See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/324860675

Hacking Attacks, Methods, Techniques And Their Protection Measures

Article  in  International Journal of Advance Research in Computer Science and Management · May 2018

CITATIONS READS

3 6,665

2 authors, including:

Sunil Kumar
Sangam University
18 PUBLICATIONS   12 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

cyber security View project

Social Media Security Risks, Cyber Threats And Risks Prevention And Mitigation Techniques View project

All content following this page was uploaded by Sunil Kumar on 01 May 2018.

The user has requested enhancement of the downloaded file.

IJSART - Volume 4 Issue 4 – APRIL 2018
Hacking Attacks, Methods, Techniques And Their
Protection Measures
Dr. Sunil Kumar1, Dilip Agarwal 2
1, 2
Assistant Professor, Dept of Computer Science
1, 2
Sangam University, Bhilwara, Rajasthan
Abstract- As public and private associations relocate a
greater amount of their basic capacities to the Internet,
criminals have greater opportunity and motivating force to
access sensitive data through the Web application. Thus the
need of shielding the systems from the annoyance of hacking
created by the hackers is to advance the people who will
punch back the illegal attacks on our computer systems. In this
way, to overcome from these real issues, ethical hackers or
white cap hackers appeared. One of the quickest developing
zones in network security, and absolutely a territory that
produces much talk.
The fundamental reason for this study is to uncover
the concise thought of the ethical hacking and its issues with
the corporate security.
Keywords- Hacking Protection Techniques, methods of
hacking, hacking tools, Ethical Hacking, Attack types,
Hacking tools.
I. INTRODUCTION
The Internet is as yet developing and online business
is on its progress. The immense development of Internet has
brought numerous great things like electronic commerce,
email, simple access to tremendous stores of reference
material and so forth. An ever increasing number of computers
get associated with the Internet, wireless devices and networks
are blasting. Because of the propel innovation of the Internet,
the administration, private industry and the regular computer
client have fears of their information or private data being
contained by a criminal hacker [1]. These kinds of hackers are
called black hat hackers who will covertly take the
association's data and transmit it to the open internet. In this
way, to overcome from these real issues, another class of
hackers appeared and these hackers are named as ethical
hackers or white hat hackers. Along these lines, this paper
portrays ethical hackers, their aptitudes and how they
approach helping their clients and fitting up security openings.
In this way, if there should be an occurrence of computer
security, these tiger groups or ethical hackers would utilize
similar traps and strategies that hacker utilizes yet in a
legitimate way and they would neither harm the objective
Page | 2253
ISSN [ONLINE]: 2395-1052
frameworks nor take data. Rather, they would assess the
objective framework's security and report back to the
proprietors with the vulnerabilities they found and guidelines
for how to cure them.
This paper will characterize ethical hacking, show a portion of
the ordinarily utilize terms for aggressors, give a rundown of
the standard administrations offered by means of ethical
hacking to battle assailants, talk about issues and their
preventions.
II. WHAT IS HACKING?
Hacking isn't a basic activity or arrangement of
charges the same number of individuals think. Hacking is an
aptitude. Hacking isn't a particular term; there are numerous
sorts of hacking. Hacking is unapproved utilization of
computer and system assets. Computer hacking is the act of
changing computer equipment and programming to achieve an
objective outside of the maker's unique reason. Individuals
who participate in computer hacking exercises are regularly
called hackers. Hacker is a programmer who breaks into
another person's computer framework or information without
authorization.
Ethical hacking
It is otherwise called infiltration testing or white-hat hacking
[5]. The art of testing your computers and system for security
vulnerabilities and stopping the gaps you find before the
terrible folks get an opportunity to misuse them. Ethical
hacking and ethical hacker are terms used to portray hacking
performed by an organization or individual to help recognize
potential dangers on a computer or system. An ethical hacker
endeavors to sidestep route past the framework security and
look for any frail focuses that could be abused by pernicious
hackers. This data is then utilized by the association to
enhance the framework security, with an end goal to limit or
wipe out, any potential assaults. To get a criminal, take on a
similar mindset as a cheat. That's the reason for ethical
hacking. ...includes similar apparatuses, traps, and systems
that hackers utilize, yet with one noteworthy distinction:
Ethical hacking is legitimate. Ethical hacking is performed
www.ijsart.com
IJSART - Volume 4 Issue 4 – APRIL 2018
with the objective's authorization. The plan of ethical hacking
is to find vulnerabilities from a hacker's perspective so
frameworks can be better secured. It's a piece of a general data
chance administration program that takes into account
progressing security enhancements. Ethical hacking can
likewise guarantee that sellers' cases about the security of their
items are legitimate.
III. TYPES OF ATTACKS
Nontechnical assaults: Exploits that include controlling
individuals, end clients and even you, are the best
vulnerability inside any computer or network foundation.
People are trusting by nature [2], which can prompt social-
designing exploits. Social designing is characterized as the
misuse of the trusting idea of individuals to pick up data for
pernicious reason. Other normal and compelling assaults
