User Manual

ManualsBrandsESET ManualsComputing & Network ProductsCyber Security Antivirus Renewal for Mac, 3 Years, 3 Users

Still, port scanning is often used by hackers attempting to

compromise security. Their first step is to send packets to each

port. Depending on the response type, it is possible to

determine which ports are in use. The scanning itself causes

no damage, but be aware that this activity can reveal potential

vulnerabilities and allow attackers to take control of remote

computers.

Network administrators are advised to block all unused ports

and protect those that are in use from unauthorized access.

12.2.4 TCP desynchronization

TCP desynchronization is a technique used in TCP Hijacking

attacks. It is triggered by a process in which the sequential

number in incoming packets differs from the expected

sequential number. Packets with an unexpected sequential

number are dismissed (or saved in the buffer storage, if they

are present in the current communication window).

In desynchronization, both communication endpoints dismiss

received packets, at which point remote attackers are able to

infiltrate and supply packets with a correct sequential number.

The attackers can even manipulate or modify communication.

TCP Hijacking attacks aim to interrupt server-client, or peer-to-

peer communications. Many attacks can be avoided by using

authentication for each TCP segment. It is also advised that

you use the recommended configuration for your network

devices.

12.2.5 SMB Relay

SMBRelay and SMBRelay2 are special programs that are

capable of carrying out attacks against remote computers.

These programs take advantage of the Server Message Block

file sharing protocol, which is layered onto NetBIOS. A user

sharing any folder or directory within a LAN most likely uses

this file sharing protocol.

Within local network communication, password hashes are

exchanged.

SMBRelay receives a connection on UDP port 139 and 445,

relays the packets exchanged by the client and server, and

modifies them. After connecting and authenticating, the client

is disconnected. SMBRelay creates a new virtual IP address.

SMBRelay relays SMB protocol communications except for

negotiation and authentication. Remote attackers can use the

IP address, as long as the client computer is connected.

SMBRelay2 works on the same principle as SMBRelay, except

it uses NetBIOS names rather than IP addresses. Both can

carry out “man-in-the-middle” attacks. These attacks allow

remote attackers to read, insert and modify messages

exchanged between two communication endpoints without

being noticed. Computers exposed to such attacks often stop

responding or unexpectedly restart.

To avoid attacks, we recommend that you use authentication

passwords or keys.

12.2.6 ICMP attacks

The ICMP (Internet Control Message Protocol) is a popular and

widely-used Internet protocol. It is used primarily by

networked computers to send various error messages.

Remote attackers attempt to exploit the weaknesses of the

ICMP protocol. The ICMP protocol is designed for one-way

communication requiring no authentication. This enables

remote attackers to trigger DoS (Denial of Service) attacks, or

attacks which give unauthorized individuals access to incoming

and outgoing packets.

Typical examples of an ICMP attack are ping floods,

ICMP_ECHO floods and smurf attacks. Computers exposed to

an ICMP attack are significantly slower (this applies to all

applications that use the Internet) and have problems

connecting to the Internet.

12.3 Email

Email, or electronic mail, is a modern form of communication

with many advantages. It is flexible, fast and direct, and played

a crucial role in the proliferation of the Internet in the early

1990‘s.

Unfortunately, with a high level of anonymity, email and the

Internet leave room for illegal activities such as spamming.

Spam includes unsolicited advertisements, hoaxes and

proliferation of malicious software – malware. The

inconvenience and danger to you is increased by the fact that

the cost of sending spam is minimal, and authors of spam have

many tools to acquire new email addresses. In addition, the

volume and variety of spam makes it very difficult to regulate.

The longer you use your email address, the more likely it will

end up in a spam engine database. Some hints for prevention:

If possible, do not publish your email address on the

Internet

only give your email address to trusted individuals

if possible, do not use common aliases. With more

complicated aliases, the probability of tracking is lower

do not reply to spam that has already arrived in your inbox

be careful when filling out Internet forms, be especially

cautious of options such as

Yes, I wa nt to receive

information

use “specialized” email addresses, for example one for

business, one for communication with your friends, etc.

from time to time, change your email address

use an Antispam solution

12.3.1 Advertisements

Internet advertising is one of the most rapidly growing forms

of advertising. Its main marketing advantages are minimal

costs and a high level of directness; what is more, messages

are delivered almost immediately. Many companies use email

marketing tools to effectively communicate with their current

and prospective customers.