Chapt er Two

Co mput er Security Threats and Att acks

Co mput er securit y t hreats are anyt hi ng t hat has a pot enti al t o cause har m on val ue of assets of
i nfor mati on syst e mresources.
On t he ot her hand, comput er securit y att ack is any acti on t hat compr o mi ses t he securit y of on val ue
of assets of i nfor mati on syst e mresources t hat derives from an i nt elli gent t hreat. An i nt elli gent act
of t hreat t hat atte mpt t o avoi d securit y servi ces, expl oits a vul nerabilit y and vi ol at e t he securit y
poli cy of a syst e m. Exampl es of attacks i ncl ude sendi ng mali ci ous i nput t o an appli cati on or
fl oodi ng a net wor k i n an att e mpt t o deny ser vi ce. Co mput er securit y t hreat coul d be i n t he for m of
nat ural causes or person (Non- mali ci ous or a comput er mali ci ous soft ware or mal ware soft ware).

Fi gure 1. 2 Causes of Threat

1
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
Mal i ci ous attacks can be rando m or di rected. In a rando m att ack t he attacker want s t o har m any
co mput er or user, such an att ack is si mil ar/ anal ogous t o accosti ng t he next pedestri an who wal ks
do wn t he street. An exampl e of a rando m att ack is mali ci ous code post ed on a websit e t hat coul d
be visited by anybody.

In a di rected attack, t he att acker i nt ends har mt o specifi c comput ers, per haps at one. Or gani zati on
(t hi nk of attacks agai nst a political organi zati on) or bel ongi ng t o a specific i ndi vi dual (t hi nk of
tryi ng t o drai n a specifi c person’s bank account, for exa mpl e, by i mpersonati on). Anot her cl ass of
direct ed attack is agai nst a particul ar product, such as any co mput er runni ng a particul ar browser.

Non- mali ci ous ki nds of har m i ncl ude someone’ s acci dent all y spilli ng a soft dri nk on a l apt op,
Soci al Engi neeri ng, uni ntenti onall y del eti ng t ext, uni nt enti onall y sendi ng an e mail message t o t he
wr ong person, and carelessl y t ypi ng “12” i nst ead of “21” when ent eri ng a phone nu mber or
cli cki ng “yes” i nst ead of “no” t o over writ e a file.
Soci al Engi neeri ng: Is a t echni que t hat a hacker uses t o st eal sensiti ve dat a by a person f or
different for pur poses by psychol ogi cal mani pul ati on co mbi ned wit h soci al scenes i nt enti onall y.
E. g. I magi ni ng t hat, t he Boss aski ng t he user na me and pass wor d one of t he st aff me mber.

Co mput er Mali ci ous Soft ware or Mal ware ( Malici ous Code or Mal code)
Co mput er mali ci ous is a soft ware t hat specifi call y desi gned t o da mage, i nt errupt, st eal, and cause
illegiti mat e acti on on value of assets of i nfor mati on syst e mresources. It is one of t he most co mmon
co mput er t hreats. Mal ware is soft ware t hat a hacker has creat ed t o da mage a l egiti mat e user’s
co mput er resources. Some of t he most commonl y known t ypes of mal ware are Masquerader,
Vi r uses, Wor ms, Tr oj ans, Backdoors, Spywar e, Ad war e bot s and Ranso m war e.
Mas querader: An i ndi vi dual who is not aut horized t o use t he comput er and who penetrat es a
syst e m's access controls to expl oit a legiti mat e user' s account.

