Before going to attacks you need to understand difference between Hacker and a Cracker?
Hacker :Eric Raymond, compiler of The New Hacker's Dictionary, defines a hacker as a clever programmer. A "good hack" is a clever solution to a programming problem and "hacking" is the act of doing it. Raymond lists five possible characteristics that qualify one as a hacker, which we paraphrase here:
Cracker : A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.
A network attack occurs when an attacker or cracker uses certain methods or technologies to maliciously attempt to compromise the security of a network. Crackers attack corporate networks to use data for financial gain or for industrial espionage, to illegally use user accounts and privileges, to run code to damage and corrupt data, to steal data and software, to prevent legitimate authorized users from accessing network services, and for a number of other reasons.
External attacks are performed by individuals who are external to the target network or organization. External threats are usually performed by using a predefined plan and the skills of the attacker(s). One of the main characteristics of external threats is that they usually involve scanning and gathering information.
Three Generalized category of Attacks on basis of origin:
Structured external threats originate from crackers and are usually initiated by attackers that have a premeditated thought on the actual damages and losses which they want to cause. Possible motives for structured external threats include greed, politics, terrorism, racism and criminal payoffs. Criminal hackers are highly skilled on network design, the methods on avoiding security measures, Intrusion Detection Systems (IDSs), access procedures, and hacking tools.
Unstructured external threats originate from an inexperienced attacker, typically from a script kiddie. A script kiddie is an inexperienced attacker who uses cracking or scripted tools readily available on the Internet, to perform a network attack.
Remote external attacks are usually aimed at the services which an organization offers to the public. Remote external attacks can also be aimed at the services available for internal users, aimed at locating modems to access the corporate network, and attempts to brute force password authenticated systems. Local external attacks originate from situations where computing facilities are shared, and access to the system can be obtained.
Internal threats originate from dissatisfied or unhappy internal employees or contractors. Internal attackers have some form of access to the system and usually try to hide their attack as a normal process.
Basic steps used by a cracker (Pre-Attack):
Footprinting: It is the initial step in hacking a corporate network. The purpose of footprinting is to create a map of the network to determine what operating systems, applications and address ranges are being utilized.
Port scanning: It is done when a cracker collects information on the network services on a target network. The cracker attempts to find open ports on the target system.
Enumeration: A cracker might use Enumeration to collect information on applications and hosts on the network, and on the user accounts utilized on the network. Enumeration is particularly successful in networks that contain unprotected network resources and services. A network attacker can launch an Access attack to exploit a security weakness in order to gain access to a system or the network. The programs generally used are:
a.) Trojan horses: capable of creating backdoors. For e.g.. Trojan program named as "Beast"
b.) Password hacking programs: Typically used to obtain system access. When access is obtained, the intruder is able to modify or delete data and add, modify or remove network resources. Unauthorized privilege escalation is another common type of attack. For e.g.. tools like "John the ripper", Cain and Abel"
Privilege escalation: It occurs when an intruder attempts to obtain a higher level of access such as administrative privileges to gain control of the network system. A cracker can also implement a mechanism such as some form of access granting code with the intent of using it at some future stage. Backdoors are installed by attackers so that they can easily access the system at some later date. After a system is compromised, you can remove any installed backdoors by reinstalling the system from a backup which is secure.This step is a post-attack activity.
Common types of network attacks initiated by Crackers are listed here:
Eavesdropping attack: It occurs when an attacker monitors or listens to network traffic in transit, and then interprets all unprotected data. Hackers only need a sniffer technology to eavesdrop on a Internet Protocol (IP) based network to capture traffic in transit.
IP address spoofing: It occurs when an attacker assumes the source IP address of IP packets to make it appear as though the packet originated from a valid IP address. The aim of an IP address spoofing attack is to identify computers on a network.
Sniffing : It occurs when attackers capture and analyze network traffic. The tools used for sniffing are called sniffers or protocol analyzers. A Sniffer attack occurs when hackers use Sniffers to monitor, capture and obtain specific network information, such as passwords and valuable customer information.
Password attacks : It are aimed at guessing the password for a system until the correct password is determined. Network attackers can obtain user ID and password information and can then pose as authorized users and attack the corporate network. Attackers can utilize attacks such as dictionary attacks or brute force attacks to obtain access to resources with the same rights as the authorized user.
Brute force attack : attacker attempts to decode a cipher by attempting each possible key to find the correct one. This type of network attack systematically utilizes all possible alpha, numeric, and special character key combinations to discover a password that is valid for a user account. Brute force attacks are also typically used to compromise networks that utilize Simple Mail Transfer Protocol (SNMP).
Denial of Service (DoS) attack: It is aimed at preventing authorized, legitimate users from accessing services on the network. A DoS attack can be initiated by sending invalid data to applications or network services until the server hangs or simply crashes. The most common form of a DoS attack is TCP attacks.
A network attacker can increase the enormity of a DoS attack by initiating the attack against a single network from multiple computers or systems. This type of attack is known as a distributed denial of service (DDoS) attack. Network administrators can experience great difficulty in fending off DDoS attacks, simply because blocking all the attacking computers, can also result in blocking authorized users.
Man-in-the-middle (MITM) attack: It occurs when a cracker eavesdrops on a secure communication session and monitors, captures and controls the data being sent between the two parties communicating. The attacker attempts to obtain information so that he/she can impersonate the receiver and sender.
Distributed Denial of Service (DDoS) attack: It is also a form of DoS attack but in this scenario attacker is not one individual. Multiple attackers launch DoS simultaneously at a common victim.
Advanced part of scanning is explained in my second blog: Advanced Attacks using TCP/IP for Scanning.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.