Types of hacking attacks

[VeerGiant]

Hi friends........i'm doing a project in Network Security, and my prof has asked me to learn about various types of attacks.........since it is such a large field i'm having trouble finding appropriate resources..........can someone plz help me out here

[AarzaK]

Hello!

Welcome to the Antionline community!

I am not a software security expert, but I am found it in google.

http://www.crucialp.com/resources/tu...ow-and-why.php


There are five forms of attacks commonly used against computers and networks, according to Aaron Turpen, in his article 'Hacker Prevention Techniques.'

1. Distributed Denial of Service (DDoS) attacks
* usually aimed at networks by third party systems (typically, compromised systems lacking security that unwittingly become hacker accomplices)
* focuses on open ports and connections in the network or system
* they undermine the network by flooding it with requests and "pings," thereby causing one or more systems and their resources to shut down or crash
* major systems usually recover from such attacks easily and completely

2. Trojan Horse
* software disguised as something else (typically useful shareware or freeware) and so are installed in your system consciously
* it either contains
o a "back door," (which allows others to enter your system, and do what they want with it, while you're using the software), or
o a "trigger," (sets itself off when triggered, either by a date or a time or a series of events, etc., and cause your system to shut down or attack other computers; can be part of a DDoS attack
* SpyWare is a less malicious version (it fills commonly-used form fields for you while also collecting information to send to advertisers and marketing companies)
* difficult to detect
3. Virus
* most common
* primary concern is to replicate and spread itself, and then destroy or attempt an attack on the host system
* examples include: I Love You; Crazy Boot, Cascade; Tequila; Frodo
4. Websites - malicious sites that use known security holes in certain Web technologies to trigger your web browser to perform unwanted functions in your system (ex. an older version of ActiveX had a "hole" that allowed content in any one folder or directory on your hard drive to be automatically uploaded to a web directory or emailed to a receiver)
5. Worm
* it consumes resources (quietly) until the system finally becomes overloaded and ceases to function
* a combination of a DDoS and a virus attack
* usually reproduces as often as possible to spread as widely as they can
* typically built for a certain type of system and is benign to all others
* commonly aimed at larger systems (mainframes, corporate networks, etc.); some are built to "consume" data and filter it back out to unauthorized users (i.e. corporate spies)
* examples are Sobig and Mydoom


Hope others guys can help you.

Cheers,


AarzaK

[JPnyc]

Welcome to AO! I would say Aarzak gave you a pretty definitive list there. Not much to add. Well done Aarzak.

[VeerGiant]

thnx for the quick reply..............another thing i wanted to ask is that my prof has also asked me to implement some of these attacks , but without using any tools , and my knowledge in this field is somewhat limited to socket programming in C and creating sniffers, scanners.........so what else do i need to know in this field
Do the above 5 forms of attack cover the entire range..........moreover i sort of need a detailed info on these..........hope u can help a bit more..........thnx

[Cider]

Nice move to get someone to explain how to hack ...

[shatteredsoul]

I'm going to have to agree with cider. Professors will not usually ask you to do something that has not already been covered in a course.

[rlt]

If it bothers you that badly then why do you two feel so compelled to announce that you are annoyed by his questions... to which you really have nothing to add beyond your complaints anyway. I don't think this is the sort of behavior associated with intellectual computer users.

and my knowledge in this field is somewhat limited to socket programming in C and creating sniffers

If you could (for example) hook the winsock librarys then surely you could host web-based scripts which are open to SQL injection, remote file inclusion, and XSS then exploit these flaws with nothing but a browser.

[shatteredsoul]

Most quite simply due to the fact that this board is plagued with "how do i hack x" posts. Mabey I was entirely wrong and the class is teaching theoretical network security and asking for students to show examples from research materials that were not offered by the course.

[JPnyc]

And that really is the point, and the most difficult thing for us to ascertain here. Is the question really a security question, or a hacking question masquerading as one? The line can become almost invisible sometimes, but we still have to try to find it.

[t34b4g5]

to websites i would recommened you take a looksie at.

http://www.0x000000.com/?

http://milw0rm.com