Classes of Attacks
Three major types of attacks follow:
Reconnaissance: Reconnaissance attacks are the first step in the process of intrusion and involve
unauthorized discovery and mapping of systems, services, or vulnerabilities. These discovery and mapping
techniques are commonly known as scanning and enumeration. Common tools, commands, and utilities
that are used for scanning and enumeration include ping, Telnet, nslookup, finger, rpcinfo, File Explorer,
srvinfo, and dumpacl. Other third-party public tools include Sniffer, SATAN, SAINT, NMAP, and netcat. In
addition, custom scripts are used in this process.
Access: Access attacks refer to unauthorized data manipulation that gives the attacker system access or
privilege escalation on a victim or compromised host. Unauthorized data retrieval is simply the act of
reading, writing, copying, or moving files that are not allowed or authorized to the intruder. Some
common activities performed in this phase include exploiting passwords, accessing confidential
information, exploiting poorly configured or unmanaged services, accessing a remote registry, abusing a
trust relationship, and IP source routing and file sharing.
Denial of Service: A DoS attack takes place when an attacker intentionally blocks, degrades, disables, or
corrupts networks, systems, or services with the intent to deny the service to authorized users.
Pages:
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348