Professional Documents
Culture Documents
com
Dear customer,
thanks for your order and your download from the online reader’s area of
the chapter „Common ways to attack a network“.
We hope, you enjoy reading this chapter on your computer screen before
you receive the copy of our book.
Please do not give this file or prints of this file to third parties. It’s only for
our customers!
Best regards,
Ingo Haese
Ping
Pinging is normally the first step involved in hacking the target. Ping uses
ICMP (Internet Control Messaging Protocol) to determine whether the
target host is reachable or not. Ping sends out ICMP Echo packets to the
target host, if the target host is alive it would respond back with ICMP
Echo reply packets.
All the versions of Windows also contain the ping tool. To ping a remote
host follow the procedure below.
Click Start and then click Run. Now type ping <ip address or hostname>
(For example: ping yahoo.com). Now you should get the reply as shown
below.
For more parameter that could be used with the ping command, go to
DOS prompt and type ping /?.
Ping Sweep
If you are undetermined about your target and just want a live system,
ping sweep is the solution for you. Ping sweep also uses ICMP to scan
for live systems in the specified range of IP addresses. Though Ping
sweep is similar to ping but reduces the time involved in pinging a range
of IP addresses. Nmap (http://www.insecure.org) also contains an option
to perform ping sweeps.
But there are some tools available like Visual Traceroute which help you
even to find the geographical location of the routers involved.
http://www.visualware.com/visualroute
Port Scanning
After you have determined that your target system is alive the next
important step would be to perform a port scan on the target system.
There are a wide range of port scanners available for free. But many of
them uses outdated techniques for port scanning which could be easily
recognized by the network administrator. Personally I like to use Nmap
(http://www.insecure.org) which has a wide range of options. You can
download the NmapWin and its source code from:
http://www.sourceforge.net/projects/nmapwin.
Besides the above ports they are even some ports known as Trojan
ports used by Trojans that allow remote access to that system.
Vulnerability Scanning:
Every operating system or the services will have some vulnerabilities due
to the programming errors. These vulnerabilities are crucial for a
successful hack. Bugtraq is an excellent mailing list discussing the
vulnerabilities in the various system. The exploit code writers write
exploit codes to exploit these vulnerabilities existing in a system.
Sniffing
Data is transmitted over the network in the form of datagrams (packets).
These packets contain all the information including the login names,
passwords, etc. Ethernet is the most widely used forms of networking
computers. In such networks the data packets are sent to all the systems
over the network. The packet header contains the destination address for
the packet. The host receiving the data packets checks the destination
address for the received packet. If the destination address for the packet
matches with the hosts IP address the datagram will be accepted else it
will be discarded.
Packet sniffers accept all the packets arrived at the host regardless of its
destination IP address. So installing packet sniffer on a system in
Ethernet we can monitor all the data packets moving across the network.
The data may even include the login names and passwords of the users
on the network. Not only that sniffing can also reveal some valuable
information about the version numbers of the services running on the
host, operating system being used, etc.
Social Engineering
This has become one of the hottest topics today and it seems to work out
most of the times. Social Engineering doesn’t deal with the network
security issues, vulnerabilities, exploits, etc. It just deals with simple
psychological tricks that help to get the information we want. This really
works!! But it requires a lot of patience.
We are all talking about network security and fixing the vulnerabilities in
networks. But what happens if some internal person of a network
accidentally gives out the passwords. After all we are all humans; we are
also vulnerable and can be easily exploited and compromised than the
computers.
Social Engineering attacks have become most common during the chat
sessions. With the increase in use of Instant Messengers, any
anonymous person may have a chat with another any where in the
world. The most crucial part of this attack is to win the trust of the victim.
It may take a long time (may be in minutes, hours, days or months) for
this to happen. But after you are being trusted by the victim he will say
you every thing about him. Most of the times his person information will
be useful to crack his web accounts like e-mail ids, etc. Even some
people are so vulnerable to this attack that they even give their credit
card numbers to the strangers (social engineers).
Some social engineers stepped one more forward and they send some
keyloggers or Trojans to the victims claimed to be as screensavers or
pics. These keyloggers when executed gets installed and send back
information to the attacker. So be careful with such attacks.
1) Don’t believe everyone you meet on the net and tell them every
thing about you. Don’t even accidentally say answers to the
questions like “What’s you pet’s name?”, “What is your mother-
maiden’s name?”, etc. which are particularly used by your web
account providers to remind your passwords.
2) Don’t give your credit card details to even your near and dear
through instant messengers. Remember, it’s not a hard deal for an
attacker to crack an e-mail id and chat with you like your friend.
Also data through IMs can be easily sniffed.
3) Don’t accept executable files (like *.exe, *.bat, *.vbs, *.scr, etc.)
from unknown persons you meet on the net. They might be viruses
or Trojans.
Please act carefully, use security software and ask professionals for
help.