Datasheet
458
Identifying Types of Attacks
2. All systems that are pinged reply to the modified source address — an
unsuspecting victim.
3. The victim’s system (most likely a server) receives so many replies to
the ping request that it is overwhelmed with traffic, causing it to be
unable to answer any other request from the network.
To protect against spoof attacks, you can implement encryption and
authentication services on the network.
Eavesdropping attack
An eavesdropping attack occurs when a hacker uses some sort of packet
sniffer program to see all the traffic on the network. Hackers use packet
sniffers to find out login passwords or to monitor activities. Figure 1-2 shows
Microsoft Network Monitor, a program that monitors network traffic by
displaying the contents of the packets.
Figure 1-2:
Using
Network
Monitor to
analyze FTP
logon traffic.
Notice in Figure 1-2 that the highlighted packet (frame 8) shows someone
logging on with a username of administrator; in frame 11, you can see
that this user has typed the password P@ssw0rd. In this example, the
hacker now has the username and password of a network account by
eavesdropping on the conversation!
To protect against eavesdrop attacks, you need encrypt network traffic and
physically control who can connect to your network.
22_647486-bk04ch01.indd 45822_647486-bk04ch01.indd 458 10/15/10 11:27 PM10/15/10 11:27 PM