The Smooth Guide
to Internet Fundamentals
  • THE INTERNET
    • Attachments
    • Bits, Nibbles + Bytes
    • Bookmarks +Favourites
    • Browser Cache
    • Domain Names
    • Image Loading
    • Intranets + Extranets
    • Protocols
    • URLs
    • Viruses >
      • Hackers + Attackers
  • The Internet Architecture
  • EMail
    • A Packet + OSI/RM Layers
    • Adobe Acrobat Reader
  • Netiquette
  • THE INTERNET
    • Attachments
    • Bits, Nibbles + Bytes
    • Bookmarks +Favourites
    • Browser Cache
    • Domain Names
    • Image Loading
    • Intranets + Extranets
    • Protocols
    • URLs
    • Viruses >
      • Hackers + Attackers
  • The Internet Architecture
  • EMail
    • A Packet + OSI/RM Layers
    • Adobe Acrobat Reader
  • Netiquette
ACKERS AND ATTACKERS
__________________________________________________________________________________________
The primary weapon of a hacker is a thorough understanding of the methods required to successfully discover, penetrate and control a system.

STAGE 1  -  DISCOVERY
The hacker gathers information on the target system by mapping the system.  A large amount of information is freely and legally available to hackers - e.g. a 'Whois' search can determine the name servicer IP address and domain range.

STAGE 2  -  PENETRATION
Once the hacker has determined the scope of the system, he will choose a specific target.  This trget will be the one with the weakest security or one for which the hacker has the most tools.

STAGE 3  -  CONTROL
When the hacker has successfully penetrated the system, he will immediately attempt to control it.  The hacker will destroy evidence of activity, obtain root and administrative access, open new security holes, create new accounts and move to other systems.  Detection is extremely difficult.
ATTACKS
________________________________________________________________________________________________________________________

SPOOFING - Masquarading
The hacker assumes the identity of a legitimate network.

Victims of a spoofing attack are convinced they are communicating with a trusted host and will probably engage in compromising transactions.

Hackers may alter the IP packet header so that it appears to have originated from a trusted network.  This is known as system snooping.

MAN-IN-THE-MIDDLE  -  Hijacking
The hacker captures packets being sent from one host to another.  The hacker must be literally between the two communicating hosts.

DENIAL-OF-SERVICE
These are the most common types of attack.  They occur when the host cannot perform properly because another program on the network is using all the resources.

Hackers conduct denial-of-service attacks with spoofing attacks - if a hacker is imitating another network or device, the hacker will generate a rapid flood of information to overburden or crash the network device.

Mail bombing (mail flooding) is another denial-of-service attack that occurs when a user receives a massive amount of emails  The load will cause the mail server to fail.  Often in retaliation against spamming.

INSIDER
Again used for unauthorised access.  Two insider-attack techniques are eavesdropping on messages between applications and compromising existing control mechanisms.

BRUTE FORCE - Front door attacks
  • The hacker has complete information to fraudulently identify himself as a legitimate user.
  • The hacker will try every character, word or letter he can think of to defeat authentication.
If multiple long-on failures occur, this may be symptoms of a brute-force attack - e.g. the hacker may know the user's account name, but not the password.

TRAPDOOR
The hacker establishes certain commands that open potential unauthorised access.  The hacker can view and possibly execute system applications.

TROJAN HORSE
A variation of the trapdoor attack involving hiding an unauthorised command within a commonly used function to cause a breach.

A file or program that purports to operate in a legitimate way, but has an alternative secret operation.  A Trojan Horse is a specific program that destroys information on the hard drive.

TO THE TOP OF THE PAGE
contact
SITE MAP
ACCESSIBLE AND FONT ADJUSTMENT

​Acknowledgement
CIW Foundation Course  -  
April 2001





 
This is not a commercial site
Copyright 2013 :  
​SMOOTH GUIDE TO INTERNET FUNDAMENTA
LS         
________________________________________________________
                              Visit other Smooth Guide sites:
                                www.animalsandenglish.com
                               www.englishlanguagetips.com
                              www.smoothguide-mahjong.com
                          www.smoothguide-photography.com

                            www.smoothguide-kenyacoast.com
                                www.smoothguide-sunbury.com