03/05/2016
TCP/IP Attacks
To control communication on the Internet, your computer uses the TCP/IP protocol suite. Unfortunately, some features of TCP/IP can be manipulated, resulting in network vulnerabilities.
As shown in Figure 1, TCP/IP is vulnerable to the following types of attacks:
Denial of Service (DoS) – (Figure 2) DoS is a type of attack that creates an abnormally large amount of requests to network servers, such as email or web servers. The goal of the attack is to completely overwhelm the server with false requests creating a denial of service for legitimate users.
Distributed DoS (DDoS) – (Figure 3) A DDoS attack is like a DoS attack but is created using many more computers, sometimes in the thousands, to launch the attack. The computers are first infected with DDoS malware and then become zombies, an army of zombies, or botnets. After the computers become infected, they sit dormant until they are required to create a DDoS attack. Zombie computers located at different geographical locations make it difficult to trace the origin of the attack.
SYN Flood – (Figure 4) A SYN request is the initial
communication sent to establish a TCP connection. A SYN flood attack randomly opens TCP ports at the source of the attack and ties up the network equipment or computer with a large amount of false SYN requests. This causes sessions to be denied to others. A SYN flood attack is a type of DoS attack.
Spoofing - In a spoofing attack, a computer pretends to be a trusted computer to gain access to resources. The computer uses a forged IP or MAC address to impersonate a computer that is trusted on the network.
Man-in-the-Middle – (Figure 5) An attacker performs a man-in-the-middle (MitM) attack by intercepting communications between computers to steal information transiting through the network. A MitM attack could also be used to manipulate messages and relay false information between hosts, because the hosts are unaware that the messages have been modified.
Replay - To perform a replay attack, data transmissions are intercepted and recorded by an attacker. These transmissions are then replayed to the destination computer. The destination computer handles these replayed transmissions as authentic and sent by the original source.
DNS Poisoning - DNS records on a system are changed to point to imposter servers. The user attempts to access a legitimate site, but traffic is diverted to an imposter site. The imposter site is used to capture confidential information, such as usernames and passwords. An attacker can then retrieve the data from that location.
