Intrusion Detection Systems
An IDS's primary role is to ward off attacks by either terminating or resetting the sessions. Its secondary role is to record (log) events and incidents occurring in the network. There are two types of IDSs: host-based and network-based. A host-based IDS is specific to a host; and a network-based IDS is for the entire network.
IDSs ward off attacks or recognize attacks or intrusions through a database that has a list of attacks and intrusions to date. These are called attack signatures. An attack signature is defined as features of network traffic, either in the heading of a packet or in pattern of a group of packets, which distinguish it from legitimate traffic. For example, source and destination packets with similar IP addresses can be set as an attack signature. An IDS can detect all attacks that have the same source and destination IP addresses, based on attack signatures; ward off the traffic (not allow it to pass); and record the event with the requisite date stamps and other relevant information for future analysis. IDSs are configured with a set of attack signatures. If the pattern of the attack and that of the attack signature matches, then the IDS triggers an action that resets (terminates) the attacker's session.
Denial of Services (DoS)
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
Methods of attack
1 ICMP flood
2 Teardrop Attacks
3 Peer-to-peer attacks
4 Permanent denial-of-service attacks
5 Application level floods
6 Nuke
7 Distributed attack
8 Reflected attack
9 Degradation-of-service attacks
10 Unintentional denial of service
11 Denial-of-Service Level II
12 Blind denial of service
Joyrider
who is wearing just trying how to hacking.
Vandal
Type of attack damage specialist!? nothing else to explain..!!!
Scorekeeper
just wanted to show off, now attackers who use this methods often called WannaBe or Script kiddies.
Spy
to obtain data or confidential or secret information of the target machine, attack on the machines with the database application inside.
___________________________________________________________________
1. IP Spoofing
IP spoofing can also be a method of attack used by network intruders to defeat network security measures, such as authentication based on IP addresses. This method of attack on a remote system can be extremely difficult, as it involves modifying thousands of packets at a time. This type of attack is most effective where trust relationships exist between machines.
2. FTP Attack
is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request. This technique can be used to port scan hosts discreetly, and to access specific ports that the attacker cannot access through a direct connection. nmap is a port scanner that can utilize an FTP bounce attack to scan other servers. Nowadays, nearly all FTP server programs are configured by default to refuse PORT commands that would connect to any host but the originating host, thwarting FTP bounce attacks.
3. Unix Finger Exploits
The information generated from this finger to minimize efforts to penetrate a cracker system. Personal information about the user finger raised by this daemon is enough for atacker to conduct a social engineering using social skillnya to utilizing user to 'tell' passwords and access codes to the system
4. Flooding & Broadcasting
5. Fragmented Packet Attacks
6. E-mail Exploits
7. DNS and BIND Vulnerabilities
8. Password Attacks
9. Proxy Server Attacks
10. Remote Command Processing Attacks
11. Remote File System Attack
12. Selective Program Insertions
13. Port Scanning
14. TCP/IP: Sequence Stealing, Passive Port Listening and Packet Interception
15. HTTPD Attacks
An IDS's primary role is to ward off attacks by either terminating or resetting the sessions. Its secondary role is to record (log) events and incidents occurring in the network. There are two types of IDSs: host-based and network-based. A host-based IDS is specific to a host; and a network-based IDS is for the entire network.
IDSs ward off attacks or recognize attacks or intrusions through a database that has a list of attacks and intrusions to date. These are called attack signatures. An attack signature is defined as features of network traffic, either in the heading of a packet or in pattern of a group of packets, which distinguish it from legitimate traffic. For example, source and destination packets with similar IP addresses can be set as an attack signature. An IDS can detect all attacks that have the same source and destination IP addresses, based on attack signatures; ward off the traffic (not allow it to pass); and record the event with the requisite date stamps and other relevant information for future analysis. IDSs are configured with a set of attack signatures. If the pattern of the attack and that of the attack signature matches, then the IDS triggers an action that resets (terminates) the attacker's session.
Denial of Services (DoS)
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
Methods of attack
1 ICMP flood
2 Teardrop Attacks
3 Peer-to-peer attacks
4 Permanent denial-of-service attacks
5 Application level floods
6 Nuke
7 Distributed attack
8 Reflected attack
9 Degradation-of-service attacks
10 Unintentional denial of service
11 Denial-of-Service Level II
12 Blind denial of service
Joyrider
who is wearing just trying how to hacking.
Vandal
Type of attack damage specialist!? nothing else to explain..!!!
Scorekeeper
just wanted to show off, now attackers who use this methods often called WannaBe or Script kiddies.
Spy
to obtain data or confidential or secret information of the target machine, attack on the machines with the database application inside.
___________________________________________________________________
1. IP Spoofing
IP spoofing can also be a method of attack used by network intruders to defeat network security measures, such as authentication based on IP addresses. This method of attack on a remote system can be extremely difficult, as it involves modifying thousands of packets at a time. This type of attack is most effective where trust relationships exist between machines.
2. FTP Attack
is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request. This technique can be used to port scan hosts discreetly, and to access specific ports that the attacker cannot access through a direct connection. nmap is a port scanner that can utilize an FTP bounce attack to scan other servers. Nowadays, nearly all FTP server programs are configured by default to refuse PORT commands that would connect to any host but the originating host, thwarting FTP bounce attacks.
3. Unix Finger Exploits
The information generated from this finger to minimize efforts to penetrate a cracker system. Personal information about the user finger raised by this daemon is enough for atacker to conduct a social engineering using social skillnya to utilizing user to 'tell' passwords and access codes to the system
4. Flooding & Broadcasting
5. Fragmented Packet Attacks
6. E-mail Exploits
7. DNS and BIND Vulnerabilities
8. Password Attacks
9. Proxy Server Attacks
10. Remote Command Processing Attacks
11. Remote File System Attack
12. Selective Program Insertions
13. Port Scanning
14. TCP/IP: Sequence Stealing, Passive Port Listening and Packet Interception
15. HTTPD Attacks