Network Attacks - Reconnaissance Information And More

Anatomy of Network Attacks

The security of a network can be compromised in many ways. However, there are four major ways a network can be exploited and this hub aims to explain each one of these.

Reconnaissance

Reconnaissance is the process of gathering information about an organization in a pre-attack phase. There are two types of reconnaissance:

  1. Organizational: Organizational reconnaissance is conducting research about a company to find information and create a profile of the organization. By gathering information from multiple sources a profile of the company can be created for identifying critical details about the company. This information could include facts such as the function, size and profitability of the company, business relationships, contact information and possibly system infrastructure.

    Performing organizational reconnaissance could include:

    • Gathering information by utilizing Internet-based resources such as:
      • Organization's Web site
      • Google searches
      • WHOIS utility
      • Dunn and Bradstreet
      • Monster.com
      • Archive.org
    • Making organizational queries by contacting a company to gather information such as names, phone numbers, e-mail addresses, and points of contact (contacting a person in an organization that coordinates an activity or program within the organization to potentially gather information about the activity).
  2. Technical: Technical reconnaissance is using electronic means to scan systems to collect configuration and security data. Two types of scans are common during technical reconnaissance:
    • A horizontal scan involves scanning an entire network.
    • A vertical scan involves scanning an individual machine, such as a port scan to identify the open ports.
    Technical reconnaissance uses information gathered during organizational reconnaissance to target computer systems. Examples of technical reconnaissance include:
    • A registrar query checks with DNS registrars to determine the status of the domain name.
    • A DNS query uses a tool such as nslookup to submit name resolution requests to identify DNS name servers and IP addresses for hosts.
    • Network enumeration is used to identify the devices on a network. Nmap is an open source security scanner used to create a map of configuration details of a network.
    • ARP scans identify and associate MAC and IP addresses with live devices on a subnet.
    • Ping sweeps send ICMP ECHO requests to multiple hosts to determine the IP addresses of computers that are accessible.
    • Port scanning sends a message to host ports to identify open (available) ports on a network.
    • Operating system identification, also called footprinting or fingerprinting, can be determined by sending uniquely fashioned packets to a recipient and then analyzing the response to requests to determine the operating system of the recipient.¬†For example, you can identify the operating system used by examining the format of the response to specific probes or messages.
    • Tracing the devices in the path between two hosts using tools such as traceroute or neotrace.
    • Tracing e-mail sources. Samspade is freeware used to identify the source of spam e-mails.

Network Attacks
Network Attacks

Denial of Service (DoS) Attack

Denial of Service (DoS)andDistributed Denial of Service (DDoS) attacks impact system availability by flooding the target system with traffic or requests or by exploiting a system or software flaw. The goal of a DoS attack is to make a service or device unavailable to respond to legitimate requests. Attackers may choose to overload the CPU, disk subsystem, memory, or network (most common).

  • In a DoS attack, a single attacker directs an attack against a single target, sending packets directly to the target.
  • In a Distributed DoS (DDoS) attack, multiple PCs attack a victim simultaneously. DDoS compromises a series of computers by scanning computers to find vulnerabilities and then capitalizing on the most vulnerable systems. In a DDoS attack:
    • The attacker identifies one of the computers as the master (also known as zombie master or bot herder).
    • The master uses zombies/bots (compromised machines) to attack.
    • The master directs the zombies to attack the same target.
    • The attacker is able to effectively hide his identity by being two hops away from the victim.
  • A Distributed Reflective Denial of Service (DRDoS) uses an amplification network to increase the severity of the attack. Packets are sent to the amplification network addressed as coming from the target. The amplification network responds back to the target system.

Spoofing Attack

Spoofing is used to hide the true source of packets or redirect traffic to another location. Spoofing attacks:

  • Use modified source and/or destination addresses in packets.
  • Can include site spoofing that tricks users into revealing information.

The most popular ways of spoofing are: IP Spoofing, MAC Spoofing and ARP Spoofing.

DNS Attack

Spoofing is used to hide the true source of packets or redirect traffic to another location. Spoofing attacks:

  • Use modified source and/or destination addresses in packets.
  • Can include site spoofing that tricks users into revealing information.

Comments 1 comment

WestelCS profile image

WestelCS 2 years ago

Network security is very important, specially these days when new threats and network loopholes are identified every day. It is very important that we keep a tap at it and re-check and update our security measures.

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working