This chapter continues the analysis of various network attacks introduced in Chapter 6,
“Classifying Rudimentary Network Attacks.” Many of the attacks covered in this chapter typically require that the attacker have software skills that are more advanced than the skills needed to execute the attacks described in Chapter 6. The attacks covered in this chapter include IP spoofing attacks, traffic sniffing, password attacks, man-in-the-middle attacks, port redirection, and virus and Trojan-horse applications.
Some of the attacks covered in this chapter cannot be executed effectively unless the attacker has access to a system on a network. Other attacks, such as IP spoofing, port redirection, and man-in-the-middle attacks, do not require such access but do require additional skill on the part of the attacker in order to be successfully executed. The intent, however, is the same as the attacks covered in the previous chapter: to gain access to a system or network.
“Do I Know This Already?” Quiz
The purpose of the “Do I Know This Already?” quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.
The 10-question quiz, derived from the major sections in the “Foundation Topics” portion of the chapter, helps you determine how to spend your limited study time.
Table 7-1 outlines the major topics discussed in this chapter and the “Do I Know This Already?”
quiz questions that correspond to those topics.
1. What is the purpose of IP spoofing attacks?
a. To get packets past a firewall
b. To gain access to a network resource
c. To test router access lists
d. To inject data into a pre-existing communication channel between two systems
e. None of the above
2. What type of IP spoofing attack occurs if the attacker is not concerned with the responses from the target system?
a. Bidirectional
b. Blind
c. Tangential
d. Source
e. Derivational
Table 7-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundations Topics Section Questions Covered in This Section
IP Spoofing 1–3
Packet Sniffers 4–5
Password Attacks 6
Man-In-The-Middle Attacks 7
Port Redirection Attacks 8–9
Virus and Trojan-Horse Applications 10
CAUTION The goal of self-assessment is to gauge your mastery of the topics in this chapter.
If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.
“Do I Know This Already?” Quiz 99
3. What type of spoofing attack occurs when the attacker controls the routing tables to redirect the response packets back to his IP address?
a. Bidirectional
b. Blind
c. Tangential
d. Source
e. Derivational
4. In what mode must a network interface work to receive all packets on the physical network wire and pass those packets up to an application?
a. Sniffing
b. Locked
c. Unlocked
d. Sensing
e. Promiscuous
5. Which of the following protocols are susceptible to passive sniffers?
a. SNMP
b. SSH
c. HTTPS
d. Telnet
e. HTTP
6. What type of attack is an attacker executing when she connects to a system and tries various account names and common default passwords?
a. Deduction
b. Brute-force
c. Intuitive
d. Driven
7. For what purpose are man-in-the-middle attacks most commonly used?
a. To capture sensitive information
b. To hijack ongoing sessions
c. To deny service
d. To corrupt transmitted data
e. All of the above
8. Port redirection is a specific case of what general category of attack?
a. IP spoofing
b. Trust exploitation
c. Man-in-the-middle
d. Denial of service
e. None of the above
9. Which of the following can be used to execute a port redirection attack?
a. httptunnel
b. Ethereal
c. Netcat
d. strobe
e. Nmap
10. What is the most common means of propogating viruses and Trojan-horse applications?
a. E-mail
b. FTP
c. scp
d. The web
e. NetBIOS shares
“Do I Know This Already?” Quiz 101
The answers to the “Do I Know This Already?” quiz are found in Appendix A, “Answers to the
‘Do I Know This Already?’ Quizzes and Q&A Sections.” The suggested choices for your next step are as follows:
■ 8 or less overall score—Read the entire chapter. This includes the “Foundation Topics” and
“Foundation Summary” sections, and the “Q&A” section.
■ 9 or more overall score—If you want more review on these topics, skip to the
“Foundation Summary” section and then go to the “Q&A” section. Otherwise, move to the next chapter.
Foundation Topics
IP Spoofing
IP spoofing occurs when attackers, whether within a network or outside a network, attempt to gain access to a restricted resource by disguising the IP address of their systems as that of other systems.
The system being spoofed by the attacker has access to the restricted resource and the restriction is solely based on the source IP address of the communication.
Typically, IP spoofing is carried out by injecting data into a pre-existing communication channel between two systems to gain unauthorized access to computer systems. If attackers are not interested in the content of the responses from the target system, they can use an IP spoofing attack in a blind or unidirectional fashion in which they assume what the response from the target will be and send their information without any awareness of the response’s content. For true bidirectional communication, the attacker must control the routing tables to redirect the packets for the spoofed IP address to the attacker’s system.