- Good day people, today we will examine some basic, for some people well-known attacks, also we will take a look at some advanced attacks.
At the beginning I must stress that this article is not technical - in other words if you wanna hands-on exercise, this is not article for you, base of this article is theory.
Nature of an attack that targets information system is often intensional,we will leave aside non-intensional attacks, in other words we don't care about personel who works for an company and writes bad code because of poor knowledge, that can cause damage.
- Spoofing - diving in discusion with basics, Spoofing represents imperonation in digital worlds, an attacker will use informations that is glued to an victim to imperonate him/her, it's worth of stressing some information that is valuable for attacker in this type of attack.
- MAC - Media Access Control is a physical address of your NIC(Network Interface Card), composed of 48bit's or 12hex. In the theory MAC is unique(I don't believe in this because it's to short for this plannet).
In the networking, MAC is used on the layer2 of OSI model to identify particular host in the specific network. From the angle of an attacker, if I can use your(Spoof) MAC address, I'm you in the digital world.
MAC Spoofing is often used in wireless environmets, where MAC filter is present, an attacker in such way can capture data from allowed source to the WAP, and then spoof that address.
- IP - Internet Protocol address is used on layer3 OSI referent model to uniquely identify host on the particular subnet, IP Spoofing can be valuable in the Smurf Attack, we will examine this in detail soon.
- DoS, DDoS - DoS or Denial of service is an attack in which attackers tryes to prevent some sort of service to work properly, some characteristics on the victims side are higly utilization of resources that can cause damage, or simple crash, often this is higly-abnormal amount of network traffic on the NIC, or higly utilization of CPU.
One more characteristeic of Dos is that only one attacker will attack the victim.
DDoS or Distributed Denial of service has same characteristics, but it's more powerfull because more than one attacker wil attack victims system or network..
- Smurf Attack is type of DDoS attack that combines impersonating technique of digital world, or Spoofing with strange crafted packets.
On regular basis, ICMP echo - ping message is uniqast, or one-to-one. In this example an attacker spoofs IP address of victim, and sends out ICMP echo - ping broadcast that is one-to-anyone. Everyone will respond to that ICMP echo - ping request to the victims address(Because attacker used address of the victim), that can cause abnormal amount of ICMP traffic on the victims NIC. It's worth stressing that in 70% of serious attack target is a server, so if we have ability to prevent server from connecting to the network, servers essential roles can't do their job.
- Syn Flood this type of attack is very common used against servers on the internet, most of us know how TCP protocol works, but as a reminder, TCP uses three way handshke to establish connection between client and server.
- Client wants to establish connection and he send SYN packet to serv.
- Server creates place for particular session in memory and informs client with SYN/ACK packet.
- Client fully establishes connection with ACK packet.
In the scenario of the attack, attacker sends SYN, server responds with SYN/ACK, but attacker never finishes negotiation, server still holds in memory open session, if attacker sends enough SYN packets to the server, all session would be reserverd, that prevents regular clients from connecting, in other words, there is no available service for them, clear example of Denial of service.
- Man-in-the-middle attack represents ability of attacker to passivevly eavesdrop communication between two hosts(host can be any device on the network), hosts are not aware of 3rd person. For example imagine that Alice and Bob sends to each other some information, if Homer can catch-eavesdrop that traffic, this is classic MITM attack.
1.Alice sends to Bob packet
- Homer catch that packet and reads it
- Homer forwards that packet to Bob
- Bob don't have idea that Homer is included in communication
- ARP Poisoning represents good example of MITM attack. ARP protocol is used for resolving from one IP(Layer3) address to MAC(Layer2) address. In the local subnet, much of all communication is done on the Layer2. ARP don't have any inteligence, in other words, every host have an ARP table, where is IP of the host tagged to the his MAC address, from the angle of attacker, if I say to your system, hey this is my MAC address, system will always trust that information.
ARP Poisoning is based on tampering wrong information in the victims ARP tables, let's stress one attack down to clarify things.
1.Communication is done between host and router.
- Attacker tampers victims(hosts) ARP cache - he fools host that the IP address of router is tagged to attackers MAC.
- Attacker tampers victims(routers) ARP cache - he fools router that the IP address of the host is tagged to the attacker MAC.
- Every packet from the host to the router would be first sent to the attacker, after that attacker will forward packets.
From the angle of attacker, everything that is not encrypted, can be very usefull(Credentials,Bank informations,PII etc...)
- Replay Attack represents ability of attacker to intercept and replay traffic, for example: If homer sends hashed password to server in authentication purposes, an attacker can capture that data. After some time attacker can replay same data to authenticate himself as a Homer, this is type of impersonation in the digital world. WEP - Wired Equivalent Privacy wireless encryption protocol is susceptible on the ARP replay attack, I will discus this in more detail in the article that targets Wireless attacks.
PS: Sorry because of grammar errors, my English is not native, best regards !