Attack Types

As stated, the three types of attacks are reconnaissance, access, and DoS. Reconnaissance is both a type of attack and a phase of an attack. Intruders typically perform reconnaissance on a target network before attempting to access or disrupt the network resources. The performing of reconnaissance on a target network is considered an attack.

Reconnaissance Attacks

Reconnaissance is the unauthorized data collection of system resources, vulnerabilities, or services. Access and DoS attacks are normally preceded by reconnaissance attacks. Hackers obviously have to know what’s available to attack before launching any intrusion. Reconnaissance is analogous to a bank robber casing a bank to find out how many security guards are on duty, how many cameras exist and their placement, and what escape route to use. Reconnaissance is more than a type of attack—it’s also a phase of attack. Discussion of the need for, and the tools used for, reconnaissance attacks are discussed in more detail in several upcoming sections on reconnaissance and the section “Reconnaissance Tools.”

Access Attacks

Access is a broad term used to describe any attack that requires the intruder to gain unauthorized access to a secure system with the intent to manipulate data, elevate privileges, or simply access the system. The term “access attack” is used to describe any attempt to gain system access, perform data manipulation, or elevate privileges.

System Access Attacks

System access is the act of gaining unauthorized access to a system for which the attacker doesn’t have a user account. Hackers usually gain access to a device by running a script or a hacking tool, or exploiting a known vulnerability of an application or service running on the host.

Data Manipulation Access Attacks

Data manipulation occurs when an intruder simply reads, copies, writes, deletes, or changes data that isn’t intended to be accessible by the intruder. This could be as simple as finding a share on a Windows 9x or NT computer, or as difficult as attempting to gain access to a credit bureau’s information, or breaking into the department of motor vehicles to change a driving record.

Elevating Privileges Access Attacks

Elevating privileges is a common type of attack. By elevating privileges an intruder can gain access to files, folders or application data that the user account was not initially granted access to. Once the hacker has gained a high-enough level of access, they can install applications, such as backdoors and Trojan horses, to allow further access and reconnaissance. A common goal of hackers is to gain root or administrator-level access. Once administrator or root-level access is accomplished, the intruder can gain complete control of the server, host, or network system.

Denial of Service (DoS) Attacks

DoS attacks are performed with the intent of disabling, corrupting, or crashing network resources to prevent the use of these systems by the intended users. This electronic vandalism is one of the worst types of attacks faced by e-businesses because the only intent of the hackers is to prevent customers from using the company’s electronic storefront. The intent of this type of attack is simply to do damage and prevent the target company from conducting business.

Some script tools attempt to take advantage of a known exploit to damage a host or network, while others generate large amounts of network traffic. A hacker with a home PC would have a difficult time in generating enough traffic to overload an Internet class server. To perform an effective DoS attack, hackers use many different computers in an attempt to overwhelm the target host. Using many computer systems to attack a host or network is called a distributed denial of service attack (DDoS). This type of attack has been successful when used against the web sites of Yahoo!, eBay, and CNN.com. One hacker who performed this type of attack was later caught and prosecuted. See http:// www.nipc.gov/investigations/mafiaboy.htm for more details on this attack.

Note

A known exploit or vulnerability is simply a security flaw in an application, service, or operating system (OS) that can be used by an intruder to violate or bypass system security. Vendors of these software products usually release patches to fix these security flaws. This is why it’s important to keep current with all security patches for any software installed on your network.

Hackers could use one or all of these attack types to gain unauthorized access to a target network or system. Most access and DDoS attacks are preceded by a reconnaissance attack, which might have been ongoing for days, weeks, or even months. A hacker could also perform a DoS attack on one portion of the network, while attempting to gain access to other network resources.