Download presentation
Presentation is loading. Please wait.
Published byBeatrice Chase Modified over 9 years ago
1
BY SYDNEY FERNANDES T.E COMP ROLL NO:411113
2
INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients. Systems are connected are connected to network using PORTS,which are identified by their port id. Each system which is connected to the network has its own IP address.(A single system can have more than one IP address).
3
What is port scanning? The act of systematically scanning a computer's ports. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks.portsnetworks Port scanning is not an attack but rather a means for a cracker to detect system vulneribilities.
4
How it can effect your system? Many CRACKERS rely upon port scans to find open ports and send specific data patterns in an attempt to trigger a condition known as a buffer overflow. Such behavior can compromise the security of a network and the computers therein, resulting in the loss or exposure of sensitive information and the ability to do work.buffer overflow
5
There are two general purposes of CRACKERS to conduct port scan:- 1) primary 2)secondry
6
The primary purpose is to get information of status of IP address of the system. The second is to flood intrusion detection alerts with intension of distracting network.
7
TOOL TOOLS are utilities for network exploration. The tool could attempt to connect to every port of one or more systems and for every service that answered, it could try to use each known bug. Frequently the ugs are buffer overflows allowing the the creation of priveledge command shell on the system. Then of course the cracker could install a backdoor program,trojan horse etc. Don’t worry there is no such tool.
8
o But there are tools that perform subset of those functionality. Like NMAP(www.insecure.org/nmap/)www.insecure.org/nmap/ A very versatile open-source utility for network exploration and security auditing. Functions include : determine what services are running including application names and versions, can identify host OS, can also provide information about defences such as what firewalls are defending the target Does not exploit any known bug.
9
NESSUS Performs similar functions but has database of bugs and their exploits. It can scan a range of systems,determine the service running on those systems and attempt to attack all appropriate bugs. It does not exploit the bug but a knowledgeable cracker or script kiddie could.
10
ZOMBIE SYSTEMS They are systems which do not allow port scans to be detected easily. Such systems are previously compromised, independent systems that are serving their owners while being used for nerfarious purposes. Zombies make crackers particularly difficult to prosecute because determining the source of attack and the person that launched it is challenging.
11
DENIAL OF SERVICE Denial of service attacks are aimed not at gaining information or stealing resources but rather disrupting legitimate use of system facility. Denial of service attacks are generally network based. Most such attacks involve systems that the attacker has not penetrated.
12
CATEGORIES They fall in two categories: The first category involves use of many facility resources that in essence no useful work can be done. The second category involves disrupting the network of the facility.
13
How the attack is caused? These attacks result from abuse of some of the functionality of TCP/IP. For eg: for instance if the attacker sends a part of the protocol which says “I want to start a TCP connection” but never follows with the standard “The connection is now complete”, the result can be partially started TCP session. If enough of these sessions were launched they can eat up all the network resources of the system, disabling any further legitimate TCP connections.Such attacks which can last hours or days have caused partial or full failure of attempts to use target resources.
14
DDOS(distributed denial- of - service attacks) Generally it is difficult to prevent Denial of service attacks. Even more difficult to prevent are the DDOS attacks. These attacks are launched from multiple sites at once toward a common target typically by zombies. DDOS attacks are become more common and are sometimes associated with blackmail attempts. A site comes under attack and the attackers offer to halt the attack in exchange for money. Eg: Consider an advertising campaign that greatly increases traffic to a site could be considered a DDOS.
15
More eg of DOS If an authentication algorithm locks an account for a period of time after several incorrect attempts to access the account, then an attacker could cause all authentications to be blocked by purposely making incorrect attempts to access all accounts. A firewall that automatically blocks certain kind of traffic could be induced to block that traffic when it should not.
16
REFRENCES Galvin: pg 173
17
THANKYOU
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.