In most organizations, every email, web page request, user logon, and transmittable file is usually handled by a network device. Under some setups, telephone service and voice messaging are also handled by network devices.If attackers are able to control these details, they have already successfully dealt a network attack. Network attacks cut across all categories of software and platform type. Some examples are: Spoofing, Sniffing, Mapping, Hijacking, Trojans, Denial of Service(DoS)
Spoofing
Any internet connected device sends data containing its origin and destinations. Such internet data packets carry the sender's IP address as well as header/encapsulation data. If the attackers were to have control over the application interpreting the internet data, they can then easily modify the device's protocols to place an fake IP address into the data packet's address. This is known as IP spoofing, which makes any information or data appear to come from any source. With a spoofed source IP address on a datagram, it makes it difficult to find the original sender.
Solution to Spoofing
The countermeasure for spoofing is ingress filtering. Routers usually perform this. Routers will check if the IP address of incoming datagrams are able to be reached by that interface. If the source addresses that are known to be reachable via that interface, data are considered legitimate. If the source address is not in the valid range, then such packets will be dropped.
Sniffing
Packet sniffing is the intercepting data packets which are going around a network. A sniffer program works at the Ethernet layer with network interface cards(NIC) to capture all traffic traveling to and from internet host site. In addition, any of the Ethernet NIC cards that are in promiscuous mode will be picked up by the snifprogram, including all communication packets floating by anywhere near the internet host site. A sniffer placed on any backbone device, inter-network link or network aggregation point will therefore be able to monitor a whole lot of traffic. Most of packet sniffers are passive and they listen all data link layer frames passing by the device's network interface. There are dozens of freely available packet sniffer programs on the internet. The more sophisticated ones allow more active intrusion.
The key to detecting packet sniffing is to detect network interfaces that are running in promiscuous mode. Sniffing can be detected two ways:
- Host-based : Software commands exist that can be run on individual host machines to tell if the NIC is running in promiscuous mode.
- Network-based : Solutions tend to check for the presence of running processes and log files, which sniffer programs consume a lot of. However, sophisticated intruders almost always hide their tracks by disguising the process and cleaning up the log files.
The best countermeasure against sniffing is end-to-end or user-to-user encryption.
Source: http://ayurveda.hubpages.com/hub/Types-of-Network-Attacks
Source: http://ayurveda.hubpages.com/hub/Types-of-Network-Attacks
No comments:
Post a Comment