Page 72 - StudyBook.pdf
P. 72

56     Chapter 2 • General Security Concepts: Attacks

             Attacks


             One of the more exciting and dynamic aspects of network security relates to
             attacks.A great deal of media attention and many vendor product offerings have
             been targeting attacks and attack methodologies.This is perhaps the reason that
             CompTIA has been focusing many questions in this particular area.While there are
             many different varieties and methods of attack, they can generally all be grouped
             into several categories:

                  ■   By the general target of the attack (application, network, or mixed)
                  ■   By whether the attack is active or passive

                  ■   By how the attack works (e.g., via password cracking, or by exploiting
                      code and cryptographic algorithms)

                 It’s important to realize that the boundaries between these three categories
             aren’t fixed.As attacks become more complex, they tend to be both application-
             based and network-based, which has spawned the new term “mixed threat applica-
             tions.”An example of such an attack can be seen in the MyDoom worm, which
             targeted Windows machines in 2004.Victims received an e-mail indicating a
             delivery error, and if they executed the attached file, MyDoom would take over.
             The compromised machine would reproduce the attack by sending the e-mail to
             contacts in the user’s address book, and copying the attachment to peer-to-peer
             (P2P) sharing directories. It would also open a backdoor on port 3127, and try to
             launch a denial of service (DoS) attack against The SCO Group or Microsoft. So, as
             attackers get more creative, we have seen more and more combined and sophisti-
             cated attacks. In this chapter, we’ll focus on some of the specific types of each
             attack, such as:

                  ■   Active Attacks These include DoS, Distributed Denial of Service
                      (DDoS), buffer overflow, synchronous (SYN) attack, spoofing, Man-in-the-
                      Middle (MITM), replay,Transmission Control Protocol/Internet Protocol
                      (TCP/IP) hijacking, wardialing, dumpster diving, social engineering and
                      vulnerability scanning.
                  ■   Passive Attacks These include sniffing, and eavesdropping.

                  ■   Password Attacks These include brute-force and dictionary-based pass-
                      word attacks.







          www.syngress.com
   67   68   69   70   71   72   73   74   75   76   77