Network Defense and

Countermeasures
Sir. Ahmad Kamalrulzaman Othman
FSKM, UiTM Johor

Chapter 2: Types of Attacks

Objectives

Describe the most common network attacks

Explain how these attacks are executed
Configure a system to prevent Denial of
Service attacks
Configure a system to defend against Trojan
horse attacks
Configure a system to defend against buffer
overflow attacks

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

Introduction
There are many types of attacks that can affect
computer systems. This chapter addresses
some of the most common, including Denial of
Service (DOS), virus, and Trojan horse attacks.
In information security knowledge is power is
not only good advice but an axiom upon which
to build an entire security outlook.

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

Defending Against Denial of Service

Attacks

Denial of Service (DoS) in action

Distributed Denial of Service (DDoS)
SYN Flood
Smurf Attack
The Ping of Death
Distributed Reflection Denial of Service

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

Denial of Service Attack

Based on the premise

that all computers have
operational limitations
Utilizes the ping utility
to execute the attack
You can use the /h or
/? Switch with ping to
find out what options
are available

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

Distributed Denial of Service (DDoS)

Attack

Variation of a Denial of Service

Launched from multiple clients
More difficult to track due to the use of
zombie machines

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

SYN Flood

Takes advantage of the TCP handshake process

Can be addressed in the following manners:

Micro Blocks
SYN Cookies
RST Cookies
Stack tweaking

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

Smurf Attack

Very popular attack

Utilizes the ICMP
packet to execute the
attack
Graphic to the right
illustrates this type of
attack

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

Ping of Death (PoD)

Attacks machines that cannot handle

oversized packets
Ensure that systems are patched and up to
date
Most current operating systems automatically
drop oversized packets

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

Ping of Death (PoD) cont.

UDP Flood

Variation to the PoD that targets open ports

Faster due to no acknowledgements required
Sends packets to random ports
If enough are sent, the target computer shuts
down

ICMP Flood

Another name for the ping flood

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

10

Distributed Reflection Denial of

Service

Special kind of DoS

Uses Routers to execute the DoS attack
Routers do not have to be compromised in
order to execute the attack
Configure routers to not forward broadcast
packets

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

11

Distributed Reflection Denial of

Service cont.

This graphic illustrates

how a DRDoS uses
internet routers to
execute an attack

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

12

DoS Tools

Tools are downloadable from the Internet

Ease of access facilitates widespread use
Most prevalent: Tribal Flood Network (TFN2K)

Used in UDP, ICMP, and TCP SYN Flood attacks

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

13

DoS Tools cont.

Trin00: installed on a machine and reports to

a master computer
Common file names:

Ns, ttp, rpc.trinoo, rpc.listen, trinix, rpc.irix, irix

Use Windows Task manager to view and

stop

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

14

Real World Examples

Blaster
MyDoom
W32.Storm Worm
The Slammer Worm

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

15

How to Defend Against DoS Attacks

SYN, RST Cookies, Micro Blocks, etc.

Need to understand how attack is perpetrated
Configure firewall to disallow incoming
protocols or all traffic

This may not be a practical solution

Disable forwarding of directed IP broadcast

packets on routers

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

16

How to Defend Against DoS Attacks

cont.

Maintain virus protection on all clients on your

network
Maintain operating system patches
Establish policies for downloading software

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

17

Defending Against Buffer Overflow

Attacks

More common than DoS a few years ago

Still a very real threat
Designed to put more information in the
buffer than it is meant to hold
Application design can reduce this threat
More difficult to execute
See Figure 2.6 for an example (new slide)

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

18

Defending Against Buffer Overflow

Attacks cont.

The graphic illustrates what happens in a Buffer overflow

attack
How do they occur?
What do Script viruses have to do with buffer overflows?

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

19

Defending Against IP Spoofing

Used to gain unauthorized access to

computers
Source address of packet is changed
Becoming less frequent due to security

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

20

Defending Against IP Spoofing cont.

Potential vulnerabilities with routers:

External routers connected to multiple internal

networks
Proxy firewalls that use t he source IP address for
authentication
Routers that subnet internal networks
Unfiltered packets with a source IP on the local
network/domain

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

21

Defending Against Session Hacking

The hacker takes over a TCP session

Most common is the man-in-the-middle
Can also be done if the hacker gains access
to the target machine
Encryption is the only way to combat this type
of attack

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

22

Blocking Virus and Trojan Horse

Attacks

Viruses

Most common threat to networks

Propagate in two ways:

Scanning computer for network connections

Reading e-mail address book and sending to all

Examples:

SoBig Virus
Mimail, Bagle
Sasser

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

23

Blocking Virus and Trojan Horse

Attacks cont.

Viruses (rules to protect)

Always use virus scanner software

Do not open unknown attachments
Establish a code word with friends and colleagues
Do not believe security alerts sent to you

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

24

Blocking Virus and Trojan Horse

Attacks cont.

Trojan Horses

Program that looks benign, but has malicious

intent
They might:

Download harmful software

Install a key logger or other spyware
Delete files
Open a backdoor for hacker to use

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

25

Trojan Horse CAUTION

Students are strongly cautioned against
attempting to create any of these Trojan horse
scenarios. Release of this type of application is
a criminal offense and likely to result in a prison
sentence and civil penalties.

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

26

Summary

Most common network attacks:

Session hacking
Virus and Trojan horse attacks
Denial of Service/Distributed Denial of Service
Buffer overflow

Explanation of how these attacks take place

has been outlined

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

27

Summary cont.

Basic defenses against these types of attacks

Virus protection software

Router configuration
Smart e-mail policies and procedures
Monitor network traffic
Maintain a current patch policy to keep systems
up to date with security patches

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

28

Summary cont.

Prevent Denial of Service attacks

Use of Proxy servers

Established policies on maintenance

Keep systems up to date with latest patches

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

29

Summary cont.

Defend against Trojan horse and virus

attacks:

Have an established policy for email attachments

and downloading software

Do not open unknown attachments

Strictly monitor software downloads and what can be
downloaded

Defend against buffer overflow attacks

Routinely update systems

Keep security patches up to date

2006 by Pearson Education, Inc.

Chapter 2 Types of Attacks

30