June 10th, 2007, 03:45 PM
Types of hacking attacks
Hi friends........i'm doing a project in Network Security, and my prof has asked me to learn about various types of attacks.........since it is such a large field i'm having trouble finding appropriate resources..........can someone plz help me out here
June 10th, 2007, 03:56 PM
Welcome to the Antionline community!
I am not a software security expert, but I am found it in google.
There are five forms of attacks commonly used against computers and networks, according to Aaron Turpen, in his article 'Hacker Prevention Techniques.'
1. Distributed Denial of Service (DDoS) attacks
* usually aimed at networks by third party systems (typically, compromised systems lacking security that unwittingly become hacker accomplices)
* focuses on open ports and connections in the network or system
* they undermine the network by flooding it with requests and "pings," thereby causing one or more systems and their resources to shut down or crash
* major systems usually recover from such attacks easily and completely
2. Trojan Horse
* software disguised as something else (typically useful shareware or freeware) and so are installed in your system consciously
* it either contains
o a "back door," (which allows others to enter your system, and do what they want with it, while you're using the software), or
o a "trigger," (sets itself off when triggered, either by a date or a time or a series of events, etc., and cause your system to shut down or attack other computers; can be part of a DDoS attack
* SpyWare is a less malicious version (it fills commonly-used form fields for you while also collecting information to send to advertisers and marketing companies)
* difficult to detect
* most common
* primary concern is to replicate and spread itself, and then destroy or attempt an attack on the host system
* examples include: I Love You; Crazy Boot, Cascade; Tequila; Frodo
4. Websites - malicious sites that use known security holes in certain Web technologies to trigger your web browser to perform unwanted functions in your system (ex. an older version of ActiveX had a "hole" that allowed content in any one folder or directory on your hard drive to be automatically uploaded to a web directory or emailed to a receiver)
* it consumes resources (quietly) until the system finally becomes overloaded and ceases to function
* a combination of a DDoS and a virus attack
* usually reproduces as often as possible to spread as widely as they can
* typically built for a certain type of system and is benign to all others
* commonly aimed at larger systems (mainframes, corporate networks, etc.); some are built to "consume" data and filter it back out to unauthorized users (i.e. corporate spies)
* examples are Sobig and Mydoom
Hope others guys can help you.
Last edited by AarzaK; June 10th, 2007 at 04:12 PM.
June 10th, 2007, 04:29 PM
Welcome to AO! I would say Aarzak gave you a pretty definitive list there. Not much to add. Well done Aarzak.
June 10th, 2007, 04:34 PM
thnx for the quick reply..............another thing i wanted to ask is that my prof has also asked me to implement some of these attacks , but without using any tools , and my knowledge in this field is somewhat limited to socket programming in C and creating sniffers, scanners.........so what else do i need to know in this field
Do the above 5 forms of attack cover the entire range..........moreover i sort of need a detailed info on these..........hope u can help a bit more..........thnx
June 10th, 2007, 06:55 PM
Nice move to get someone to explain how to hack ...
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
June 10th, 2007, 08:07 PM
I'm going to have to agree with cider. Professors will not usually ask you to do something that has not already been covered in a course.
"I have died, I will die, It's alright, I don't mind"
June 10th, 2007, 10:46 PM
If it bothers you that badly then why do you two feel so compelled to announce that you are annoyed by his questions... to which you really have nothing to add beyond your complaints anyway. I don't think this is the sort of behavior associated with intellectual computer users.
If you could (for example) hook the winsock librarys then surely you could host web-based scripts which are open to SQL injection, remote file inclusion, and XSS then exploit these flaws with nothing but a browser.
and my knowledge in this field is somewhat limited to socket programming in C and creating sniffers
Last edited by rlt; June 11th, 2007 at 03:23 AM.
June 11th, 2007, 01:09 AM
Most quite simply due to the fact that this board is plagued with "how do i hack x" posts. Mabey I was entirely wrong and the class is teaching theoretical network security and asking for students to show examples from research materials that were not offered by the course.
"I have died, I will die, It's alright, I don't mind"
June 11th, 2007, 01:29 AM
And that really is the point, and the most difficult thing for us to ascertain here. Is the question really a security question, or a hacking question masquerading as one? The line can become almost invisible sometimes, but we still have to try to find it.
June 11th, 2007, 01:39 AM
to websites i would recommened you take a looksie at.
By qod in forum The Security Tutorials Forum
Last Post: February 27th, 2004, 03:03 AM
By gore in forum Newbie Security Questions
Last Post: December 29th, 2003, 08:01 AM
By NullDevice in forum The Security Tutorials Forum
Last Post: December 17th, 2003, 10:03 PM
By -DaRK-RaiDeR- in forum AntiOnline's General Chit Chat
Last Post: January 10th, 2003, 07:10 PM