What is Vi rus?
Vi rus is a pr ogra m made of mali ci ous code t hat can spread / pr opagat e fro m devi ce t o devi ce. It
can repli cat e itself and get s attached wit h anot her appli cati on or file. When t hat file is transferred
t o anot her comput er vi a e mail, net wor k, re moval devi ces t hey spread t o that co mput er. A virus
t ypi call y attaches itself to a pr ogra m file, or t he boot sect or of t he har d dri ve. Once t he virus
att aches itself t o t hat file or progra m t hey’re i nfect ed. When t he i nfected appli cati on or fil e
2
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
execut ed i n t he co mput er, t he virus acti vat es and execut es i n t he syst em, t hen abl e t o del et e,
dupli cat e, or corrupt t he files. When your co mput er is i nfect ed, it alters t he way your co mput er
operat es, can destroy your files, or prevent it from wor ki ng alt oget her.
Si gns of Vi rus Infecti on
It is vit al for any co mput er user t o be a ware of t hese war ni ng si gns –
 Sl ower syst e m perfor mance and Pop- ups bo mbardi ng t he screen
 Pr ogra ms runni ng on t heir own and Fil es multi pl ying/ dupli cati ng on t heir own
 Ne w files or pr ogra ms i n t he comput er and t he sound of a har d dri ve
 Fil es, fol ders or progra ms getti ng del et ed or corrupt ed What is Wor m?
Wor ms are a self-repli cati ng t ype of mal ware t hat ent er net wor ks by expl oiti ng vul nerabilities,
movi ng qui ckl y from one co mput er t o anot her. Because of t his, wor ms can pr opagat e t he msel ves
and spread ver y qui ckl y not onl y l ocall y, but have t he pot enti al t o disrupt syst e ms worl dwi de.
Unli ke a t ypi cal virus, wor ms don’t att ach t o a file or pr ogra m. Inst ead, t hey slit her and ent er
co mput ers t hrough a vul nerabilit y i n t he net wor k, self-repli cati ng and spreadi ng bef ore you’re abl e
t o re move t he wor m. Wor ms are a st andal one co mput er mal ware t hat doesn’t need any host t o
spread. It doesn’t need human hel p t o execute. Wor ms repli cat e t he msel ves and spread
aut omati call y wit h t he hel p of net wor k or user’s email account. Wor ms already have consu med all
t he resources such as Memor y, CPU, net wor k band wi dt h, or i nt errupti ng net wor k and web ser vers.
Al so abl e t o crash a co mput er or a net wor k by i ncreasi ng t he usage. Wor ms t ake advant age of a
net wor k or syst e m vul nerabilit y and i nfect t he co mput er.

Vi rus Wor m

The virus needs hu man hel p t o execut e and Wor ms aut omati call y execut e and spread.
spread.

Virus att aches itself wit h t he host and spread Wor ms don’t need a host and expl oit t he
wher e t he host reaches. vul nerabilit y of a net work t o spread.

Viruses destroy, da mage, or alt er t he files i n t he Wor ms don’t affect t he file but i ncrease t he
i nfect ed co mput er. resource usage t o crash the syst e m or net wor k.

3
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
 Virus spreadi ng speed is l ow co mpared t o Wor ms spreadi ng speed is fast, and it qui ckl y
wor ms. i nfects multi pl e co mput ers or net wor ks.

To cl ean t he i nfecti on of virus or st op its To re move t he wor m’s infecti on or prevent t he

i nfecti on, t he user needs an anti virus. i nfecti on, t he user needs anti virus and a fire wall.

Troj ans is a t ype of mal war e t hat is disgui sed as legiti mat e soft ware. Cybercri mi nal s trick users
i nt o upl oadi ng Tr oj ans ont o t heir comput er where t hey cause da mage or collect dat a. Tr oj ans are
al so known t o creat e backdoors t o gi ve mali ci ous users access t o t he syst em. Unli ke viruses and
wor ms, Tr oj ans do not repr oduce by i nfecti ng ot her files nor do t hey self-repli cat e. Tr oj ans must
spread t hr ough user i nt eracti on such as openi ng an e mail attach ment or downl oadi ng and runni ng
an execut abl e file or docu ment from t he Int ernet. We defense by avoi d downl oadi ng execut abl e
file or docu ment s fromt he untrust ed site/ sources.