against data frameworks are physical. Hackers break into
structures, computer rooms, or different regions containing
basic data or property. Physical assaults can incorporate
dumpster jumping (scrounging through waste jars and
dumpsters for protected innovation, passwords, network
outlines, and other data).
Network-foundation assaults: Hacker assaults against
network foundations can be simple, in light of the fact that
numerous networks can be come to from anyplace on the
planet through the Internet. Here are a few cases of network-
foundation assaults:
 Connecting into a network through a maverick
modem connected to a computer behind a firewall.
 Exploiting shortcomings in network transport
components, for example, TCP/IP and NetBIOS.
 Flooding a network with excessively numerous
solicitations, making a denial of service (DoS) for
honest to goodness demands.
 Installing a network analyzer on a network and
catching each parcel that movements crosswise over
it, uncovering classified data in clear content,
piggybacking onto a network through an unreliable
802.11b wireless design. The counter threats
techniques. In Section 6, the future patterns of social
networks have been analyzed. In Section 7, we cover
the risks counteractive action and threats
vulnerabilities. At long last, we finished our paper
with the conclusion at Section 8.
Operating-framework assaults: Hacking operating systems
(OSs) [5] is a favored technique for the terrible folks. OSs
contain an extensive bit of hacker assaults basically in light of
the fact that each computer has one and such huge numbers of
Page | 2254
ISSN [ONLINE]: 2395-1052
surely understood exploits can be utilized against them. Every
so often, some operating systems that are more secure out of
the crate, for example, Novell NetWare and the kinds of BSD
UNIX are assaulted, and vulnerabilities turn up. In any case,
hackers lean toward assaulting operating systems like
Windows and Linux since they are broadly utilized and better
known for their vulnerabilities. Here are a few cases of
assaults on operating systems:
 Exploiting particular protocol usage
 Attacking worked in confirmation systems.
 Breaking record framework security.
 Cracking passwords and encryption instruments.
Application and other particular assaults: Applications
take a great deal of hits by hackers. Projects, for example,
email server software and Web applications often are
pummeled:
 Hypertext Transfer Protocol (HTTP) and Simple
Mail Transfer Protocol (SMTP) applications are
regularly assaulted on the grounds that most firewalls
and other security systems are arranged to enable full
access to these projects from the Internet.
 Malicious software (malware) incorporates
infections, worms, Trojan steeds, and spyware.
Malware obstructs networks and brings down
systems.
 Spam (garbage email) is wreaking ruin on framework
accessibility and storage room. And it can convey
malware. Ethical hacking uncovers such assaults
against your computer systems.
IV. GROUPS OF HACKERS
White Hats are the great folks, the ethical hackers
who utilize their hacking abilities for defensive purposes.
White-hat hackers are typically security professionals with
learning of hacking and the hacker toolset and who utilize this
information to find shortcomings and actualize
countermeasures.
Black Hats are viewed as the terrible folks: the noxious
hackers or saltines utilize their abilities for illicit or malignant
purposes. They break into or generally abuse the framework
respectability of remote machines, with noxious aim. Having
increased unapproved get to, black-hat hackers wreck crucial
information, deny honest to goodness clients service, and
fundamentally cause issues for their objectives.
Gray Hats [8] are hackers who may work offensively or
protectively, contingent upon the circumstance. This is the
www.ijsart.com
IJSART - Volume 4 Issue 4 – APRIL 2018
isolating line amongst hacker and saltine. Both are intense
powers on the Internet, and both will remain for all time. And
a few people meet all requirements for the two classifications.
The presence of such people additionally mists the division
between these two gatherings of individuals.
V. TOOLS USED BY HACKERS
There are a few regular instruments utilized by
computer offenders to infiltrate network as:
 Trojan horse- These are malignant projects or
honest to goodness software is to be utilized set up a
secondary passage in a computer framework with the
goal that the criminal can get entrance.
 Virus- A virus is a self-repeating program that
spreads by embeddings duplicates of itself into other
executable code or archives.
 Worm - The worm is a like virus and likewise a self
duplicating program. The distinction between a virus
and a worm is that a worm does not append itself to
other code.
 Vulnerability scanner – This instrument is utilized
by hackers and interlopers for rapidly check
computers on a network for known shortcomings.
Hackers likewise utilize port scanners. This verifies
which ports on a predetermined computer are "open"
or accessible to get to the computer.
 Sniffer – This is an application that catches
watchword and other information in travel either
inside the computer or over the network.
 Exploit – This is an application to exploits a known
shortcoming.
 Social engineering – Through this to acquire some
type of data.
 Root kit - This apparatus is for concealing the way
that a computer's security has been traded off.
VI. TYPES OF HACKING
Inside Jobs: Most security breaks begin inside the network
that is under assault. Inside occupations incorporate taking
passwords (which hackers at that point utilize or offer),
performing mechanical secret activities, causing hurt (as
displeased representatives), or conferring simple abuse. Sound
arrangement authorization and perceptive workers who protect
their passwords and PCs can impede a significant number of
these security ruptures.
Rogue Access Points: Rogue access points (APs) are
