Advance Attacks on Network

 Advance Attacks and Protection:

In this section we will discuss some common types of attacks that can be launched against the systems and networks.

Spoofing:
Spoofing occurs when one person or entity impersonates or masquerades as someone or something else. There are two common types of spoofing attack one is IP spoofing and the other one is MAC spoofing. We can prevent IP spoofing by blocking the packet if it contains the private IP address on public interface.

SYN Flood Attack:
The SYN Flood attack is a common attack used against servers on the internet. They are very easy for attackers to launch and difficult to stop, and can cause significant problems. It can disrupt the TCP handshake process and can prevent legitimate clients from connecting. In a SYN flood attack, the attacker never completes the handshake by sending the ACK packet. So it consumes the server resources. We can prevent it by setting the threshold for SYN packet.

MITM:
Man in the Middle attack is a form of active interception or active eavesdropping. It uses a separate computer that accepts traffic from each party and in a conversation and forward the traffic between two. Kerberos mutual authentication helps us to prevent MITM.

ARP Poisoning:
It is an attack that misleads the computer or switches about the actual MAC address of a system. There are two types of attacks performed using ARP poisoning. One is MITM and other is DOS by sending ARP reply with bogus MAC address for the default gateway.

DNS cache poisoning:
DNS poisoning attack can modify the IP address associated with the domain and replace it with the malicious domain. Every time a user requests a DNS query then the DNS server responds with the IP address of the malicious web site. We can prevent this attack by setting the TTL while in DNS cache.

Brute Force Attack:
This attack helps to guess all possible character combinations. Attacker can try to log on to an account by repeatedly guessing the username and password. We can prevent this attack by a lockout mechanism for a specific number of unsuccessful times.

Dictionary Attack:
It is the one of the original password attacks. It uses a dictionary of words and attempts every word in the dictionary to see if it works. Dictionary is just a list of words and character combinations. We can prevent this by setting the limit of unsuccessful attempts.

Birthday Attack:
Birthday attack is named after the birthday paradox in mathematical probability theory. In this attack, an attacker is able to create a password that produces the same hash as the user’s actual password. We can also say this as a hash collision. We can prevent this by increasing the number of bits of hash.

Rainbow Table Attack:
It is the type of attack that attempts to discover the password from the hash. Rainbow table is a huge database of precomputed hashes. It helps to look at the process of how some password cracker applications discover password. Salting is the method which helps in preventing the rainbow table attack. A salt is the set of random data such as two additional characters. It helps in creating the different hash.

Zero Day Attacks:
It is the type of vulnerability or weakness that is unknown to trusted sources, such as OS and antivirus vendors. A zero day attack exploits the undocumented vulnerability. Sometimes vendors are not aware of the problem.

Buffer overflow:
It occurs when an application receives more input, or different input, then it expects. The result is an error that exposes system memory that would otherwise be protected and inaccessible. Buffer overflow enables an attacker to write the malicious code into this area of memory.

DLL injection:
It is an attack that injects a DLL into the system’s memory and causes it to run. In DLL injection, the attacker attaches to a running process, allocates memory within the process and connects the malicious DLL within the allocated memory, and then executes the function in DLL.

Comments

Popular posts from this blog

Cyber Threat Intel

Analyzing Spear Phishing Email