacts of SteganographyApplications.

2. StegSpy: It is a digital forensic analysis tool designed to detect

steganography and the program used to hide the message.

3. Stegdetect: It is an automated tool for detecting steganographic

content in the images.
 DoS Attacks and DDoS Attacks

 A denial of service or distributed denial of service attack is an

attempt to make a computer resource or information system
unavailable to its intended users.
 DoS Attacks
 The attacker floods the bandwidth of the victim’s network or
fills his E Mail box with Spam mail depriving him of the services
he is entitled to access or provide.
 The attackers typically target sites or services hosted on high
profile web servers such as banks, credit card payment
gateways, mobile phone networks and even domain name
servers.
 DoS Attacks contd......

 The symptoms of DoS attacks include

1. Usually slow network performance.

2. Unavailability of a particular website.

3. Inability to access any website.

4. Increase in the number of Spam E Mails received.

 Classification of DoS Attacks

1. Bandwidth attacks: Loading any website takes certain time. This loading consumes
some amount of memory. Every site is given with a particular amount of bandwidth
for hosting say for example 50 GB. The attacker opens 100 pages of a site and keeps
on refreshing and consuming all the bandwidth thus the site becomes out of service.

2. Logic attacks: This type of attacks can exploit vulnerabilities in network software
such as web server or TCP/IP stack.
 Classification of DoS Attacks contd......
3. Protocol attacks: Protocols are rules that are to be followed to send data over network.
These kinds of attacks exploit a specific feature or implementation bug of some protocol
installed at the victim’s system.

4. Unintentional DoS attack: This is a scenario where a website ends up denied due to
sudden enormous spike in popularity. This can happen when an extremely popular website
posts a prominent link to a second less well prepared site, for example , as part of a new
story.
 Types or Levels of DoS Attacks

1. Flood attack: This is the earliest form of DoS attack and is also
known as ping flood. It is based on the attacker simply sending the
victim overwhelming number of ping packets usually by using
the “ping” command which results into more traffic the victim
can handle. This requires the attacker to have a faster network
connection than the victim. It is very simple to launch but to prevent
it completely is the most difficult.
 Types or Levels of DoS Attacks contd.......

2. Ping of death attack: This attack sends oversized Internet Control

Message Protocol (ICMP) packets. It is generally used by
networked computers OS’s to send error messages to the victims.
Some systems upon receiving the oversized packet will crash,
freeze or reboot resulting in DoS.
 Types or Levels of DoS Attacks contd.......

3. SYN attack: It is also termed as TCP SYN Flooding. In the

transmission Control Protocol (TCP) handshaking of network
connections is done with SYN and ACK messages. An attacker
initiates a TCP connection to the server with an SYN. The server
replies with an SYN - ACK. The client then does not send back an
ACK causing the server to allocate memory for the pending
connection and wait. This fills up the buffer space for SYN
messages on the target system, preventing other systems on the
network from communicating with the target system.
 Types or Levels of DoS Attacks contd.......

4. Tear drop attack: This is an attack where fragmented packets are

forged to overlap each other when the receiving host tries to
reessemble them. IP’ s packet fragmentation algorithm is used to
send corrupted packets to confuse the victim and may hang the
system. This attack can crash various OS due to a bug in their
TCP/IP fragmentation reassembly code. Windows and Linux OS
are vulnerable to this attack.
 Types or Levels of DoS Attacks contd.......

5. Smurf attack: This type of DoS attack that floods a target via
spoofed broadcast ping messages. This attack consist of a host
sending an Internet Control Message Protocol (ICMP) echo request to
a network broadcast address. Every host on the network receives the
ICMP echo request ans sends back an ICMP echo response. On a
multi access broadcast network, hundreds of machines might reply
to each packet. This creates a magnified DoS attack of ping
replies.
 Types or Levels of DoS Attacks contd.......