unsecured wireless access points that pariahs can without
Page | 2255
ISSN [ONLINE]: 2395-1052
much of a stretch breech. (Nearby hackers often promote
rogue APs to each other.) Rogue APs are frequently associated
by good natured however oblivious representatives.
Back Doors: Hackers can access a network by exploiting back
doors authoritative easy routes, setup blunders, effortlessly
deciphered passwords, and unsecured dial-ups. With the guide
of computerized searchers (bots), hackers can likely discover
any shortcoming in your network.
Denial of Service: DOS assaults give hackers an approach to
cut down a network without increasing inward access. DOS
assaults work by flooding the access switches with sham
movement (which can be email or Transmission Control
Protocol, TCP, parcels).
Distributed Doss :(DDOSS) are facilitated DOS assaults
from numerous sources. A DDOSS more hard to square since
it utilizes numerous, changing, source IP addresses.
Anarchists, Crackers, and Kiddies: Anarchists are
individuals who simply jump at the chance to break stuff.
They for the most part exploit any objective of chance.
Crackers are specialists or professionals who break passwords
and create Trojan horses or other SW (called products). They
either utilize the SW themselves (for gloating rights) or offer it
for profit. Content kiddies are hacker wannabes. They have no
genuine hacker aptitudes, so they purchase or download
products, which they dispatch. Different assailants incorporate
disappointed workers, fear based oppressors, political agents,
or any other person who feels insulted, exploited, ripped off,
or disliked.
Sniffing and Spoofing: Sniffing alludes to the demonstration
of catching TCP bundles. This capture can occur through
simple listening stealthily or something more evil. Spoofing is
the demonstration of sending an ill-conceived bundle with a
normal affirmation (ACK), which a hacker can figure, foresee,
or acquire by snooping.
VII. TOP TEN HACKING TOOLS
Ordinarily, a hacker knows the utilization of
apparatuses. Some hacker composes their own apparatuses.
Here are the main TEN best hacking apparatuses recorded
beneath:
NMAP
This is often also alluded to as in light of the fact that
the Swiss knife of hacking. This is often to a great extent
www.ijsart.com
IJSART - Volume 4 Issue 4 – APRIL 2018
utilized in the foot printing segment to examine the ports of
the remote workstation for situating out ports is open.
WIRESHARK
This catches all networks movement prying a
network connector. It breaks down for succulent data like
usernames and passwords. To perform network investigating
network executives is utilized.
CAIN AND ABEL
This could be wont to split window watchword. It
moreover performs man inside the center assaults, catch
network passwords and so forth.
METASPLOIT
It's an expansive data of exploits. It's the last word
hacking instrument which will empower to "hack" a PC. It's
best to utilize metasploit beneath Linux.
BURP SUITE
Burpsuite might be a net intermediary instrument that
is utilized to check the net application security. This could
savage power any login compose in an extremely program.
One will alter or change data before causation to the server.
This apparatus is beneath windows and Linux conditions
AIRCRACK-NG
Aircrack-ng might be an arrangement of apparatuses
wont to split wireless constancy passwords. This moreover
comes beneath Linux setting.
NESSUS
This is often a thorough programmed shortcoming
scanner. One should give data preparing address as info and
it'll check that deliver to search out the shortcoming in that
framework.
THC HYDRA
This is often a fast watchword saltine instrument. It
splits passwords of remote systems through the network. It
will split passwords of the numerous protocols and also ftp,
http, and so forth there's Associate in Nursing decision to give
a dictionary record it contains achievable passwords. It comes
underneath Linux setting.
Page | 2256
ISSN [ONLINE]: 2395-1052
HPING3
Hping3 sends custom ICMP, UDP or
correspondences protocol parcels so shows any answers. This
apparatus is to a great degree supportive once endeavoring to
follow course/ping/test has that have firewalls blocked normal
pings. This comes beneath windows and Linux.
PUTTY
It's not a hacking computer code without anyone
else's input; it's a horrendously incredible instrument for
hacker. It's a customer for SSH and telnet, which might be
won't to interface with remote computers. The utilization putty
after you needs to join to your arrival machine from your
Windows PC. It might likewise be wont to perform SSH
burrowing to sidestep firewalls.
VIII. HACKING PROTECTION TECHNIQUES
In importance various hacking exercises, some of the
recommended insurance systems zone unit
SECURITY INFRASTRUCTURE
One among the principal basic frameworks for
forcing information security is that the firewall, that goes for
forbidding the access of approaching and leaving movement
through setup of control sets.
INTRUSION DETECTION SYSTEM
It shields a network by gathering information from a
spread of framework and network supply, so examining the
information for potential security issues. It gives day and age
perception and examination of client and framework action.
When all is said in done, there are a unit 2 styles of IDS,
particularly Network Intrusion Detection System (NIDS)
screens various has by looking at network activity at the
network limits and Host Intrusion Detection System (HIDS)
will screen one host by breaking down application logs,
recording framework adjustment like word document and
access administration records.
CODE REVIEW
For any self-created applications like internet
applications, AN independent code audit on the projects
should be led severally from the apparatus advancement in
order to ensure no security blemish is uncovered from the
codes that territory unit unmistakable to the overall
www.ijsart.com
IJSART - Volume 4 Issue 4 – APRIL 2018 ISSN [ONLINE]: 2395-1052

