Table of Contents
Advertisement
exploit these newly-found security holes—are often posted on the security mailing lists.
They can be used to target the vulnerability without knowing the details of the code.
Over the years, experience has shown that the availability of exploit codes has contribut-
ed to more secure operating systems, obviously due to the fact that operating system
makers were forced to fix the problems in their software. With free software, anyone
has access to the source code (SUSE Linux Enterprise comes with all available source
codes) and anyone who finds a vulnerability and its exploit code can submit a patch to
fix the corresponding bug.
44.1.10 Denial of Service
The purpose of a denial of service (DoS) attack is to block a server program or even
an entire system, something that could be achieved by various means: overloading the
server, keeping it busy with garbage packets, or exploiting a remote buffer overflow.
Often a DoS attack is made with the sole purpose of making the service disappear.
However, once a given service has become unavailable, communications could become
vulnerable to man-in-the-middle attacks (sniffing, TCP connection hijacking, spoofing)
and DNS poisoning.
44.1.11 Man in the Middle: Sniffing,
Hijacking, Spoofing
In general, any remote attack performed by an attacker who puts himself between the
communicating hosts is called a man-in-the-middle attack. What almost all types of
man-in-the-middle attacks have in common is that the victim is usually not aware that
there is something happening. There are many possible variants, for example, the attacker
could pick up a connection request and forward that to the target machine. Now the
victim has unwittingly established a connection with the wrong host, because the other
end is posing as the legitimate destination machine.
The simplest form of a man-in-the-middle attack is called sniffer—the attacker is "just"
listening to the network traffic passing by. As a more complex attack, the "man in the
middle" could try to take over an already established connection (hijacking). To do so,
the attacker would need to analyze the packets for some time to be able to predict the
TCP sequence numbers belonging to the connection. When the attacker finally seizes
the role of the target host, the victims notice this, because they get an error message
saying the connection was terminated due to a failure. The fact that there are protocols
Security and Confidentiality
781
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008
Related Products for Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL APPARMOR 2.0.1 - ADMINISTRATION GUIDE 05-2008
- NOVELL EDIRECTORY 8.8 - GUIDE 09-2006
- NOVELL INTELLISYNC MOBILE SUITE 7.0 - SECURE GATEWAY ADMINISTRATOR GUIDE 04-2006
- NOVELL LINUX ENTERPRISE DESKTOP 10 SP1 - START UP GUIDE 03-15-2007
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - LAB GUIDE 01-19-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.2 - ADMINISTRATION GUIDE 09-2007
- NOVELL ZENWORKS LINUX MANAGEMENT 7.2 IR2 - ADMINISTRATION GUIDE 09-25-2008
- NOVELL ZENWORKS LINUX MANAGEMENT 7.3 IR2 - ADMINISTRATION GUIDE 02-12-2010
- NOVELL SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010
- NOVELL ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0 - INTEGRATION AND STREAMING GUIDE 05-07-2010
- NOVELL PRIVILEGED USER MANAGER 2.2.1 - ADMINISTRATION GUIDE 03-31-2010