Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)

Previous Topic/Section
Pop Quiz 1.1
Previous Page
Pages in Current Topic/Section
1
Next Page
 1.4.1  Denial of Service (DoS) / Distributed Denial of Service (DDoS)
Next Topic/Section

1.4  Attacks

To make a general statement, you can split malicious attacks into 2 broad categories – Protocol/Service based and Application based. While application based attacks strike at flaws in pieces of software (such as the IIS Unicode attack, which allowed attackers to traverse out of the website directory structure and into the operating system of the machine running it), protocol attacks (such as Teardrop) strike at the standardized mechanisms used to transfer data on a network. No matter whose implementation of that protocol you’re using, it will generally be vulnerable to a protocol-level attack if one exists. In some instances, the protocol or service can be used against itself.

An attack is frequently based on an exploit that is specific to an OS or program. A technique known as OS Fingerprinting is used to determine the OS used on a particular target, and therefore the potential exploits which might be usable. OS Fingerprinting is accomplished by sending various TCP/IP packets, designed to provoke somewhat-unusual responses in certain vendors’ TCP/IP implementations, to a target and observing the results. When known OS-specific responses are received in response, the fingerprinting program can identify the OS that the target is running (and often the version and even service pack/patch level). The footnote yields an excellent web page titled Improving the Security of Your Site by Breaking Into it64

OS Fingerprinting

OS Fingerprinting is a reconnaissance technique used to determine the OS that a machine is running. An attacker may use this technique to find any machine running a certain OS, so that he can try out an OS-specific exploit, or he may use it to find out what OS a specific target machine is running, so that he can select an appropriate exploit to use to attack it.


NMAP & More

What can an attacker find out about your servers? Use one of the tools they use, and find out! If you want to see how well an OS’s TCP/IP behavior can identify your server’s OS, check out the Nmap tool, available at http://www.insecure.org/nmap. Nmap is available for both Linux and Windows. If using Windows, we recommend sticking with the command-line version of the Windows program, since the GUI front-end seems to still have some bugs as of November 2002.


Figure 6: While not as speedy as the Linux version, NMAP for Windows is still a powerful tool.

 

Quick navigation to subsections and regular topics in this section



 __________________

64. http://pulhas.org/docs/improve_by_breakin.txt

Previous Topic/Section
Pop Quiz 1.1
Previous Page
Pages in Current Topic/Section
1
Next Page
 1.4.1  Denial of Service (DoS) / Distributed Denial of Service (DDoS)
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.