Attack Types

Attackers have been very busy and creative over the years and have come upwith
many different types of attacks that can be used to threaten an organization’s
access controls that are put into place to protect assets. The following list describes
many of these types of attacks:
• Man-in-the-middle attack An intruder injects himself into an ongoing
dialog between two computers so that he can intercept and read messages
being passed back and forth. These attacks can be countermeasured
with digital signatures and sequence numbers.
• Sniffing A passive attack where an intruder monitors the network in
order to gain information about the victim, usually for a later attack.
A countermeasure is encryption of data as it is being transmitted.
• War dialing A brute-force attack in which an attacker has a program
that systematically dials a large bank of phone numbers with the goal
of finding ones that belong to modems instead of telephones. These
modems can provide easy access into an environment and the countermeasures
are not to publicize these telephone numbers and implement
tight access control for modems and modem pools.
• Ping of Death A type of DoS attack where oversized ICMP packets
are sent to the victim. Systems that are vulnerable to this type of attack
do not know how to handle ICMP packets over a specific size and may
freeze or reboot. Countermeasures are patching the systems and implement
ingress filtering to detect these types of packets.
• WinNuk A type of DoS attack that sends out-of-band packets to port
139.Windows 9x and NT can be vulnerable to this kind of attack. The
countermeasures to this attack are to patch the system or upgrade to
a later operating system version.
• Fake login screens A fake login screen is created and installed onto
the victim’s system. The user then attempts to log in to the system by
entering his or her credentials into it. The screen captures the credentials
and exits showing the user the actual login screen for his or her
system. Usually, the user just thinks he mistyped the password and attempts
to authenticate again without knowing anything malicious just
took place. A host-based IDS can be used to detect this type of activity.
• Teardrop An attack that sends malformed fragmented packets to a
victim. The victim’s system usually cannot reassemble the packets correctly
and freezes as a result. Countermeasures to this attack are patching
the system and ingress filtering to detect these packet types.
• Traffic analysis A method of uncovering information by watching
traffic patterns on a network. For example, heavy traffic between HR
and headquarters could indicate an upcoming layoff. Traffic padding
can be used to counter this kind of attack, in which decoy traffic is sent
out over the network to disguise patterns and make it more difficult to
uncover patterns.
Script kiddies are individuals that do not necessarily have a high-level of computer
skills, but performattacks using already-made programs that performattacks
for them. In most cases, they do not fully understand what these programs do,
and do not understand the full extent of the damage that they can cause and the
extended ramifications of these types of attacks.