ProperGander

Security for the masses

Network Attacks

Most attacks against networks are Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks in which the objective is to consume a network’s bandwidth to make network services unavailable. But there are several other types of attacks, some of which are discussed here. Those readers with little or no knowledge of networking and network protocols may want to read these Wiki's: transmisson control protocol   user datagram protocol   Internet control message protocol. Most of these attacks can be mitigated by the use of firewall filtering or the droping of packets at the router.

IP Spoofing

The act of altering a TCP packet so that it appears to be coming from a different IP address. This can be a known trusted, to the network, IP address or a random IP address used to hide the real source of the connection.

MAC Spoofing

MAC spoofing involves changing the assigned Media Access Control (MAC) address of a networked device to a different one. The changing of the assigned MAC address may allow the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer.

Syn Flood

In a SYN flood attack, TCP packets requesting a connection are sent to the target network with a spoofed source address. The target responds with a SYN-ACK packet, but the spoofed source never replies. Half-open connections are incomplete communication sessions awaiting completion of the TCP three-way handshake. These connections can quickly overwhelm a system’s resources while waiting for the half-open connections to time out. This causes the system to crash or otherwise become unusable.

ICMP Flood

In an ICMP flood attack, large numbers of ICMP packets, usually an Echo Request are sent to the target network to consume available bandwidth and/or system resources. As ICMP isn’t required for normal network operations, the easiest defense is to drop ICMP packets at the router or filter them at the firewall.

UDP Flood

UDP flooding involves sending large numbers of UDP packets to the target network in an attempt to consume available bandwidth and/or system resources. UDP floods can generally be filtered at the router. But if the attack is using a required UDP port like DNS on port 53 other countermeasures need to be employed.

Smurf Attack

A Smurf attack is a variation of the ICMP flood attack. In a Smurf attack, ICMP Echo Request packets are sent to the broadcast address of a target network by using a spoofed IP address from the target network. The target then transmits the ICMP Echo Request to all hosts on the network. Each host responds with an Echo Reply packet choking available bandwidth and/or system resources.

Fraggle Attack

A Fraggle attack is a varint of a Smurf attackthat uses UDP Echo packets rather than ICMP packets.

Teardrop Attack

In a Teardrop attack, the length and fragmentation offset fields of sequential IP packets are modified causing the target system to and crash. This is a rarely seen attack these days as most modern TCP/IP stacks handle such malformed packets gracefully.