Backdoor
An undocu ment ed way of accessi ng a syst e m, bypassi ng t he nor mal aut henti cati on mechani s ms.
So me backdoors are pl aced i n t he soft ware by t he ori gi nal progra mmer and ot hers are pl aced on
syst e ms t hr ough a syst em co mpr o mi se, such as a virus or wor m. Usuall y, att ackers use backdoors
for easi er and conti nued access t o a syst e m aft er it has been co mpr o mi sed. Back doors, t ypi call y,
a pass wor d, known onl y t o t he attacker t hat all ows access t o t he syst e m wit hout havi ng t o go
t hrough any securit y.
Spy ware is a pr ogra m t hat secretl y recor ds what a user does or soft ware t hat gat hers user
i nfor mati on t hr ough t he user’s Int ernet connecti on wi t hout t heir knowl edge. For exa mpl e, spywar e
coul d capt ure credit card det ails, keyl ogger, and pass wor d capt ure.
Ad ware is a soft ware t hat generat es revenue for its devel oper by aut omaticall y generati ng onli ne
advertise ment s i n t he user i nt erface of t he soft ware or on a screen present ed t o t he user duri ng t he
i nst all ati on pr ocess. The soft ware may generat e two t ypes of revenue, one is for t he displ ay of t he
advertise ment and anot her on a "pay- per-cli ck" basis if t he user clicks on t he advertise ment.
Ad ware i n short advertisi ng soft ware whi ch can be used t o spread mal ware.

4
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
Rans o mware: Mal ware whi ch l ocks down a user’s files and dat a, wit h the t hreat of erasi ng it
unl ess a ranso m ( pay ment/ money) is pai d.
Phi shi ng is when cybercri mi nal s target vi cti ms wit h e mails t hat appear t o be from a l egiti mat e
co mpany aski ng for sensiti ve i nfor mati on. Phi shi ng att acks are often used to dupe peopl e i nt o
handi ng over credit car d dat a and ot her personal inf or mati on.

De ni al-of- Servi ce Att ack ( DOS)

A deni al-of-servi ce att acker sends so many i nf ormati on requests t o a target syst e mt hat t he t ar get
cannot handl e t he m successf ull y and can crash t he entire syst e m, site down (eit her crash or hang
t he operati ng syst e m or disabl e any net wor k co mmuni cati on t o or fromt he site).
Di stri buted DoS Att acks ( DDoS): a machi ne co mpr o mi se anot her machi nes (zo mbi es) make
t he mt o partici pat e i n t he attack. Thi s group of compr o mi sed co mput ers is kno wn as zo mbi es.
Zo mbi es can operat e autono mousl y or under t he attacker’s direct control t o attack syst e ms. In t he
scanni ng pr ocess, t he attacker first seeks out a number of vul nerabl e machi nes and i nfect s t he m.
Then, t ypi call y, t he zo mbi e soft ware t hat is i nst alled i n t he i nfect ed machi nes repeat s t he sa me
scanni ng pr ocess, until a large distri but ed net wor k of i nfect ed machi nes is creat ed.

Anot her way t o cl assify DDoS att acks is as eit her di rect or reflect or DDoS attacks. In a di rect
DDoS attack ( Fi gure1. 3), t he attacker is abl e t o i mpl ant zombi e soft ware on a nu mber of sit es
di stri but ed t hroughout the Int ernet. Oft en, t he DDoS att ack i nvol ves two l evel s of zo mbi e
machi nes, mast er zombi es and sl ave zo mbi es. The host s of bot h machi nes have been i nfect ed wit h
mali ci ous code. The attacker coor di nat es and tri ggers t he mast er zombi es, whi ch i n t urn coor di nat e
and tri gger t he sl ave zombi es. The use of t wo l evels of zombi es makes it more diffi cult t o trace t he
att ack back t o its source and pr ovi des for a more resilient net wor k of attackers.

5
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
 Fi g1. 3Di rect
DDoS Att ack

Arefl ect or DDoS

att ack adds anot her layer of machi nes ( Fi gure 1. 4). In t his t ype of attack, t he sl ave zo mbi es
construct packet s requiring a response t hat cont ains t he target’s I P address as t he source I P address
i n t he packet’s I P header. These packet s are sent to uni nfect ed machi nes kno wn as refl ect ors. The
uni nfect ed machi nes respond wit h packets direct ed at t he t arget machi ne. Arefl ect or DDoS att ack
can easil y i nvol ve mor e machi nes and mor e traffic t han a direct DDoS att ack and hence be mor e
da magi ng. Furt her, tracing back t he attack or filteri ng out t he att ack packet s is more diffi cult
because t he attack co mes from wi del y dispersed uni nfect ed machi nes

6
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
 Fi g1. 4 Refl ect or DDoS Att ack
Types of fl oodi ng based DDoS Att ack
DDoS Count er meas ures
In general, t here are t hree li nes of defense agai nst DDoS att acks.
Att ack preventi on and pree mpti on ( bef ore t he att ack): These mechani sms enabl e t he vi cti mt o
endure attack atte mpt s wi t hout denyi ng servi ce t o legiti mat e clients. Techni ques i ncl ude enf orci ng
poli ci es for resource consu mpti on and pr ovi di ng backup resources availabl e on de mand. In
additi on, preventi on mechani s ms modify syst ems and pr ot ocol s on t he Int ernet t o reduce t he
possi bilit y of DDoS att acks.

