NETWORK ATTACKS
attacks on network
Men in middle attack
Attackers position themselves between two systems and actively participate
in the connection to gather data. The attacker may also run program which
spoofs dns reply, configured to send false DNS information so that a DNS query
for a given website will resolve to the attacker's IP address. Then the attacker will
activate a program such that it will transparently proxy all HTTP and HTTPS traffic it receives. The DNS spoof program detects DNS request for www.abc.com and redirects the client to
attacker's machine. The ARP table convinces the victim's machine that it is indeed talking
to the intended web server. The victim's browser starts to establish a secure connection.
All messages for establishing SSL connection are sent to MITM running on the attacker's machine.
Hacker's system acts as a SSL proxy, establishing two SSL connections-one from victim to the attacker's
machine and the other from attacker's machine to the actual web server. When establishing the SSL session
between the victim machine and the attacker machine, MITM program will send the attacker's own certificate. The victim's browser will notice that the certificate is not signed by a trusted Certificate Authority and show
a message to the user asking the user whether to accept this un-trusted certificate or not. The normal tendency is to accept
it, thinking it is some error message.
denial of service(DOS)
A denial of service attack (DOS) is an attack through which a person can render
a system unusable or significantly slow down the system for legitimate users by overloading
the resources, so that no one can access it. If an attacker is unable to gain access to a machine, the attacker most probably will
just crash the machine to accomplish a denial of service attack.
attacks on network
Men in middle attack
Attackers position themselves between two systems and actively participate
in the connection to gather data. The attacker may also run program which
spoofs dns reply, configured to send false DNS information so that a DNS query
for a given website will resolve to the attacker's IP address. Then the attacker will
activate a program such that it will transparently proxy all HTTP and HTTPS traffic it receives. The DNS spoof program detects DNS request for www.abc.com and redirects the client to
attacker's machine. The ARP table convinces the victim's machine that it is indeed talking
to the intended web server. The victim's browser starts to establish a secure connection.
All messages for establishing SSL connection are sent to MITM running on the attacker's machine.
Hacker's system acts as a SSL proxy, establishing two SSL connections-one from victim to the attacker's
machine and the other from attacker's machine to the actual web server. When establishing the SSL session
between the victim machine and the attacker machine, MITM program will send the attacker's own certificate. The victim's browser will notice that the certificate is not signed by a trusted Certificate Authority and show
a message to the user asking the user whether to accept this un-trusted certificate or not. The normal tendency is to accept
it, thinking it is some error message.
denial of service(DOS)
A denial of service attack (DOS) is an attack through which a person can render
a system unusable or significantly slow down the system for legitimate users by overloading
the resources, so that no one can access it. If an attacker is unable to gain access to a machine, the attacker most probably will
just crash the machine to accomplish a denial of service attack.
No comments:
Post a Comment