Thursday, 31 January 2013

Attack Types and Vulnerabilities

Attack Types and Vulnerabilities

Introduction
There exist numerous ways to attack a target system. It could be
achieved by exploiting known vulnerabilities in software or taking
advantage of a badly configured security policy; it could be
implemented remotely or internally. The techniques and methods used
are likely to vary depending on the target and they should be chosen
appropriately having assessed the situation fully. The attack types and
vulnerabilities discussed in this module, are:
• Buffer Overflow attacks.
• Denial of Service (DoS) attacks.
• Distributed Denial of Service (DDoS) attacks.
• Misconfigurations.
• Abuse of Trust.
• Brute force attacks.
• CGI and WWW services.
• Back doors and Trojans.
Buffer Overflow Attacks
These attacks exploit poorly written software to allow attackers to
execute arbitrary code on the target system. Overflows can occur in
server software which is available to users over the network, or in
programs which exist on multi-user operating systems. In either case, a
successful overflow will allow the attacker to execute arbitrary code
with the privilege of the vulnerable service.
The most sought after exploits in the hacker community are “remote
root” exploits, however, they are not as common as the local exploits. A
local exploit occurs in a service that is not available over the network,
but is shared by users in a multi-user operating system such as Unix.
This allows for the same escalation of privilege as that provided by the
remote exploits.

No comments:

Post a Comment