39

2.4.3 Network Compromises and Attacks

Why would somebody want to hurt your site? If you have any public visibility, you could well attract unwanted attention from unsavory characters who are holding a grudge, nosy competition trying to ferret out new product information, or disgruntled employees out for a joyride.

2.4.3.1 Denial of service attacks

These types of attacks are usually hate- or vendetta-driven, because they have only one aim: to prevent you or anyone else, for that matter from using your own equipment. A couple of strategies of this nature are: flooding a network interface with traffic, making use of the whole network impossible, or sending specific invalid packets to a computer that cause it to crash several times an hour. A good analogy for this type of attack would be someone wasting your whole afternoon by repeatedly calling you and hanging up. Although there is little you can do in this instance, once an attack is isolated, a system administrator can use a firewall to block inbound requests that would normally cripple the machine or the network. Unfortunately, there is only experimental work being done right now that would allow a scanning process or router to dynamically block such attacks when it notices them and verifies that they are valid threats.

2.4.3.2 Address spoofing

TCPIP, because of its widespread use, large-scale deployment, and ongoing worldwide development, is definitely the lingua franca of the Internet and will continue to be so. Enhancements to the lower levels of the protocol such as IPSec will not only support IPs use in a worldwide environment to deliver data, but will do so securely. The strengths derived from using the current IP implementation, unfortunately, make the protocol unsecure. Because of how packet routing works and how header information is constructed, it becomes very difficult to conclusively prove the path a packet takes from point A to point B, and difficult to guarantee that some packet originated from A to begin with. Because of this, attackers can masquerade or spoof their targets routers and systems into thinking packets originated from someplace they did not. By doing this, all manner of mischief can be wrought.

2.4.3.3 Session hijacking

By building a foundation of IP source spoofing in the above example, an attacker can effectively hijack an entire session between A and B. The parties need not be two individuals sending messages back and forth. More than likely, one of the parties involved will be a server of some sort, which the attacker will impersonate during the span of the communication. By posing as an organizations mail server or file server, he can collect a ton of private material and analyze it at his leisure.

2.4.3.4 Man-in-the-middle attack

Also built on the foundation of IP address spoofing, an attacker can not only stage a session hijack, but can also mimic A and complete the original requests made to B directly. Imagine that we are M, and are able to convince A we are B, and B we are A. Traffic sent to B from A could be caught by M, analyzed, modified, stored or merely witnessed, and then sent on to B, no one at all the wiser. Traffic returning from B to A could be treated in a similar fashion. The