earthweb.com/reference/pro/1928994024/ch07/07-01.html (2 of 3) [8/3/2000 6:53:57 AM]
Configuring Windows 2000 Server Security:IP Security for Microsoft Windows 2000 Server Password Compromise
Users who have illegitimate access to network passwords can access resources they are not otherwise able to use. There are a number of ways an attacker can gain knowledge of passwords:
• Social Engineering. The attacker contacts an individual using an assumed identity, and then makes a request for a password from an individual who has access rights to the information of interest.
• Sniffing. Many network applications allow the username and password to cross the network in clear text. The attacker can use a network sniffer application to intercept this information.
• Cracking. The cracker uses a number of different techniques to gain illegal access to passwords.
Examples of cracking techniques include dictionary attacks and brute force attacks.
If an administrator password is compromised, the attacker will then have access to all resources on the network that are protected with access controls. The intruder now has access to the entire user account database and can use this information to access all files and folders, change routing information, and alter information unbeknownst to users who are dependent on that information.
Denial of Service Attacks
There are a number of different denial of service attacks. All these techniques have in common the ability to disrupt normal computer or operating system functioning on the targeted machine. These attacks can flood the network with useless packets, corrupt or exhaust memory resources, or exploit a weakness in a network application. Denial of service attacks include:
• TCP SYN attack
• SMURF attack
• Teardrop attack
• Ping of Death
Previous Table of Contents Next
Products | Contact Us | About Us | Privacy | Ad Info | Home
Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All rights
reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement.
http://corpitk.earthweb.com/reference/pro/1928994024/ch07/07-01.html (3 of 3) [8/3/2000 6:53:57 AM]
Configuring Windows 2000 Server Security:IP Security for Microsoft Windows 2000 Server
Configuring Windows 2000 Server Security
by Thomas W. Shinder, M.D., MCSE, MCP+I, MCT, Debra Littlejohn Shinder, MCSE, MCP+I, MCT, D. Lynn White, MCSE, MCPS, MCP+I, MCT
Syngress Publishing, Inc.
ISBN: 1928994024 Pub Date: 06/01/99
Search this book:
Search Tips
Advanced Search
Previous Table of Contents Next
Title
TCP SYN Attack
When computers on a TCP/IP-based network establish a session, they go through the three-way handshake process:
1. The originating client sends a packet with the SYN flag set to ON. This host includes a sequence
-----------
number in the packet. The server will use this sequence number in the next step.
2. The server will return a packet to the originating host with its SYN flag set to ON. This packet will have a sequence number that is incremented by 1 over the number that was sent by the requesting computer.
3. The client will respond to this request with a packet that will acknowledge the server’s sequence number by incrementing the sequence number by 1.
Whenever a host requests a session with a server, the pair will go through the three-way handshake process.
The attacker can take advantage of this process by initiating multiple session requests that originate from bogus-source IP addresses. The server keeps each open request in a queue as it is waiting for step 3 to occur.
Entries into the queue are typically emptied every 60 seconds.
If the attacker is able to keep the queue filled, then legitimate connection requests will be denied, so service is denied to legitimate users of e-mail, Web, ftp, and other IP-related services.
SMURF Attack
The SMURF attack attempts to disable the network by flooding the network with ICMP Echo Requests and Echo replies. The attacker will spoof a source IP address and then issue an ICMP Echo request to a broadcast address. This will cause all the machines on a segment to reply to the bogus request. If the attacker can maintain this attack for an extended period of time, no useful information can be passed though the network because of the flood of ICMP Echo Request and Reply messages traversing the wire.
Teardrop Attack
|