6. Nuke: Nuke is a old DoS attack against computer networks

consisting of fragmented or otherwise invalid ICMP packets sent
to the target. It is achieved by using a modified ping utility to
repeatedly send this corrupt data, thus slowing down the affected
computer until it comes to a complete stop.
 DDoS Attacks

 In a DDoS attack an attacker may use your computer to attack

another computer.
 By taking by taking advantage of the vulnerabilities or weaknesses,
an attacker could take control of your computer.
 The attacker could force your computer to send huge amounts of
data to a website or send Spam to particular E Mail addresses.
 The attack is “distributed” because the attacker is using multiple
computers to launch the DoS attack.
 DDoS Attacks contd.....

 A DDoS attack is a distributed DoS wherein a large number of

zombie systems are sychronized to attack a particular system.
 The zombie systems are called as “ secondary victims” and the
main target is called “ primary victim”.
 How to protect from DoS/DDoS Attacks

1. Implement router filters. This will lessen your exposure to

certain DoS attacks.

2. If such filters are available for your system, install patches to

guard against TCP/SYN flooding.

3. Disable any unused or inessential network service. This can limit

the ability of an attacker to take advantage of these services to
execute a DoS attack.
4. Enable quota systems (allocate limited disk space) on your OS if
they are available.

5. Observe your system’s performance and establish baselines for

ordinary activity. Use the baseline to gauge unusual levels of disk
activity central processing unit ( CPU) usage or network traffic.

6. Routinely examine your physical security with regard to your

current needs.

7. Use a tool to detect changes in configuration information or other

files.
8. Invest in and maintain “ hot spares” machines that can be placed
into service quickly if a similar machine is disabled.

9. Invest in redundant and fault tolerant network configurations.

10. Establish and maintain regular backup schedules and policies

particularly for important configuration information.

11. Establish and maintain appropriate password policies, especially

access to highly privileged accounts such as Unix root or
Microsoft Windows NT Administrator.
 Attacks on Wireless Networks

 Wireless technologies have become increasingly popular in day to day

business and personal lives.
 Wireless networks extend the range of traditional wired networks by
using radio waves to transmit data to wireless enabled devices.
 Wireless networks are generally composed of two basic elements (a)
access points and (b) other wireless enabled devices.
 Access points are connected through physical wiring to a conventional
network and they broadcast signals with which a wireless device can
connect.
Important components of wireless network

1. 802.11 networking standards: Institute of Electrical and

Electronics Engineers (IEEE)- 802.11 is a family of standards for
wireless local area network (WLAN) stating the specifications and
requirements for computer communication in the 2.4, 3.6 and
5GHz frequency bands.

a) 802.11 b) 802.11 a c) 802.11 b d) 802.11 g

e) 802.11 n f) 802.15 g) 802.16

 Important components of wireless network
2. Access points :
 It is also termed as AP.

 It is a hardware device or software that acts as a central transmitter

and receiver of WLAN radio signals.
 Users of wireless device such as laptop get connected with these AP’s
which in turn get connected with the wired LAN.
 An AP acts as a communication hub for users to connect with the
wired LAN.
Important components of wireless network
3. Wi Fi hotspots:
Important components of wireless network
4. Service set Identifier (SSID) :
Important components of wireless network
5. Wired equivalence privacy (WEP) :
Important components of wireless network
6. Wi Fi protected access (WPA and WPA2):
Important components of wireless network
7. Media access control (MAC):
Traditional Techniques of Attacks on
Wireless Networks :
 How to secure Wireless networks

1. Change the default settings of all the equipments/ components of

wireless network. (e.g., IP Address/ User ID’s/ Administrator
passwords etc)

2. Enable WPA/ WEP encryption.

3. Change the default SSID.

4. Enable MAC address filtering.

5. Disable remote login.

 How to secure Wireless networks contd.....

6. Disable SSID broadcast.

7. Disable the features that are not used in the AP. (e.g., printing/ music
support etc.)

8. Avoid providing the network a name which can be easily identified

(e.g., My _Home_WiFi)

9. Connect only to secured wireless network.

10. Upgrade router’s firmware periodically.

 How to secure Wireless networks contd.....

11. Assign static IP addresses to devices.

12. Enable firewalls on each computer and the router.

13. Position the router on AP Safely.

14. Turn off the network during extended periods when not in use.

15. Periodic and regular monitor of wireless network security.