Att ack detecti on and filteri ng ( duri ng t he attack): These mechani s ms att e mpt t o det ect t he
att ack as it begi ns and respond i mmedi at el y. Thi s mi ni mi zes t he i mpact of the att ack on t he t arget.
Det ecti on i nvol ves l ooking for suspi ci ous patt erns of behavi or. Response i nvol ves filteri ng out
packet s li kel y t o be part of t he att ack.

Att ack source trace back and i dentifi cati on ( duri ng and after t he attack): Thi s is an att e mpt
t o i dentify t he source of the att ack as a first st ep i n preventi ng fut ure att acks. However, t his met hod
t ypi call y does not yi el d results fast enough, if at all, t o miti gat e an ongoi ng attack. The chall enge
i n copi ng wit h DDoS attacks is t he sheer nu mber of ways i n whi ch t hey can operat e. Thus DDoS
count er measures must evol ve wit h t he t hreat.

Security Att ack Vs Security Threat

The mai n difference between t hreat and att ack is a t hreat can be eit her i nt enti onal or uni nt enti onal
wher e as an att ack is i nt enti onal. Co mput er securit y t hreats are anyt hi ng t hat has t he pot enti al t o
cause har m on val ue of assets of i nfor mati on syst e m resources, whereas attack is atte mpt ed t o
cause da mage. Threat t o the i nf or mati on syst e mresource doesn’t mean i nf or mati on was alt ered or
da maged but attack on the i nf or mati on syst e m means t here mi ght be chance t o alter, da mage, or
obt ai n i nfor mati on when att ack was successful. Asecurit y t hreat is t he expressed pot enti al for t he
occurrence of an att ack. A securit y att ack is an acti on t aken agai nst a target wit h t he i nt enti on of
doi ng har m.
Co mmon Security Att acks
 Interrupti on: The syst ems beco me unusabl e after t his attack by t he unaut hori zed users
whi ch results i n t he wastage of syst e ms.
7
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
  Intercepti on: The dat a or message whi ch is sent by t he sender is i nt ercept ed by an
unaut hori zed i ndi vi dual wher e t he message will be used by t he i ndi vi dual for his mali ci ous
pr ocess.
 Mo di fi cati on: The message whi ch is sent by the sender is modi fi ed and sent t o t he
desti nati on by an unaut hori zed user. The i nt egrity of t he message is l ost by t his t ype of
att ack.
 Fabri cati on: In t his t ype of attack a fake message is i nserted i nt o t he net wor k by an
unaut hori zed user as if it is a vali d user. This results i n t he l oss of confi denti alit y,
aut henti cit y and i nt egrit y of t he message.
Co mmon Security Att acks

Fi g1. 5 Co mmon Att ack

Acti ve Att ack and Passive Att ack

Co mput er securit y att acks are t hat compr o mi se t he securit y of t he syste m. Concept uall y, t he
securit y attacks can be cl assifi ed i nt o t wo t ypes t hat are acti ve and passi ve att acks wher e t he
att acker gai ns illegal access t o t he syst e m’s resources. Acti ve Att acks:
Acti ve attacks are t he t ype of attacks i n whi ch, t he att acker efforts t o change or modify t he cont ent
of messages. Acti ve Attack is danger for Int egrit y as well as avail abilit y. Due t o acti ve att ack
syst e mis al ways da maged and Syst e mresources can be changed. The most i mport ant t hi ng is t hat,
i n acti ve att ack, Vi cti m get s i nfor med about t he attack.

