Table of Contents
Advertisement
50.1.10 Denial of Service
The purpose of a denial of service (DoS) attack is to block a server program or even
an entire system, something that could be achieved by various means: overloading the
server, keeping it busy with garbage packets, or exploiting a remote buffer overflow.
Often a DoS attack is made with the sole purpose of making the service disappear.
However, once a given service has become unavailable, communications could become
vulnerable to man-in-the-middle attacks (sniffing, TCP connection hijacking, spoofing)
and DNS poisoning.
50.1.11 Man in the Middle: Sniffing,
Hijacking, Spoofing
In general, any remote attack performed by an attacker who puts himself between the
communicating hosts is called a man-in-the-middle attack. What almost all types of
man-in-the-middle attacks have in common is that the victim is usually not aware that
there is something happening. There are many possible variants, for example, the attacker
could pick up a connection request and forward that to the target machine. Now the
victim has unwittingly established a connection with the wrong host, because the other
end is posing as the legitimate destination machine.
The simplest form of a man-in-the-middle attack is called sniffer—the attacker is "just"
listening to the network traffic passing by. As a more complex attack, the "man in the
middle" could try to take over an already established connection (hijacking). To do so,
the attacker would need to analyze the packets for some time to be able to predict the
TCP sequence numbers belonging to the connection. When the attacker finally seizes
the role of the target host, the victims notice this, because they get an error message
saying the connection was terminated due to a failure. The fact that there are protocols
not secured against hijacking through encryption, which only perform a simple authen-
tication procedure upon establishing the connection, makes it easier for attackers.
Spoofing is an attack where packets are modified to contain counterfeit source data,
usually the IP address. Most active forms of attack rely on sending out such fake
packets—something that, on a Linux machine, can only be done by the superuser
(root).
Many of the attacks mentioned are carried out in combination with a DoS. If an attacker
sees an opportunity to bring down a certain host abruptly, even if only for a short time,
Security and Confidentiality
897
Advertisement
Table of Contents
Troubleshooting