population, and legitimate mistake handling and information [6] H.M David, “Three Different Shades of Ethical
approval are executed inside the code. Hacking: Black, White and Gray,” in GSEC Practical
Assignment, Version 1.4b, Option 1, Feb 23, 2004.
SECURITY PATCHES [7] Ajinkya A., Farsole Amruta G., Kashikar Apurva
Zunzunwala"Ethical Hacking", in 2010 International
A few service providers, together with bundle Journal of Computer Applications (0975 – 8887) Volume
merchants and bundle providers bargain with security fixes 1 – No. 10
once their shortcoming of the bundle or bundle was found. [8] Marilyn Leathers “A Closer Look at Ethical Hacking and
The establishment of progressive defensive patches is Hackers" in East Carolina University ICTN 6865.
staggeringly crucial since these shortcomings region unit some [9] Gilberto Tadayoshi Hashimoto, Pedro Frosi Rosa, Edmo
of the time noted to the overall population. Lopes Filho, Jayme Tadeu Machado, A Security
Framework to Protect Against Social Networks Services
IX. CONCLUSION Threats, 2010 Fifth International Conference on Systems
and Networks Communications.
This paper tended to ethical hacking from a few
viewpoints. Ethical hacking is by all accounts another trendy
expression despite the fact that the strategies and thoughts of
testing security by assaulting an establishment aren't new by
any means. Be that as it may, with the present poor security on
the internet, ethical hacking might be the best method to plug
security gaps and avoid interruptions. Then again ethical
hacking devices have additionally been infamous apparatuses
for crackers. In this way, at introduce the strategic goal is to
remain one stage in front of the crackers. Ethical Hacking is
an instrument, which if legitimately used, can demonstrate
helpful for understanding the shortcomings of a network and
how they may be exploited. All things considered, ethical
hacking will assume a specific part in the security appraisal
offerings and unquestionably has earned its place among other
security evaluations. Taking everything into account, it must
be said that the ethical hacker is a teacher who looks to edify
the client, as well as the security business in general. With an
end goal to achieve this, let us respect the Ethical Hacker into
our positions as an accomplice in this mission.

REFERENCES

[1] Sanctum Inc, “Ethical Hacking techniques to audit and

secure web enabled applications”, 2002.
[2] B. Reto, “Ethical Hacking”, in GSEC Practical
Assignment, Version 1.4b, Option 1, Nov 24, 2002.
[3] Smith B., Yurcik W., Doss D., “Ethical Hacking: the
security justification redux”, IEEE Transactions, pp. 375-
379, 2002.
[4] J. Danish and A. N. Muhammad, “Is Ethical Hacking
Ethical? “ , International journal of Engineering Science
and Technology, Vol 3 No. 5, pp. 3758-3763, May 2011.
[5] Ajinkya A. Farsole, Amurta G. Kashikar and Apurva
Zunzunwala , “Ethical Hacking, International journal of
Computer Applications (0975-8887), Vol. 1 No. 10, pp.
14-20, 2010.

Page | 2257 www.ijsart.com

View publication stats