8
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
Acti ve attacks i nvol ve some modifi cati on of t he dat a strea m or t he creati on of a false strea m and
can be subdi vi ded i nt o four cat egori es: masquerade, repl ay, modifi cati on of messages, and deni al
of servi ce. A masquerade t akes pl ace when one entit y pret ends t o be a different entit y. A
mas querade attack usuall y i ncl udes one of t he ot her for ms of acti ve attack. For exa mpl e,
aut henti cati on sequences can be capt ured and replayed aft er a vali d aut henti cati on sequence has
taken pl ace, t hus enabli ng an aut hori zed entit y wit h fe w pri vil eges t o obtai n extra pri vil eges by
i mpersonati ng an entit y that has t hose pri vil eges.

Passi ve Att acks:

Passi ve attacks are ver y diffi cult t o det ect because t hey do not i nvol ve any alterati on of t he dat a.
Passi ve Att acks are t he type of attacks i n whi ch, the att acker obser ves t he cont ent of messages or
copy t he cont ent of messages. Passi ve Att ack is danger for Confi denti alit y. Due t o passi ve
att ack, t here is no any har mt o t he syst e m. The most i mport ant t hi ng is t hat i n passi ve att ack,
Vi cti m does not get i nforme d about t he attack.

9
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
Generall y, t he maj or difference bet ween acti ve and passi ve attacks is t hat i n acti ve att acks t he
att acker i nt ercept s t he connecti on and modifi es t he i nfor mati on. Whereas, i n a passi ve attack, t he
att acker i nt ercept s t he transit i nfor mati on wit h t he i nt enti on of reading and anal yzi ng t he
i nfor mati on not for alt ering it. Passi ve att acks are in t he nat ure of eavesdr oppi ng on, or monit ori ng
of, trans mi ssi ons. The goal of t he opponent is t o obt ai n i nfor mati on t hat is bei ng trans mitt ed. Two
t ypes of passi ve attacks are rel ease of message cont ents and traffi c anal ysis.
The read t he cont ent of t he message and rel ease of message cont ent s is easil y underst ood. A
tel ephone conversati on, an el ectroni c mail message, and a transferred file may cont ai n sensiti ve or
confi denti al i nfor mati on. We woul d li ke t o prevent an opponent froml ear ni ng t he cont ent s of t hese
trans mi ssi ons.
Obs erve pattern of t he cont ent of t he message traffi c anal ysis
A second t ype of passi ve att ack, traffi c anal ysis, is subtl er. Suppose t hat we had a way of maski ng
t he cont ents of messages or ot her i nfor mati on traffic so t hat opponent s, even if t hey capt ured t he
message, coul d not extract t he i nfor mati on fromthe message. The co mmon t echni que for maski ng
cont ent s is encr ypti on. If we had encr ypti on pr ot ecti on i n pl ace, an opponent mi ght still be abl e t o
obser ve t he patt ern of t hese messages. The opponent coul d det er mi ne t he locati on and i dentit y of
co mmuni cati ng hosts and coul d obser ve t he frequency and l engt h of messages bei ng exchanged.
Thi s i nfor mati on mi ght be usef ul i n guessi ng t he nat ure of t he co mmuni cati on t hat was t aki ng
pl ace.

10
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
 Di fference bet ween Active Att ack and Passi ve Att ack:
Acti ve Att ack Passi ve Att ack

1.
In acti ve attack, Modifi cati on i n i nfor mati on Whi l e i n passi ve attack, Modi fi cati on i n t he
take pl ace. i nfor mati on does not take pl ace.

2. Acti ve Att ack is danger for Integrity as well Passi ve Att ack is danger for Confi denti ality.
as avail ability.

3. In acti ve attack attenti on is on det ecti on. Whi l e i n passi ve attack attenti on is on preventi on.

4. Due t o acti ve attack syst em i s al ways Whi l e due t o passi ve attack, t here is no any har m
da maged. t o t he syst e m.

5. In acti ve attack, Vi cti m get s i nfor med about Whi l e i n passi ve attack, Vi cti m does not get
t he att ack. i nfor med about t he attack.

