[ Pobierz całość w formacie PDF ]
.All these techniques have in common the ability todisrupt normal computer or operating system functioning on the targeted machine.These attacks can floodthe network with useless packets, corrupt or exhaust memory resources, or exploit a weakness in a networkapplication.Denial of service attacks include:" TCP SYN attack" SMURF attack" Teardrop attack" Ping of DeathPrevious Table of Contents NextProducts | Contact Us | About Us | Privacy | Ad Info | HomeUse of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc.All rightsreserved.Reproduction whole or in part in any form or medium without express written permission ofEarthWeb is prohibited.Read EarthWeb's privacy statement.http://corpitk.earthweb.com/reference/pro/1928994024/ch07/07-01.html (3 of 3) [8/3/2000 6:53:57 AM] Configuring Windows 2000 Server Security:IP Security for Microsoft Windows 2000 ServerConfiguring Windows 2000 Server Securityby Thomas W.Shinder, M.D., MCSE, MCP+I, MCT, Debra Littlejohn Shinder, MCSE, MCP+I, MCT,D.Lynn White, MCSE, MCPS, MCP+I, MCTSyngress Publishing, Inc.ISBN: 1928994024 Pub Date: 06/01/99Search this book:Search TipsAdvanced SearchPrevious Table of Contents NextTitleTCP SYN AttackWhen computers on a TCP/IP-based network establish a session, they go through the three-way handshakeprocess:1.The originating client sends a packet with the SYN flag set to ON.This host includes a sequence-----------number in the packet.The server will use this sequence number in the next step.2.The server will return a packet to the originating host with its SYN flag set to ON.This packet willhave a sequence number that is incremented by 1 over the number that was sent by the requestingcomputer.3.The client will respond to this request with a packet that will acknowledge the server s sequencenumber by incrementing the sequence number by 1.Whenever a host requests a session with a server, the pair will go through the three-way handshake process.The attacker can take advantage of this process by initiating multiple session requests that originate frombogus-source IP addresses.The server keeps each open request in a queue as it is waiting for step 3 to occur.Entries into the queue are typically emptied every 60 seconds.If the attacker is able to keep the queue filled, then legitimate connection requests will be denied, so serviceis denied to legitimate users of e-mail, Web, ftp, and other IP-related services.SMURF AttackThe SMURF attack attempts to disable the network by flooding the network with ICMP Echo Requests andEcho replies.The attacker will spoof a source IP address and then issue an ICMP Echo request to a broadcastaddress.This will cause all the machines on a segment to reply to the bogus request.If the attacker canmaintain this attack for an extended period of time, no useful information can be passed though the networkbecause of the flood of ICMP Echo Request and Reply messages traversing the wire.Teardrop AttackThe teardrop attack is executed using a program, such as teardrop.c, which causes fragmentation similar tohttp://corpitk.earthweb.com/reference/pro/1928994024/ch07/07-02.html (1 of 4) [8/3/2000 6:54:01 AM] Configuring Windows 2000 Server Security:IP Security for Microsoft Windows 2000 Serverthat seen in the Ping of Death attack.It takes advantage of a weakness in the reassembly process and cancause a system to hang or crash.Ping of DeathThe Ping of Death exploits features of the Internet Control Message Protocol (ICMP) and the Mean TransferUnit (MTU) sizes of various network architectures.The Ping command issues an ICMP Echo Request and isreturned an ICMP Echo reply by the destination host.The ICMP Echo request message is encapsulated in anIP packet that is limited by 65,535 octets.The MTU defines the maximum size of a unit for a definednetwork architecture, which varies with the media type.If the size of a packet is larger than the MTU, the packet will be fragmented and then reassembled at thedestination.It is possible to send a packet with more than the legal number of octets.When packets arefragmented, an offset value is included with the packet.This offset value is used to reassemble fragments attheir destination.The attacker could include with the last fragment a legal offset and a larger packet size.This will exceed the legal number of octets in the data portion of the ICMP Echo request.When reassemblyis attempted, the destination computer may respond by rebooting or crashing.Man-in-the-Middle AttacksA man-in-the-middle attack occurs when two parties believe that they are communicating only with eachother, but in fact there is an intermediary silently listening in to the conversation.The man in the middle canintercede in the conversation by impersonating the identity of either the sender or receiver.During theattacker s intercession, he can alter or destroy messages during transit.By using a network sniffer, the attacker can record and save messages for later use.This can allow theintruder to issue a subsequent replay attack.The man in the middle, having recorded aspects of aconversation, can replay this information in order to get around network authentication mechanisms in thefuture.This is known as a replay attack.Application-Directed AttacksApplication-oriented attacks seek to take advantage of weaknesses inherent in certain network applications.By exploiting weaknesses in these network applications, an intruder can:" Corrupt or alter important operating system files" Change the content of data files" Cause the network application or the entire operating system to operate abnormally, or even crash" Disrupt normal security and access controls maintained by the application or operating system" Plant a program or programs that can return information back to the attacker.Back Orifice is anexample of such an application.There are numerous examples of such application-directed attacks [ Pobierz caÅ‚ość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • rozszczep.opx.pl

    •