Comparison of Network Attacks COSC 356 Kyler Rhoades
Two classes of Network Attacks ◦Passive ◦Active
Passive ◦Non-evasive monitoring of transmissions ◦Traffic Analysis ◦Tricky to detect because data is unaffected
Active ◦Attacker tries to bypass or break into a secured system ◦Results in the disclosure or dissemination of data
Sniffing (Passive) ◦AKA Eavesdropping Mapping
Sniffing ◦Goals Intercept information traveling throughout a network To gather information about a network
Sniffing ◦How It Works Attacker gains access to a network path “Listen” to the data being transmitted back and forth ◦ Plaintext format ◦ messages, User names, Passwords, Documents
Sniffing
◦How To Combat Sniffing Strong encryption methods ◦ Key-agreement protocol Don’t use passive HUBS
Spoofing (Active) ◦Impersonates another host ◦IP Spoofing Trusted Source
Spoofing ◦Goals Impersonate ◦ Malicious actions, if caught, will look as if another legitimate user was behind the attack
Spoofing ◦How It Works Find an IP address of a host connected to a secure network Fakes his IP address to that the known host Any data transmitted will appear to becoming from the known host
Spoofing
◦Attacks can also set up a spoofed access point Legitimate users will think they are connected to their network Attacker can easily monitor traffic and attack the connected hosts
Man-In-The-Middle Attack (Active) ◦Weakness in the TCP/IP protocol Headers ◦Relies on spoofing
Man-In-The-Middle Attack ◦How It Works An attacker makes connections between two victims and controls the relay between them ◦ Victims appear that they are on a private connection ◦ Attacker must be able to impersonate both victims The attacker intercepts all the data transferred between the victims The attacker then can take the data and manipulate it and send it to the recipient
Man-In-The-Middle Attack
◦Defense Strong mutual authentication protocols ◦ Key-agreement protocol
Denial of Service Attacks (DoS) (Active) ◦Aims to prevent the normal use of a network or device by legitimate users Consume computational resources ◦ Bandwidth ◦ Disk Space ◦ CPU Time
Denial of Service Attacks (DoS) ◦How It Works Buffer overflow attack ◦ Sends more traffic to a network address then the expected size of a given buffer. ◦ This can range from sending oversized internet control message protocol packets to as simple as sending s that contain attachments with over 256 character file names.
Denial of Service Attacks (DoS) ◦Smurfing attack Sends an IP ping request to a site that tells it to send the number of hosts in a site’s local network The request appears to be sent from the target host The result is that a large number of ping replies flooding back to the target host with the intention that the host will not be able to tell between real and fake traffic.
Smurfing Attack
Denial of Service Attacks (DoS) ◦SYN Floods When a computer wants to make a TCP/IP connection to another computer, there is an exchange of TCP/SYN and TCP/ACK packets. The computer that is trying to connect will send a TCP/SYN packet to the client requesting to connect. The client will return a TCP/ACK packet telling the computer it is allowed to connect. The client then reserves a space for the incoming connection and waits for the computer to respond with another TCP/ACK packet. The address of the computer requesting a connection is spoofed and when the client sends the TCP/ACK packet it is never received by a device or is simply ignored. If you do this multiple times to a given client, you will take up all the reserved connections for unresolved hosts and other legitimate hosts will not be able to connection to the client.
SYN Floods
Distributed Denial of Service Attacks (DDoS) (Active) ◦Multiple attackers flood the resources and bandwidth of a target host. ◦This is done by gaining control over many other hosts first and then installing a slave program. ◦The master program, controlled by the attacker, will contact the slave programs on all the different hosts to coordinate a denial of service attack on a target host.
Distributed Denial of Service Attacks (DDoS)