Specifications

ManualsBrandsCabletron Systems ManualsNetwork CardE2100

211

212

213

214

215

216

217

218

219

220

posted on the security mailing lists. They can be used to target the vulnera-

bility without knowing the details of the code. Over the years, experience has

shown that the availability of exploit codes has contributed to more secure

operating systems, obviously due to the fact that operating system makers

were forced to ﬁx the problems in their software. With free software, anyone

has access to the source code (SuSE Linux comes with all available source

codes) and anyone who ﬁnds a vulnerability and its exploit code can submit

a patch to ﬁx the corresponding bug.

DoS — Denial of Service

The purpose of this kind of attack is to force down a server program or even

an entire system, something which could be achieved by various means:

overloading the server, keeping it busy with garbage packets, or exploiting

a remote buffer overﬂow.

Often a DoS attack is done with the sole purpose of making the service dis-

appear. However, once a given service has become unavailable, communi-

cations could become vulnerable to so-called “man-in-the-middle attacks”

(snifﬁng, TCP connection hijacking, spooﬁng) and DNS poisoning, explained

below.

Man in the Middle: Snifﬁng, TCP Connection Hijacking, Spooﬁng

In general, any remote attack performed by an attacker who puts himself be-

tween the communicating hosts is called a “man-in-the-middle attack”. What

almost all types of man-in-the-middle attacks have in common is that the vic-

tim is usually not aware that there is something happening. There are many

possible variants, for example, the attacker could pick up a connection re-

quest and forward that to the target machine himself. Now the victim has

unwittingly established a connection with the wrong host, because the other

end is posing as the legitimate destination machine. The simplest form of a

man-in-the-middle attack is called “sniffer” — the attacker is “just” listening

to the network trafﬁc passing by. As a more complex attack, the “man in the

middle” could try to take over an already established connection (hijacking).

To do so, the attacker would have to analyze the packets for some time to

be able to predict the TCP sequence numbers belonging to the connection.

When the attacker ﬁnally seizes the role of the target host, the victims will

notice this, because they get an error message saying the connection was ter-

minated due to a failure.

What often makes things easier for attackers is the fact that there are pro-

tocols which are not secured against hijacking through encryption, but only

perform a simple authentication procedure upon establishing the connection.

204 Security and Conﬁdentiality