Scribd
Upload
17 views12 pages

Lectures 7 - To - 9 - Attacks Attackers Threat Environment

Uploaded by

syedrouhanali7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
17 views12 pages

Lectures 7 - To - 9 - Attacks Attackers Threat Environment

Uploaded by

syedrouhanali7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

INFORMATION SECURITY

Lecture-7/8/9
Attacks & Their Types_Part-II
Eavesdropping

Common packet sniffers: TCPdump, Wireshark


Solution - Encrypt Data
Password Pilfering
Password Pilfering
 Password protection is often the first defense line, which may be the only

defense available in the system


 Methods to pilfer user password:

• Guessing
• Social engineering
• Dictionary attacks
• Password sniffing

Protection Method: Use Multifactor Authentication (MFA) or Password


less protection
Identity Spoofing
 Identity spoofing attacks allow attackers to impersonate a victim without
using the victim’s passwords

Man-in-the-middle attacks

Message replays

Network spoofing attacks

Software exploitation attacks


Identity Spoofing (Cont..)
Man-in-the-middle attacks
Compromise a network device (or installs one of his own) between two or
more users. Using this device to intercept, modify, or fabricate data
transmitted between users.

Defense measures – encryption and authentication


Identity Spoofing (Cont..)
Message Replays
 The attacker first intercepts a legitimate message, keeps it intact, and then
retransmits it later to the original receiver.
 For example, an attacker may intercept an authentication pass of a legitimate
user, and use it to impersonate this user to get the services from the system

Defense Mechanisms
 Attach a random number to the message. This number is referred to as
nonce
 Attach a time stamp to the message
 The best method is to use a nonce and a time stamp together
Identity Spoofing (Cont..)
Network Spoofing
 IP spoofing is one of the major network spoofing techniques
SYN flooding
 The attacker fills the target computer’s TCP buffer with many crafted SYN packets;
purpose: Make the target computer unable to establish connection (i.e., to
silent/mute the computer). How it works:
1. Attacker sends to victim many crafted SYN packets
2. The victim’s computer is obliged to send an ACK packet to the crafted source
IP address contained in the SYN packet
3. Because the source IP address is crafted and unreachable, the victim computer
will never receive the ACK packet it is waiting for, allowing the crafted SYN
packet to remain in the TCP buffer
4. The TCP buffer is completely occupied by the crafted SYN packets
Identity Spoofing (Cont..)
TCP Hijacking
• It is like Message Replays
• Let, V is a company computer. Alice, an employee of the company, is going
to remote login to V.
1. Alice sends a SYN packet to V
2. The attacker intercepts this packet, and uses SYN flooding to mute V so that V
can’t complete the three-way handshake
3. The attacker predicts the correct TCP sequence number for the ACK supposed to be
sent from V to Alice. The attacker then crafts an ACK packet with the sequence
number and V’s IP address and sends it to Alice
4. Alice verifies the ACK packet and sends an ACK packet to the attacker to complete
this handshake
5. The TCP connection is established between Alice and the attacker, instead of
between Alice and V.
Repudiation

 In some situations the owner of the data may not want to admit ownership
of the data to evade legal consequences
 He may argue that he has never sent or received the data in question

Defense method
 Use stronger encryption and authentication algorithms
Intrusion
 An illegitimate user gains access to someone else’s computer systems.
Configuration loopholes, protocol flaws, and software side effects may
all be exploited by intruders

 Intrusion detection is a technology for detecting intrusion incidents. Closing


TCP and UDP ports that may be exploited by intruders can also help reduce
intrusions

 IP scans and Port scans are common hacking tools. However, it can also
help users to identify in their own systems which ports are open and which
ports may be vulnerable.
Traffic Analysis
 The purpose is to determine who is talking to whom by analyzing IP packets.
Even if the payload of the IP packet is encrypted, the attacker may still obtain
useful information from analyzing IP headers

Defense method
 Encrypt IP headers. But an IP packet with an encrypted IP header cannot be
routed to destination. Thus, network gateways are needed
 Network gateway also protects internal network topology
Denial of Service Attacks
 Thegoal is to block legitimate users from getting services
they can normally get from servers

 DoS – launched from a single computer

 DDoS – launched from a group of computers

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy