?
Solved

Some Attacks Defintion

Posted on 2005-04-26
7
Medium Priority
?
1,185 Views
Last Modified: 2008-02-01
Dear Experts,
Does anyone Have A Good resource About How Done These Attacks?
1- Smurf Attack
2- TCP/IP Hijacking
3- UDP Bomb
4- TCP Land Attack
I dont want any codings or ...
i want to understand what are these attacks?
I googled but i cant find my desired resources.

Thanks in advance For Your Helps
0
Comment
Question by:gomrok
  • 5
7 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 13865411
Smurf Attack - When a perpetrator sends a large number of ICMP echo (ping) traffic at IP broadcast addresses, using a fake source address. The source address will be flooded with simultaneous replies (See CERT Advisory: CA-1998-01). http://www.unixcities.com/dos-attack/index1.html

CERT® Advisory CA-1998-01 Smurf IP Denial-of-Service Attacks
http://www.cert.org/advisories/CA-1998-01.html

I. Description
The two main components to the smurf denial-of-service attack are the use of forged ICMP echo request packets and the direction of packets to IP broadcast addresses.

The Internet Control Message Protocol (ICMP) is used to handle errors and exchange control messages. ICMP can be used to determine if a machine on the Internet is responding. To do this, an ICMP echo request packet is sent to a machine. If a machine receives that packet, that machine will return an ICMP echo reply packet. A common implementation of this process is the "ping" command, which is included with many operating systems and network software packages. ICMP is used to convey status and error information including notification of network congestion and of other network transport problems. ICMP can also be a valuable tool in diagnosing host or network problems.

On IP networks, a packet can be directed to an individual machine or broadcast to an entire network. When a packet is sent to an IP broadcast address from a machine on the local network, that packet is delivered to all machines on that network. When a packet is sent to that IP broadcast address from a machine outside of the local network, it is broadcast to all machines on the target network (as long as routers are configured to pass along that traffic).

IP broadcast addresses are usually network addresses with the host portion of the address having all one bits. For example, the IP broadcast address for the network 10.0.0.0 is 10.255.255.255. If you have subnetted your class A network into 256 subnets, the IP broadcast address for the 10.50 subnet would be 10.50.255.255. Network addresses with all zeros in the host portion, such as 10.50.0.0, can also produce a broadcast response.

In the "smurf" attack, attackers are using ICMP echo request packets directed to IP broadcast addresses from remote locations to generate denial-of-service attacks. There are three parties in these attacks: the attacker, the intermediary, and the victim (note that the intermediary can also be a victim).

The intermediary receives an ICMP echo request packet directed to the IP broadcast address of their network. If the intermediary does not filter ICMP traffic directed to IP broadcast addresses, many of the machines on the network will receive this ICMP echo request packet and send an ICMP echo reply packet back. When (potentially) all the machines on a network respond to this ICMP echo request, the result can be severe network congestion or outages.

When the attackers create these packets, they do not use the IP address of their own machine as the source address. Instead, they create forged packets that contain the spoofed source address of the attacker's intended victim. The result is that when all the machines at the intermediary's site respond to the ICMP echo requests, they send replies to the victim's machine. The victim is subjected to network congestion that could potentially make the network unusable. Even though we have not labeled the intermediary as a "victim," the intermediary can be victimized by suffering the same types of problem that the "victim" does in these attacks.

Attackers have developed automated tools that enable them to send these attacks to multiple intermediaries at the same time, causing all of the intermediaries to direct their responses to the same victim. Attackers have also developed tools to look for network routers that do not filter broadcast traffic and networks where multiple hosts respond. These networks can the subsequently be used as intermediaries in attacks.




0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 500 total points
ID: 13865424
2- TCP/IP Hijacking

I assume you mean TCP session Hijacking??

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.
A popular method is using source-routed IP packets. This allows a hacker at point A on the network to participate in a conversation between B and C by encouraging the IP packets to pass through its machine.

If source-routing is turned off, the hacker can use "blind" hijacking, whereby it guesses the responses of the two machines. Thus, the hacker can send a command, but can never see the response. However, a common command would be to set a password allowing access from somewhere else on the net.

A hacker can also be "inline" between B and C using a sniffing program to watch the conversation. This is known as a "man-in-the-middle attack".

A common component of such an attack is to execute a denial-of-service (DoS) attack against one end-point to stop it from responding. This attack can be either against the machine to force it to crash, or against the network connection to force heavy packet loss.
http://www.iss.net/security_center/advice/Exploits/TCP/session_hijacking/default.htm
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 500 total points
ID: 13865448
3- UDP Bomb

UDP Bomb – The UDP bomb attack uses an illegal UDP packet containing illegal data in some of the UDP fields. This kind of attack can cause the computer to crash.
http://www.isaserver.org/images/ch10.pdf


0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 500 total points
ID: 13865477
4- TCP Land Attack

Send a TCP SYN packet containing the victim’s IP address in destination and source field. On the other side flooding attacks is the result of sending more than the expected frequency of packets to a specific target.
http://www.dcs.st-and.ac.uk/~ag/DSA/DoS.html

udpland

Similar to the TCP Land attack. The
attacker sends UDP packets with
the target’s IP address as the
source address, causing the target
to loop.

icmpland

Similar to the TCP Land attack. The
attacker sends ICMP packets with
the target’s IP address as the
source address, causing the target
to loop.

ipland

Similar to the TCP Land attack. The
attacker sends IP packets with the
target’s IP address as the source
address, causing the target to loop.

http://www.fortigate.be/Files/2.50/v2.50_FortiGate_NIDS_User_Guide_23_June_2003.pdf
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 13866724
PeteLong

Pretty succinct - nice!
RF
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 13873630
ThanQ
0
 

Author Comment

by:gomrok
ID: 13892294
Thanks for your Good Comments,

but Udp Bomb description is so little.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question