Content










1.2


Vulnerabilities and Threats
 


 

1.2.6


Other access attacks
 






Data manipulation

With data manipulation, the network intruder can capture, manipulate,
and replay data sent over a communication channel.
Examples of specific attacks include
the following:

Graffiti - The intruder vandalizing a
Web site by accessing the Web server and altering Web pages.

Manipulation of data on a networked
computer - The intruder alters files on the computer, such as
password files, to enable further access to the network.


Some tools used to perform these
attacks include the following:

Protocol analyzers that record
passwords as they pass over the wire
Password crackers, as shown in the
figure, that contain algorithms to allow unauthorized persons to
crack passwords, even ones that contain numeric and special
characters. 


Masquerade/IP spoofing

With a masquerade attack, the network intruder can manipulate TCP/IP
packets by IP spoofing, falsifying the source IP address, thereby
appearing to be another user. The intruder assumes the identity of a
valid user and gains that userłs access privileges by IP spoofing. IP
spoofing occurs when intruders create IP data packets with falsified
source addresses.
During an IP spoofing attack, an
attacker outside the network pretends to be a trusted computer. The
attacker may either use an IP address that is within the range of IP
addresses for the network or use an authorized external IP address
that is trusted and provides access to specified resources on the
network.
Normally, an IP spoofing attack is
limited to the injection of data or commands into an existing stream
of data passed between a client and server application or a
peer-to-peer network connection. The attacker simply does not worry
about receiving any response from the applications.
To enable bi-directional communication,
the attacker must change all routing tables to point to the spoofed IP
address. Another approach the attacker could take is to simply not
worry about receiving any response from the applications.
If an attacker manages to change the
routing tables they can receive all of the network packets that are
addressed to the spoofed address, and reply just as any trusted user
can. Like packet sniffers, IP spoofing is not restricted to people who
are external to the network.
Some tools used to perform IP spoofing
attacks are as follows:

Protocol analyzers, also called
password sniffers
Sequence number modification

Scanning tools that probe TCP ports
for specific services, network or system architecture, and the OS


After obtaining information through
scanning tools, the intruder looks for vulnerabilities associated with
those entities.
Session replay

A sequence of packets or application commands can be captured,
manipulated, and replayed to cause an unauthorized action.
Mercenary Messages are designed to use
mobile code to penetrate e-mail systems in order to gain private and
confidential information. Mobile technologies are easy to use and most
traditional security solutions, such as firewalls or anti-virus
software, do not detect these security violations.
Some mechanisms used to perform these
attacks are as follows:

Cookies
JavaScript or Active X scripts


Auto rooters

Auto rooters are programs that automate the entire hacking process. Computers
are sequentially scanned, probed, and captured. The capture process
includes installing a rootkit on the computer and using the newly
captured system to automate the intrusion process. Automation allows
an intruder to scan hundreds of thousands of systems in a short period
of time.
Back doors

Back doors are paths into systems that can be created during an
intrusion. The back door, unless detected, can be used again and again
by an intruder to enter a computer or network. An intruder will often
use the computer to gain access to other systems or to launch Denial
of Service (DoS)
attacks when they have no further use for the computer.
Social engineering

The easiest hack involves no computer skill at all. If an intruder can
trick a member of an organization into giving over valuable
information, such as locations of files, and servers, and passwords,
then the process of hacking is made immeasurably easier.