Attacks

 Types of Attacks
 Passive Attacks
 Active Attacks
Attacks
Passive Attacks
Masquerade
Masquerade takes place when one entity pretends
to be an another entity.

* These images are copied from the textbook (Cryptography and Network Security, by William Stallings).

4
Replay
Involves the passive capture of a data unit and its
subsequent retransmission to produce an unauthorized effect.

5
 Modification of message
Means that some portion of a legitimate message is altered.

6
Denial of service

A denial-of-service (DoS) is any type of attack

where the attackers (hackers) attempt to prevent
legitimate users from accessing the service.

7
Anatomy of an attack
 Attacker
 Some one outside your network perimeter who is trying to
break in
 Regular user has an inside view, so overwhelming majority
originate from inside
 Collecting information
 Probing the network
 Launching an attack
 Collecting information
 XYZ is the user that wants to attack your network.
 Question: Where to start?
 In order to get it he has to do some investigative work
about your network.
 The first thing it can do is to run the “whois” query.
 Live and authoritative
 Whois
 Query to the interNIC.
 It maintains the publicly accessible database of all
registered domains
 Can be searched with simple query “whois
domainname”
 “Whois pugc.edu.pk”
 The organizational domain name
 The organizational location
 The organization’s administrative contact
 The phone no and fax number for the administrator
 A valid subnet address within the organization
Organization domain name
 It is important because anyone can use it to collect
further information
 Any host associated with this name will be an extra
information
 www.pugc.edu.pk

 mail.pugc.eud.pk

 Now this host will be used as keyword to use when

forming future queries

Physical location
 Knowing physical location of Organization
 Might get temp job, offer his consulting services
 Once he is in, he might be granted certain level of
permission to resources
 Might try to backdoor into network
 Wants to do dumpster diving (Who, What, When, Where
and Why )
 Dump sensitive information in trash
 Write passwords at temp places
 Not separating trash from rest for recycling
Admin contact
 Individual responsible for maintaining network.
 This is very useful for physical hacking
 For example, he calls as member of help desk and asks,
“hey! You have asked me to check for your certain account,
there is some problems, whats ur passwd”
 Dangerous for such organizations who don’t have the
tendency to change passwds frequently
 Email is also a valid attack for this contact, for sending
spoofed mail that contains some hostile code, if email is
activated then ………
Valid subnet mask
 Last information of whois is an ip address entry for
domain.
 Getting an ip address of same subnet, ensures that
others will be at the same place
 So ip spoofing attack can be send
Four Categories of Attacks
 Access
 Modification
 Denial of Service
 Repudiation
1. Access Attack
 An access attack is an attempt to gain information
that the attacker is unauthorized to see.
 This attack can occur wherever the information
resides or may exist during transmission.
 This type of attack is an attack against the
confidentiality of the information.
 Examples:
 Snooping
 Eavesdropping
 Interception
Cont…
 Confidentiality can be compromised through:
 Snooping
 Snooping, in a security context, is unauthorized access to
another person's or company's data
 Not necessarily limited to gaining access to data during its
transmission
 Casual observance of an e-mail that appears on another's
computer screen or watching what someone else is typing
 Eavesdropping
 Being invisible on a public channel can be considered
eavesdropping
 To gain unauthorized access to information, an attacker must
position himself at a location where the information of interest
is likely to pass by.
 Confidentiality can be compromised through:
 Interception
 Unlike eavesdropping, interception is an active attack against
the information
 When an attacker intercepts information, he is interesting
himself in the path of information and capturing it before it
reaches its destination
 After examining the information, the attacker may allow the
information to continue to its destination or not.
Modification Attacks
 A modification attack is an attempt to modify
information that an attacker is not authorized to
modify.
 This type of attack is an attack against the integrity
of the information.
 Integrity can be compromised through:
 Changes
 Insertion
 Deletion
Denial of Service Attacks
 DoS attacks are attacks that deny the use of
resources to legitimate users of the system,
information, or capabilities.
Dos methods
 flooding a network, thereby preventing legitimate
network traffic;
 disrupting a server by sending more requests than it
can possibly handle, thereby preventing access to a
service;
 preventing a particular individual from accessing a
service;
 disrupting service to a specific system or person.
 Cont…
 DoS attacks can be done against the:
 Information
 Applications
 Systems
 Communications
Repudiation Attacks
 Repudiation is an attack against the accountability of
the information.
 Repudiation is an attempt to give false information or
to deny that a real event or transaction should have
occurred.
 An example of this type of attack would be a user
performing a prohibited operation in a system that lacks the
ability to trace.
Back Doors
 A backdoor is a method of bypassing normal
authentication or encryption in a computer system
 A hardware or software-based hidden entrance to a
computer system that can be used to bypass the
system's security policies.
 Using a known or through newly discovered access
mechanism, an attacker can gain access to a system
or network resource through a backdoor.
Cont..
 There are several ways that back doors can be
placed on a computer:
 Opening an infected e-mail attachment (they are often
combined with viruses and worms)
 Exploiting a vulnerable, unpatched software application or
operating system service
 Active FTP server on the computer (especially one that
allows "anonymous" sessions)
Brute Force
 Also known as exhaustive key search and password
attack.
 Try every possible combination of options of a
password.
Determining the Difficulty of a
Brute Force Attack
 The difficulty of a brute force attack depends on
several factors, such as:
 How long can the key be?
 How many possible values can each component of the key
have?
 How long will it take to attempt each key?
 Is there a mechanism which will lock the attacker out after a
number of failed attempts?
Dictionary
 Another form of the brute force attack.
 Dictionary attack narrows the field by selecting
specific accounts to attack and uses a list of
commonly used passwords (the dictionary) with
which to guess, instead of random combinations.
Spoofing
 Is an attempt to gain access to a system by
pretending as an authorized user.
 By gaining the IP address of the trusted host and
then modify the packet headers so that it appears
that the packets are coming from that host.
 IP spoofing
 ARP spoofing
 Email spoofing
 IP Spoofing
Inserting the IP address of an authorized user into the
transmission of an unauthorized user in order to gain
illegal access to a computer system. Routers and
other firewall implementations can be programmed
to identify this discrepancy
 ARP Poisoning
 The principle of ARP spoofing is to send fake, or 'spoofed',
ARP messages to an Ethernet LAN. Generally, the aim is to
associate the attacker's MAC address with the IP address
of another node (such as the default gateway).
 Any traffic meant for that IP address would be mistakenly
sent to the attacker instead. The attacker could then
choose to forward the traffic to the actual default gateway
(passive sniffing) or modify the data before forwarding it
(man-in-the-middle attack).
 The attacker could also launch a Denial of Service attack
against a victim by associating a nonexistent MAC address
to the IP address of the victim's default gateway.