Please enable JavaScript.
Coggle requires JavaScript to display documents.
S1L3 - Attacks [Active Attacks Type] (Network Based Attacks (Dos/DDos …
S1L3 - Attacks [Active Attacks Type]
Common forms of active attacks: Network, Application and mixed-threat attacks
Active because attacks in which attacker is actively attempting to cause harm to a network or system
Network Based Attacks
Dos/DDos
Designed to flood network with useless traffic which reduces QOS delivered and reduce ability of site to service clients
Phases
Attacker compromises computers accross the Internet and installs specialised sw on these hosts to aid in attack
The compromised hosts (zombies) are then instructed through intermediaries (masters) to commence attack
Spoofing
Pretending to be someone they're not; providing false information about identity to gain unauthorized access to system.
IP Spoofing
Used to gain unauthorised access to computers. Intruder sends messages to computer with IP address indicating it is coming from a trusted source.
.
To achieve this, intruder must first identify IP of trusted source and modify packet headers so that they seem it is from that source.
TCP/IP hijacking/ session hijacking
Web based app
Hijacking user's cookie normally used to store login credentials & other sensitive info and use cookie to access user's session
Web Server App
Incorrectly configured session timeouts. If too large, leaves window of opportunity for attacker to use hijacked cookie or predict session ID number
MITM
Attackers sandwich themselves between user and server in attempt to steal info by monitoring packets moving between the 2.
.
Use TCP/IP implementation that generates TCP sequence number as close to truly random as possible
encyption SSH or IPSec help defend
SYN Attacks
Exploits basic weakness in TCP/IP protocol
Thousands and thousands of SYN packets
User waits for reply that never.
waiting so many replies, can't accept legitimate requests.
Unavailable, achieving purpose of Dos attack
.
Replay Attacks
caputure info, modify and retrnsmit
unlikely due to multiple factors such as difficult predict TCP seq. num
Application Based Attacks
Buffer Overflow Attacks
sends too much data to app causing it to fail - malicious code
Buffer temporary memory to store data/instructions
The app executes malicious code
intended to cause app to fill buffer over its size
cause to overflow to another buffer
may cause data corruption
Mixed Threat Attacks
Compromised of both app & network
Worms
Ability to compromise host using buffer overflows
and generate amounts of network traffic by searching for new hosts
