Network Attacks Mark Shtern Types Of Network Attack

Network Attacks Mark Shtern

Types Of Network Attack • Passive attack • Active attack

Passive network attack • Sniffing network traffic – Wireshark – Tcpdump – Dsniff • Reverse Engineer Protocol • OS finger-printing – p 0 f

Active network attack • • Masquerade (spoofing) Denial of Service (Do. S) Replay Attack, Reordering Message tampering (session hijacking)

Spoofing (ARP Poisoning) • ARP = Address Resolution Protocol • ARP is used to find the destination node. In order to deliver the packet to the destination node, the sender broadcasts the IP address of the destination and obtains the MAC address (48 -bits).

Spoofing (ARP Poisoning) Copied from http: //securitylabs. websense. com/content/Blogs/2885. aspx

ARP Poisoning Tools • ARPoison • Ettercap

TCP Handshake

Do. S • SYN flooding attack – SYN packets are sent to the target node with fake source IP addresses – The node under attack sends an ACK packet and waits for response – Since the request has not been processed, it takes up memory – Eventually the attacked node is unable to process any requests as it runs out of memory storage space

Replay • Replay involves capturing traffic while in transit and use that to gain access to systems. • Example: – Hacker sniffs login information of a valid user – Even if the information is encrypted, the hacker replays the login information to fool the system and gains access

Replay Attack

Session hijack • This means that the hacker has directed traffic to his server instead of a trusted server that the victim is assuming • Example: – A hacker ARP poisons the router to route all traffic to his computer – The hacker modifies data packages

QUESTIONS ? ? ?