|Like this CertiGuide? Get it in PDF format!|
Use coupon code "certiguide" to save 20%!
|Also available: 300-question Security+ practice test!|
|Get It Here!|
To make a general statement, you
can split malicious attacks into 2 broad categories Protocol/Service
based and Application based. While application based attacks strike
at flaws in pieces of software (such as the IIS Unicode attack, which
allowed attackers to traverse out of the website directory structure
and into the operating system of the machine running it), protocol attacks
(such as Teardrop) strike at the standardized mechanisms used to transfer
data on a network. No matter whose implementation of that protocol
youre using, it will generally be vulnerable to a protocol-level
attack if one exists. In some instances, the protocol or service can
be used against itself.
An attack is frequently based
on an exploit that is specific to an OS or program. A technique known
as OS Fingerprinting is used to determine the OS used on a particular
target, and therefore the potential exploits which might be usable.
OS Fingerprinting is accomplished by sending various TCP/IP packets,
designed to provoke somewhat-unusual responses in certain vendors
TCP/IP implementations, to a target and observing the results. When
known OS-specific responses are received in response, the fingerprinting
program can identify the OS that the target is running (and often the
version and even service pack/patch level). The footnote yields an excellent
web page titled Improving the Security of Your Site by Breaking Into
OS Fingerprinting is a reconnaissance technique used to determine the OS that a machine is running. An attacker may use this technique to find any machine running a certain OS, so that he can try out an OS-specific exploit, or he may use it to find out what OS a specific target machine is running, so that he can select an appropriate exploit to use to attack it.
NMAP & More
What can an attacker find out about your servers? Use one of the tools they use, and find out! If you want to see how well an OSs TCP/IP behavior can identify your servers OS, check out the Nmap tool, available at http://www.insecure.org/nmap. Nmap is available for both Linux and Windows. If using Windows, we recommend sticking with the command-line version of the Windows program, since the GUI front-end seems to still have some bugs as of November 2002.