Intrusion by hook or
ACCORDING to a survey by webstats.com, an average individual nowadays gets the same amount of information in a single day, what an 19th century man used to get in his whole life. It’s not easy to hang out there in the ‘Infinity void’ as unknown dangers lurk from the sinister nooks and corners of the Net.
There are all types of Netizens — from researchers to rookies, from thieves to psychos. The WWW gives colossal freedom and no central authority. It’s this order that attracts baddies. The hackers can wreak mayhem on a PC with their custom-made scripts. He is the modern criminal, which the media calls cyber criminal. Even the Indian defence ministry has released information warfare brochure to offset cyber terrorism (and chiefly to counter the increasing attacks on Indian servers). Essentially, no firewall or IDS (Intrusion Detection System) can impede him; hence you have to fight your own war. This war is just akin to any other war with the same tactics used.
Here are some pre-emptive attacks. These full-fledged attacks can be divided in phases with each one comprising special tricks and techniques:
1. Recon phase: In this the victim host is scanned for information, which might prove out to be the loophole to be exploited to gain unauthorised access. Victim is scanned for services running, the operating system and any other fact, which might lead to his apprehension. NESSUS is the best free stealth scanner available on the Internet.
2. Mapping phase: This involves mapping of the information gathered with some databases to find some solid loopholes and vulnerabilities. The most commonly used databases are CERT (Computer Emergency Response Team) advisories and Bugtraq. These advisories are then customised for that specific victim system if required.
3. Let loose phase: Now the stockpile collected is let loose on the system. Various exploits are executed to gain leveraged access. Required job like stealing passwords or credit card numbers is done and then crackers bail out.
4. Retro phase: A fine perpetrator always destroys evidence, which could lead to his identification. The best way is to reiterate. Like deletion of log files or disabling of file system integrity checkers.
Some methods that are used.
1. Buffer overflow: This is the nightmare of all programmers. In a programming language like C, variables declared store the required data in memory. Every variable can store some fixed amount of data. If some more data is assigned to a variable than can be handled, the program crashes. Then the attacker overwrites memory stack of the program with custom-made payload, the next instruction pointer is then made to point to the address of this payload, which when executed leads to the desired privileged access .The Plug n Play vulnerability in Windows XP in 2002 was due to a buffer overflow.
2. Spoofing: Spoofing basically means to steal someone's identity. In this attack the general methods used is to exploit the notion of trust between two computers. Trust means two computers can use each other’s resources without any authentication. The trust is established via a file or a database. In this method the attacker spoofs the identity of a trusted computer and then gains access. The victim checks the target's request for access from a file or a database and then allows him to go on. The most famous spoofing attack is the rhosts attack.
3. Man in the middle attack: In this method, the attacker spies on a previously established connection. When the time is ripe, hijacks the connection for misuse. This method requires a lot of practice and time. First, the attacker spies on a previously established connection to get the connection details like sequence numbers of SYN packets transferred during the initial TCP handshake. After getting some initial sequences of SYN packets attacker starts sending fake packets with incrementing sequence numbers, even if one of the packets gets in the server, the attacker hijacks the connection. The attacker has to take care of the real requesting client also. This is done by generally flooding him and consequently it chokes out. The best software for session hijacking is Juggernaut. Another method is to spy on the connection for credentials like password or credit card numbers by sniffing the packets being transferred.