What Kinds of Network Attacks Can Be?
All the network attacks can be rated as passive and active.
- Passive attacks
Such attacks are not aimed at corrupting any data or services on your computer. They are performed to get some information of your computer and estimate the possible ways of remote intrusion:
- Sniffing. The way of eavesdropping transmitted data. Usually it happens when data themselves are sent unencrypted and the networking equipment works in promiscuous mode i.e. when a network device discovers all the data packets passing through it no matter what source and destination computers are. Sniffing is executed by means of applications created for that.
- Port and Operating System vulnerability scanning. Generally the port scanning, the way of finding out which services of a remote computer operating system are active and ready to accept data and commands through the ports associated with them, is a reconnaissance before the vulnerability discovering. The operating system vulnerability scanning is aimed at finding out whether a service with its open port still has a known vulnerability to execute an exploit.
- Active attacks
These attacks are aimed at remote penetrating into your computer, stealing data or executing exploits so to disrupt the operating system normal functioning:
- IP Address Spoofing. That involves changing or disguising the IP address of a computer from which the attack is performed. It is especially dangerous in networks with authentication based on IP-address.
- Denial of Service (DoS) attacks. A massive flood against a concrete computer is performed so that to exhaust its resources and suck up network bandwidth that makes the computer inaccessible for other computers through network. One type of the DoS attack based on spoofing is shown at the pic below:
At that pic a hacker runs the ping command (that is used to check whether a destination network is available) specifing the a.b.c.d address, borrowed from other computer, as the IP-address that initiated the command (i.e the source IP). In response to the command all the computers of the destination network send back packets to the innocent computer with the a.b.c.d address so confirming their accessibility and at the same time overloading it that may cause its hanging.
- Browsers attacks. Browser vulnerabilities are discovered regularly. Browser holes let an attacker evade the security restrictions on active Web content and bypass cryptographic signature checks. For instance a browser vulnerability may cause a keylogger installation by an attacker:
- Backdoor attacks. This allows an attacker to access a remote computer using an alternative entry methods. Usually users log in through front doors, such as login screens with user account names and passwords or token-based authentication (e.g. a smart card). Attackers use backdoors to bypass these system security controls that act as the front door. Commonly the very first time backdoor is preceded with penetrating into a computer using an undocumented feature or not yet announced operating system vulnerability and then when an attacker gains an access to the remote computer, he installs a backdoor software there so to penetrate into the remote computer over and over again but using his own entry since then and own, for instance, command prompt listening data on any ports and redirecting them wherever he wants.
- Rootkit attacks. These attacks are most dangerous and rather difficult to discover. Having penetrated into a computer an attacker replaces system files with the modified ones or directly modifies the heart of the operating system - kernel. So being hidden this way, they seem to be as the usual and native components of the operating system though they are not because subservient to the needs of the attacker. Look at the pic, that shows how a hacker using a rootkit executable in a folder hides it, all its contents and everything else that happens from this directory: