The operating environment of this tutorial: Windows 10 system, Dell G3 computer.
The current network attack model is multi-faceted and multi-method, making it difficult to guard against. Generally speaking, they are divided into four categories: denial of service attacks, exploitation attacks, information collection attacks, and fake news attacks.
1. Denial of service attack
Denial of service attack attempts to prevent you from providing services by crashing your service computer or overwhelming it. Denial of service attack is the most common Easily implemented attacks:
teardrop
Overview: Teardrop attacks exploit information contained in the headers of packets in IP fragments that are trusted by the TCP/IP stack implementation to implement your own attack. IP fragments contain information indicating which part of the original packet the fragment contains. Some TCP/IP (including NT before servicepack 4) will crash when receiving forged fragments containing overlapping offsets.
Defense: The server applies the latest service pack, or reassembles segments when setting up a firewall instead of forwarding them.
2. Exploitation attack
Exploitation attack is a type of attack that attempts to directly control your machine:
Trojan horse
Overview: A Trojan horse is a program that is secretly installed on a target system either directly by a hacker or by an unsuspecting user. Once the installation is successful and administrator rights are obtained, the person who installed the program can directly control the target system remotely.
The most effective one is called backdoor program. Malicious programs include: NetBus, BackOrifice and BO2k, and benign programs used to control the system such as: netcat, VNC, pcAnywhere. The ideal backdoor operates transparently.
Defense: Avoid downloading suspicious programs and refusing to execute them, and use network scanning software to regularly monitor the listening TCP service on the internal host.
3. Information collection attacks
Information collection attacks do not cause harm to the target itself. As the name suggests, this type of attack is used to provide useful information for further intrusions. Information. Mainly include: scanning technology, architecture probing, and use of information services
(1) Address scanning
Overview: Use programs such as ping to detect target addresses, and responses to this indicate its existence.
Defense: Filter out ICMP reply messages on the firewall.
(2) Architecture detection
Overview: Hackers use automated tools with a database of known response types to examine responses from the target host to bad packet transmissions . Since each operating system has its own unique response method (for example, the specific implementation of the TCP/IP stack is different between NT and Solaris), by comparing this unique response with known responses in the database, hackers can often determine The operating system that the target host is running.
Defense: Remove or modify various banners, including those of the operating system and various application services, and block ports used for identification to disrupt the opponent's attack plan.
(3) Utilize information services
DNS domain conversion
Overview: The DNS protocol does not authenticate conversions or informational updates, which makes the protocol regarded as Utilize it in different ways. If you maintain a public DNS server, a hacker can obtain the names and internal IP addresses of all your hosts by performing a domain translation operation.
Defense: Filter out domain conversion requests at the firewall.
4. Fake message attack
is used to attack messages with incorrect target configuration, mainly including: DNS cache pollution and fake emails.
DNS Cache Pollution
Overview: Because DNS servers exchange information with other name servers without authentication, this allows hackers to incorporate incorrect information and compromise users. Directed to the hacker's own host.
Defense: Filter inbound DNS updates on the firewall. External DNS servers should not be able to change what your internal servers know about internal machines.
Fake Email
Overview: Since SMTP does not authenticate the sender of an email, a hacker can forge an email to your internal customers, claiming to be from someone they know and know. Believers, and come with an installable Trojan horse, or a link to a malicious website.
Defense: Use security tools like PGP and install email certificates.
The above is the detailed content of What are the 4 main types of cyber attacks?. For more information, please follow other related articles on the PHP Chinese website!