6. In acti ve attack, Syst e mresources can be Whi l e i n passi ve attack, Syst e mresources are not
changed. change.

Cl ass of Att acks

The t hree co mmon cl asses of att ack are access, reconnai ssance, and DoS
Access Att acks
An access attack is an attackers atte mpt t o access anot her user account or net wor k devi ce by
unaut hori zed subj ects if t hat resource is left vul nerabl e t o attacker. A resource ad mi ni strat or is
responsi bl e for ensuri ng that onl y aut hori zed users’ access t hat resources. Unaut hori zed attacks are
att e mpt ed vi a four means, such t hat pass wor d att acks, trust expl oit ati on, port redirecti on, and man-
i n-t he- mi ddl e att acks.
Pass word Att acks
Li ke a good i dea t o keep your pass wor ds si mpl e or t o writ e t he m down, both practi ces are hi ghl y
di scouraged t hus, an att acker mi ght atte mpt a l ogin wit h false credenti als. Not except all attackers

11
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
are ext er nal users, most successf ul attacks have co me from i nt ernal company e mpl oyees.
Theref ore, make it har der t o guess your pass wor d, is good for pass wor d i nt egrit y is necessar y. And
changi ng pass wor ds every ti me an e mpl oyee l eaves t he co mpany or i n a given ti me peri od (ever y
90 days) woul d also hel p prot ect l ogi n credenti als.

Tr ust Expl oitati on ( Trust Abuse)

Tr ust expl oit ati on can occur i n one of t wo ways. o Reli ance
on t he trust a client has in a server o Reli ance on
t he trust t he ser ver has i n t he cli ent
Ser vers t hat communi cate from t he DMZ and t he i nt ernal net wor k may have a trust rel ati onshi p
est ablished. The i nt ernal devi ces may be set up t o trust i nfor mati on t hat is recei ved fro m a DMZ
ser ver. Mostl y an att acker can access t he DMZ and t hen co mpr o mi se t he DMZ ser ver and i niti at e
a connecti on t o t he i nt ernal net wor k.
Port Redi recti on
Port redirecti on is a form of trust expl oit ati on i n whi ch t he untrust wort hy source uses a machi ne
wi t h access t o t he i nt ernal net wor k t o pass traffi c thr ough a port on t he firewall or access contr ol
list ( ACL). The port i n questi on nor mall y deni es traffi c, but wit h redirecti on the att acker can bypass
securit y measures and open a t unnel for communi cati on.

Ma n-i n-t he- Mi ddl e Attacks

A man-i n-t he- mi ddl e attack happens when a hacker eavesdr ops or listens for net wor k traffi c and
i nt ercept s a dat a trans mi ssi on. Aft er t he trans mi ssi on is i nt ercept ed, t he untrust wort hy host can
positi on itself bet ween t he t wo co mmuni cati ng hosts, i nt erpret t he dat a, and st eal i nf or mati on fro m
t he packet s sent. The hacker can also t ake over t he sessi on and refor mat t he packet s t o send
i nfor mati on t o eit her or bot h co mmuni cati ng parties. In t his sit uati on, it is possi bl e for t he hacker
t o capt ure credenti als, hijack a sessi on, or i nsti gat e a DoS att ack. Dat a sessi ons are more vul nerabl e
when t he packet s are left i n cl ear-t ext for mat and can be read wit hout additional decr ypti on by t he
hu man eye. Pr oper dat a encr ypti on, wit h t he use of an encr ypti on pr ot ocol, makes t he capt ured
dat a usel ess.
12
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
Reconnai ssance Att acks
When I hear t he wor d reconnai ssance, I t hi nk of a mi lit ary reconnai ssance mi ssi on. The sol di er is
sent out t o gat her i mportant i nfor mati on about an area of i nt erest. The sa me hol ds true for a
reconnai ssance attack on a co mput er net wor k. The hacker sur veys a net work and coll ects dat a for
a fut ure att ack. I mport ant i nfor mati on t hat can be co mpil ed duri ng a reconnaissance att ack i ncl udes
t he foll owi ng:
 Ports open on a server
 Ports open on a fire wall
 I P addresses on t he host net wor k
 Host na mes associ at ed wi t h t he I P addresses
There are four co mmon tool s used for reconnai ssance attacks are packet sniffers (also kno wn as
net wor k monit ors), pi ng s weeps, port scans, and inf or mati on queri es.
Packet Sniffers
A packet sniffer may also be call ed a net wor k anal yzer, packet anal yzer, or Et her net sniffer. The
packet sniffer may be either a soft ware pr ogra m or a pi ece of har dware with soft ware i nst all ed i n
it t hat capt ures traffi c sent over t he net wor k, whi ch is t hen decoded and anal yzed by t he sniffer.
Net wor k ad mi ni strat ors i nst all monit ors on dedicat ed machi nes or on t heir wor kst ati ons when
needed. A co mmon softwar e pr ogra m avail abl e today is Wireshar k, for merl y known as Et hereal.
Pi ng Sweeps
As you may recall, pi ng enabl es you t o vali dat e that an I P address exists and can accept request s
by sendi ng an echo request and t hen waiti ng for an echo repl y. A pi ng s weep t ool can send an echo
request t o nu mer ous host IP addresses at t he sa me ti me t o see whi ch host(s) respond(s) wit h an
echo repl y. Port Scans
A port scanner is a soft ware pr ogra mt hat sur veys a host net wor k for open ports. Because ports are
associ at ed wit h appli cations, t he hacker can use the port and appli cati on i nfor mati on t o det er mi ne
a way t o att ack t he net work. As menti oned, t hese pr ogra ms can be used by a t hird part y t o audit a
net wor k as well as bei ng used by a hacker for malici ous i nt ent.

