Types of detected network attacks
Nowadays, a great number of network attacks exist. These attacks exploit vulnerabilities of the operating system and other software, system-type or otherwise, installed on your computer.
To ensure the security of your computer, you must know what kinds of network attacks you might encounter. Known network attacks can be divided into three major groups:
- Port scan – this threat type is not an attack itself but it usually precedes one, since it is one of the common ways of obtaining information about a remote computer. The UDP/TCP ports used by the network tools on the computer targeted by an intruder are scanned to find out their status (closed or open).
Port scans can tell a hacker what types of attacks work on that system, and what types do not. In addition, the information obtained by the scan (a model of the system) helps the malefactor to know what operating system the remote computer uses. This, in turn, further restricts the number of potential attacks, and, correspondingly, the time spent perpetrating them. It also aids a hacker in attempting to use vulnerabilities characteristic of the operating system.
- DoS attacks, or Denial of Service attacks are attacks which cause an unstable performance of a system or its crash. Attacks of this type may affect the operability of information resources under attack (for example, blocking Internet access).
There are two basic types of DoS attacks:
- sending the target computer specially created packets that the computer does not expect, which cause the system either to restart or to stop;
- sending the target computer many packets within a timeframe that the computer cannot process, which causes system resources to be exhausted.
The most flagrant examples for this group of attacks are the following types:
- The Ping of death attack consists of sending an ICMP packet with a size greater than the maximum of 64 KB. This attack can crash some operating systems.
- Land attack consists of sending a request to an open port on the target computer to establish a connection with itself. This attack sends the computer into a cycle, which intensifies the load on the processor and can lead to the crashing of some operating systems.
- The ICMP Flood attack consists of sending a large quantity of ICMP packets to your computer. The computer attempts to reply to each inbound packet, which slows the processor to a crawl.
- The SYN Flood attack consists of sending a large quantity of queries to a remote computer to establish a fake connection. The system reserves certain resources for each of those connections, which completely drains your system resources, and the computer stops reacting to other connection attempts.
- Intrusion attacks, which aim to take over your computer. This is the most dangerous type of attack, because if it is successful, the hacker takes total control of your system.
Hackers use this attack to obtain confidential information from a remote computer (for example, credit card numbers, passwords), or to penetrate the system to use its computing resources for malicious purposes later (e.g., to use the invaded system in a zombie network, or as a platform for new attacks).
This group is the the largest in number of attacks included. They may be divided into three groups depending on the operating system installed on the user’s computer: Microsoft Windows attacks, Unix attacks, and the common group for network services available in both operating systems.
The following types of attacks are the most common among those using the network resources of operating systems:
- Buffer overflow attacks. Buffer overflow may be caused by lack (or insufficiency) of control when working with data arrays. This is one of the oldest vulnerability types and the easiest for hackers to exploit.
- Format string attacks. Format string errors arise from insufficient control of input values for I/O functions, such as printf(), fprintf(), scanf(), and others, from the standard C library. If an application has this vulnerability, the hacker is able to send queries created with a special technique and can take total control of the system.
Intrusion Detection System automatically analyzes and prevents attempts to exploit these vulnerabilities in the most common network services (FTP, POP3, IMAP) if they are running on the user’s computer.
- Attacks aimed at computers with Microsoft Windows are based on the use of vulnerabilities of the software installed on a computer (such as Microsoft SQL Server, Microsoft Internet Explorer, Messenger, and system components available via the network – DCom, SMB, Wins, LSASS, IIS5).
In addition, the use of various malicious scripts, including scripts processed by Microsoft Internet Explorer and Helkern-type worms, can be classified as isolated incidents of intrusion attacks. The essence of this attack type consists of sending a special type of UDP packets to a remote computer that can execute malicious code.