tailieunhanh - Lecture Professional Practices in IT: Lecture 20 - Saqib Iqbal

After studying this chapter you will be able to understand: Modes of hacker attack, spoofing, IP spoofing – flying-blind attack, IP spoofing – source routing, email spoofing, web spoofing, web spoofing – tracking state, session hijacking, session hijacking, denial of service (DOS) attack,. | Lecture 20 Hacking Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack Get some stories about hackings Definition: An attacker alters his identity so that some one thinks he is some one else Email, User ID, IP Address, Attacker exploits trust relation between user and networked machines to gain access to machines Types of Spoofing: IP Spoofing: Email Spoofing Web Spoofing Spoofing 1. Normally users log on to one machine and have access to a number of computers. Definition: Attacker uses IP address of another computer to acquire information or gain access IP Spoofing – Flying-Blind Attack Replies sent back to Spoofed Address Attacker John From Address: To Address: Attacker changes his own IP address to spoofed address Attacker can send messages to a machine masquerading as spoofed machine Attacker can not receive messages from that machine 1. Normally users log on to one machine and have access to a number of computers. Definition: Attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies IP Spoofing – Source Routing Replies sent back to Spoofed Address Attacker John From Address: To Address: The path a packet may change can vary over time To ensure that he stays in the loop the attacker uses source routing to ensure that the packet passes through certain nodes on the network Attacker intercepts packets as they go to 1. Normally users log on to one machine and have access to a number of computers. Definition: Attacker sends messages masquerading as some one else What can be the repercussions? Types of Email Spoofing: Create an account with similar email address Sanjaygoel@: A message from this account can perplex the students Modify a mail client Attacker can put in any return . | Lecture 20 Hacking Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack Get some stories about hackings Definition: An attacker alters his identity so that some one thinks he is some one else Email, User ID, IP Address, Attacker exploits trust relation between user and networked machines to gain access to machines Types of Spoofing: IP Spoofing: Email Spoofing Web Spoofing Spoofing 1. Normally users log on to one machine and have access to a number of computers. Definition: Attacker uses IP address of another computer to acquire information or gain access IP Spoofing – Flying-Blind Attack Replies sent back to Spoofed Address Attacker John From Address: To Address: Attacker changes his own IP address to spoofed address Attacker can send messages to a machine masquerading as spoofed machine Attacker can not receive messages from that machine 1. Normally users log on to one