13
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
De ni al of Servi ce ( DoS) Att acks
DoS att acks are often i mpl e ment ed by a hacker as a means of denyi ng a ser vi ce t hat is nor mall y
avail abl e t o a user or or gani zati on. For exa mpl e, users mi ght be deni ed access t o e mail as t he result
of a successful DoS att ack. DoS can also be i n t he for m of a distri but ed DoS ( DDoS) att ack, TCP
SYN att ack, or s murf attack.
Di stri buted DoS ( DDoS)
Wi t h distri but ed DoS, multi pl e syst e ms are compr o mi sed t o send a DoS attack t o a specifi c target.
The co mpr o mi sed syst ems are commonl y call ed zombi es or sl aves. As a result of t he attack, t he
target ed syst e m deni es servi ce t o vali d users.
Sessi on Est ablishme nt.
In a TCP SYN att ack, a SYN request is sent t o a devi ce wit h a spoofed source I P address. The
att acki ng syst e m does not acknowl edge t he resulti ng SYN- ACK, whi ch causes t he sessi on
connecti on queues t o fill up and st op t aki ng new connecti on requests. TCP i nt ercept can be
confi gured on a rout er t o bl ock a TCP SYN att ack. Thi s enabl es t he rout er t o ter mi nat e any sessi ons
t hat have not been est ablished wit hi n an all ott ed time fra me.
S murf Att ack
Wi t h a s murf attack, mul ti pl e br oadcast pi ng requests are sent t o a si ngl e target from a spoofed I P
address. Addi ng t he no ip direct ed- br oadcast comma nd t o a rout er mi ght hel p miti gat e a pot enti al
s murf att ack

