3. INTRODUCTION
• Types of attack:
• Passive Attacks : A passive attack is a network attack in which a system is
monitored and sometimes scanned for open ports and vulnerabilities.
• Types of Passive Attacks:
– Interception Attack
– Traffic Analysis Attack
• Active Attacks : An active attack is a network exploit in which a hacker attempts to
make changes to data on the target or data en-route to the target.
• Types of Active Attacks:
– Masquerade Attack
– Interruption Attack
– Session Replay Attack
– ModificationAttack
– denial of Service (DOS)Attack
3
4. DOS(denial of service)
• It is an attack on the computer or network that restricts,
reduces, or prevents the system from restoring accessibility to
its legitimate users.
• It is a kind of attack in which an attacker or intruder tries to
deprive system users or authorized users of accessing their
computers, networks, or sites.
• Here the attacker focuses on the bandwidth of the victim to
perform this attack.
4
5. WORKING
• Denial-of-service attacks tend to target web servers of high-profile
organizations, such as banking, e-commerce and media companies, as well as
government entities.
• Perpetrators go after organizations’ assets in one of two ways: either by
overwhelming their networks with large volumes of traffic or by sending
nefarious data like bugs that will trigger a crash.
• No matter the method, the intended outcome is the same: to take the network
or machine down. Additional networks or assets not actually targeted by the
DoS attackers may also be impacted if the DoS victim is, say, an internet or
cloud service provider for others.
5
6. PREVENTION
• Monitor and analyze network traffic: Network traffic can be supervised via a
firewall or intrusion detection system. Administrators can set up rules that create
alerts for unusual traffic.
• Strengthen their security posture: This includes fortifying all internet-facing devices
to prevent compromise, installing and maintaining antivirus software, establishing
firewalls configured to protect against DoS attacks.
• Monitor traffic: Organizations can enroll in a service that detects or redirects the
abnormal traffic flows typically associated with a DoS attack, while allowing
normal traffic to proceed on the network.
• Establish a DoS attack response plan: The key is to create and also practice a
disaster recovery plan for DoS attack that covers communication, mitigation and
recovery.
6
7. IP SPOOFING
• Internet Protocol (IP) spoofing is a type of malicious attack
where the threat actor hides the true source of IP packets to
make it difficult to know where they came from.
• The attacker creates packets, changing the source IP address
to impersonate a different computer system, disguise the
sender's identity or both.
• IP spoofing is a technique often used by attackers to launch
distributed denial of service (DDoS) attacks and man-in-the-
middle attacks against targeted devices or the surrounding
infrastructures.
7
8. WORKING
• Internet traffic is sent in units referred to as packets. Packets contain IP
headers that have routing information about the packet. This information
includes the source IP address and the destination IP address. Think of the
packet as a package in the mail and the source IP address as the return
address on that package.
• In IP address spoofing, the attacker changes the source address in the
outgoing packet header. That way, the destination computer sees the
packet as coming from a trusted source -- such as a computer on an
enterprise network -- and accepts it.
8
9. PREVENTION
• Authentication based on the key exchange.
• ACL (Access control list)
• Use filtering.
• Use strong verification and authentication methods
• Use antivirus and other security software
• Use IP-level encryption protocols
9
10. REPLAY ATTACK
• A replay attack is a form of network attack in which valid data
transmission is maliciously or fraudulently repeated or
delayed.
• A replay attack occurs when a cybercriminal eavesdrops on a
secure network communication, intercepts it, and then
fraudulently delays or resends it to misdirect the receiver into
doing what the hacker wants.
• The added danger of replay attacks is that a hacker doesn't
even need advanced skills to decrypt a message after capturing
it from the network.
10
11. WORKING
• Suppose A wants to prove her identity to B. B requests her password as
proof of identity, which A dutifully provides (possibly after some
transformation like hashing, the password); meanwhile, E is
eavesdropping on the conversation and keeps the password (or the hash).
After the interchange is over, E (acting as A) connects to B; when asked
for proof of identity, E sends A password (or hash) read from the last
session which B accepts, thus granting E access
11
12. PREVENTION
• Timestamp method – Prevention from such attackers is
possible, if timestamp is used along with the data. Supposedly,
the timestamp on a data is more than a certain limit, it can be
discarded, and sender can be asked to send the data again.
• Session key method –Another way of prevention, is by using
session key. This key can be used only once (by sender and
receiver) per transaction, and cannot be reused.
12
13. DNS POISONING
• Domain name system (DNS) cache poisoning, also known as
DNS spoofing, is a method of computer hacking in which
traffic is maliciously diverted to a victim's computer via
corrupted cached data/files.
• DNS requests are "cached", or stored, into a database which
can be queried in almost real-time to point names like
'hotmail.com' or 'google.com' to their appropriate IP
addresses.
• DNS basically runs the Internet.
13
14. WORKING
• Every device and server has a unique internet protocol (IP) address, which is a
series of numbers used as identifiers in communications. Every website has a
domain name that sits on top of that to make it easy for internet users to visit
the websites they want.
• The DNS then maps the domain name that users enter to the appropriate IP
address to properly route their traffic, all of which gets handled through DNS
servers.
• DNS poisoning takes advantage of weaknesses in this process to redirect traffic
to an illegitimate IP address.
• Specifically, hackers gain access to a DNS server so that they can adjust its
directory to point the domain name users enter to a different, incorrect IP
address.
14
15. PREVENTION
• Set up and maintain your own DNS servers. It's really not that hard. even for a
small network. BIND or Windows DNS can be configured (securely and properly)
in less than 30minutes.
• Don't answer DNS requests over the WAN on port 53 (or any other port for that
matter)
• If you MUST answer on port 53, use RNDC keys. Revolve them often.
• Set your TTL's to a low value. Something that doesn't sacrifice your network
performance.
• Disable 'hosts' file resolution on your clients and servers!!!
15
16. PHISHING ATTACK
• Phishing attacks are the practice of sending fraudulent
communications that appear to come from a reputable
source.
• It is usually done through email. The goal is to steal
sensitive data like credit card and login information,
or to install malware on the victim’s machine.
• Phishing is a common type of cyber attack that
everyone should learn about in order to protect
themselves.
16
17. WORKING
• Phishing starts with a fraudulent email or other
communication that is designed to lure a victim.
• The message is made to look as though it comes from a
trusted sender.
• If it fools the victim, he or she is coaxed into providing
confidential information, often on a scam website. Sometimes
malware is also downloaded onto the target’s computer.
17
18. PREVENTION
• 1. Know what a phishing scam looks like
• 2. Don’t click on any unknown link
• 3. Get free anti-phishing add-ons
• 4. Don’t give your information to an unsecured site
• 5. Rotate passwords regularly
• 6. Install firewalls
• 7. Don’t give out important information unless you
must
18