Hac kers Vs Crackers

The Hackers and t he Crackers are exactl y (precisel y) t he peopl e who have ext ensi ve kno wl edge
about t he comput ers and net wor ks rangi ng from ho w t hey are built, how t hey wor k, t he
pr ogra mmi ng, t he codes and ever yt hi ng else t hat rel at es t o t he securit y. The t wo wor k for opposit e
i nt erests. Whil e one may wor k for good t he ot her wor ks co mpl et el y for mali ci ous and cri mi nal
reasons.
In si mpl er ter ms, a hacker is someone who uses hi s/ her skills and knowl edge t o i dentifi es/ fi nd
vul nerabilities i n co mputer syst e ms and hel ps impr ove and pat ch t hose vul nerabilities. The
14
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
kno wl edge t hey possess about progra mmi ng, vari ous comput er languages, code and general
co mput er securit y is advanced and used for morall y good pur poses. They’re nor mall y securit y
pr ofessi onal s who can be hired by or gani zati ons to try and break i nt o t heir syst e ms, t o audit DNS
and t heir net wor ks so t hey can i dentify any fl a ws t hey may have. The hackers on t he ot her hand
are t he i nt ernet securit y experts who may even be hired for l ocati ng and i dentifyi ng t he l oophol es
i n t he i nt ernet securit y syst e ms and fi x t hese l oophol es and fl a ws. The hackers use t heir kno wl edge
t o hel p securit y syst e ms.
Cr ackers is someone who uses his/ her skills and kno wl edge atte mpt s t o breach t he i nt ernet securit y
and disrupt syst e m securit y t o st eal credit card i nfor mati on (fi nanci al) or t o get pri vat e dat a t o sell
it or t o si mpl y destroy the dat a or for illegal activit y. A cracker is some one who unet hi call y
att e mpt s t o access co mput er syst e ms wit hout authori zati on. The crackers usuall y gai n i nt er net
access or vari ous soft ware or Apps, wit hout t he kno wl edge or per mi ssi on of t he syst e m owners
and wit hout payi ng payme nt s and uses for t he pur pose of appeali ng i n illegal acti vities. The t wo
are someti mes call ed as Whi t e Hat s and Bl ack Hat s. The Hackers bei ng the good guys are call ed
whit e hats whil e bl ack hats usuall y refer t o t he crackers who vi ol at e co mput er securit y for personal
gai ns. They l ook for backdoors i n pr ogra ms and syst e ms, expl oit t hose backdoors, and st eal pri vat e
i nfor mati on for use i n a mali ci ous way.
There are t hree groups of Hackers
A whit e hat hacker, upon fi ndi ng some fl a wi n a syst e m, will report t he fl aw t o t he vendor of t hat
syst e m ( pr obabl y anonymousl y) and expl ai n exactl y what t he fla w is and how it was expl oit ed.
Whi t e hat hackers, also call ed Sneakers, are often hired specifi call y by co mpani es t o do penetrati on
tests. The EC Council even has a certificati on test for whit e hat hackers, t he Certified Et hi cal
Hacker test.
A bl ack Hat Hacker is t he person nor mall y depict ed i n t he medi a. Once s/ he gai ns access t o a
syst e m, her/ his goal is t o cause some t ype of har m. S/ he mi ght st eal dat a, erase files, et c. Bl ack hat
hackers are someti mes referred t o as crackers. Cr acki ng is hacki ng conduct ed for mali ci ous
pur poses
A gray hat hacker is nor mall y a la w- abi di ng citizen, but i n some cases will vent ure i nt o illegal
acti vities

15
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C
Scri pt Ki ddi es: A hacker is an expert i n a gi ven syst e m, as wit h any pr ofession it i ncl udes its share
of frauds. So, what is t he t er m f or someone who calls hi mself or herself a hacker but lacks t he
expertise? The most common t er m f or t his sort of person is scri pt ki ddy. The na me co mes fro m
t he fact t hat t he Int ernet is full of utilities and scri pts t hat one can downl oad t o perf or m so me
hacki ng t asks
Phreaki ng: One speci alty t ype of hacki ng i nvol ves breaki ng i nt o tel ephone syst e ms. It is “t he
acti on of usi ng mi schi evous and mostl y illegal ways i n or der t o not pay for some sort of
tel eco mmuni cati ons bill, order, transfer, or ot her servi ce”. Phreaki ng requires a si gnifi cant
kno wl edge of tel eco mmuni cati ons.
Moti ve of Att ackers
There are t hree cat egories of moti vati on, political moti vati ons, economi c moti vati ons and
soci ocult ural moti vati ons.
 Political moti vati ons: exa mpl es i ncl ude destroyi ng, disrupti ng, or taking control of
targets; espi onage; and maki ng political st at e ment s, prot ests, or ret aliat or y acti ons.
 Econo mi c moti vati ons: exa mpl es i ncl ude t heft of i nt ellect ual propert y or ot her
econo mi call y val uabl e assets (e. g., funds, credit card i nf or mati on), fraud, i ndustri al
espi onage and sabot age, and bl ack mail.
 Soci o-cult ural moti vations: exa mpl es i ncl ude att acks wit h phil osophi cal, t heol ogi cal,
political, and even huma nit ari an goal s. Soci o-cult ural moti vati ons also i ncl ude fun,
curi osit y, and a desire for publi cit y or ego gratificati on.

16
Co mputer Security _ Co mpiled - Zufan W
. OBU- - 2016 _E. C