Hack thirty-six of the invasion tactics Count is calculated-vulnerability warning-the black bar safety net

ID MYHACK58:62200612642
Type myhack58
Reporter 佚名
Modified 2006-11-02T00:00:00


Hacking techniques include 1)sneak (2)gonna try (3)nothing (4). (5)the tongue is in the possession of the knife (6)steal (7)for the third night (8)diversion. (9)Example (1 0)wet water. (1 1)outbred recent attack (1 of 2)bait and switch (1 3)become masters of. Hackers often interlocking, and hard to detect, can not not careful.

1, the sneak, the data-driven attacks

When some seemingly harmless special programs be sent or copied to the network on the host and is executed to launch the attack occurs when data-driven attacks. For example:a data-driven attack could cause a host to modify the network security-related file, so that hacker next time to more easily invade the system.

2, the Rob in this way, the system file is illegal use

UNIX system executable directories such as/bin/who by all users for Read access. Some users can from the executable to get its version number, which combined with published information to know the system will have what kind of vulnerability. Such as through the Telnet command run you can know the Sendmail version number. The prohibition to perform file access although not preventing hackers for their attack, but at least you can make this attack more difficult. There are some weaknesses is by the configuration files, access control files and the default initialization file is generated. The most famous example is:used to install the SunOS Version 4 of the software, it created a/rhosts file, this file allows a local area network(the Internet)on any person, from any place made for the host super user privileges. Of course, initially this file is provided in order to from online easily be installed, without the need for super user permission and check. Wise thousand consideration, there must be a loss, theoperating systemthe design of the vulnerability to hack the account opening the back door for WIN95/WIN NT series of specific attacks is a good example.

3, the fabricated, falsified information to attack

By sending forged routing information, construct the system of the source host and the target host of the false path, so that the flow to the target host packets are the attacker's host system. This gives people to provide sensitive information and useful password.

4, a plot, for the information of the Protocol weakness attacks

The IP address of the source route option allows the IP data package of their choice to the system of the destination host of the path. Envisaged an attacker trying to work with behind the firewall of an unreachable host, A connection. He only need send a request packet to set the IP source route option, so that packets with a destination address pointing to the firewall, and the final address is the host A. When the packet reaches the firewall is allowed to pass through, because it points to the firewall instead of host A. Firewall IP layer processing the packet, the source path is changed, and sent to the intranet, the packet will thus reach the Unreachable host-A.

5, a less drastic, the distal end of the manipulation

The default login interface(shell scripts), configuration, and customer documents is another problem area, they provide a simple method to configure a program execution environment. This sometimes caused the distal end of the manipulation attack:in the attack on the host to start an executable program, the program displays a fake login interface. When the user in this masquerade on the interface to enter the login information(user name, password, etc.), the program information input by the user is transmitted to the attacker's host, and then close the screen shows“system fault”message, requiring the user to re-login. Thereafter appears the real login screen. Before we can give the next generation a more perfectoperating systemversion before, a similar attack will still happen. Firewall is one important role is to prevent illegal users log in to the protected network on the host. For example, in packet filtering, disable the external host Telnet to log on to the internal host.

6, the shoplifting, the use of system administrator errors attack

Network security one of the important factors is the people! Countless historical facts show:Paula barrier most easily from within compromised. Thus human errors, such as WWW server system configuration error, ordinary users to use the user usage rights to expand, so give the hack cause The can take advantage of the machine. Hackers often use the system administrator of errors, the collection of attack information. As with the finger, and netstat, arp, mail, grep, and other commands and some hacker tools software.

7th, reincarnated, re-send(REPLAY)attacks

Collection the particular IP packet;tampering with its data, and then one by one re-transmission, to deceive the receiving host.

8, a diversion. and diversion

For ICMP packets attacks, while more difficult, the hackers also sometimes use ICMP packets to attack. The redirect message can change the route list, the router can be based on these messages suggest the host to go the other better path. An attacker can effectively use the redirect message to the connected steering an unreliable host or path, or allow all packets through an unreliable host to forward. To deal with this viagra rib method is for all ICMP redirect packet filtering, some routing software can be configured. Simply abandon all of the redirected packets is not desirable:hosts and routers often use them, such as a circuit breaker failure.

9, for example, for the source path option of the weakness of the attack

Force the packets through a specific path to reach the destination host. Such packets can be used to capture firewall and spoofing the host. An external attacker can transmit a with the internal host address of the source route packets. The server will believe the message and the attacker sends back a response packet, because this is the IP of the source path option requirements. To deal with this kind of attack the best approach is to configure the router, make it discard those from the external network coming in have claimed that is the internal host packets.

1 0 a, fish in troubled waters, the Ethernet broadcast attack

The Ethernet interface is set to chaos mode(promiscuous), intercepted a partial range of the All data packet, as I used to.

1 1, The outbred recent attack, leaping attack

Now many sites on the Internet use the UNIX operating system. Hackers will try to login to a UNIX host, through theoperating systemthe vulnerability to acquire system privileges, and then as a stronghold to access the rest of the host, which is called hopping(Island-hopping)。

Hackers reaches the destination host before the often will it Jump a few times. For example a in the United States hack in the into the beauty the FBI's network before, you might first log on to Asia on a single host, then from there log into Canada of one host, then skip to Europe, and finally from France of a host to the FBI initiated the attack. Such is attack the network even found a hack is where to own initiated the attack, and managers is also very difficult to Savas to get back to, not to mention the hacker in obtaining a host of system privileges, you can on exit to delete the system log, the“vine”cut. As long as you can log on to the UNIX system, it can be relatively easy to become a super user, which makes it the same time as hackers and security experts ' concerns.

1 of 2, bait and switch, stealing a TCP Protocol connection

Network interconnection Protocol there are also many vulnerable places. And the interconnection agreement was originally produced was to facilitate the exchange of information, and therefore the designer of the security aspect is very less not even to consider. For security Protocol analysis attack the most calendar harm a trick.

In almost all the UNIX implementation of the Protocol family, there is a long-known vulnerability, this drain along that steal the TCP connection becomes possible. When the TCP connection is established, the server with one containing the initial sequence number of a packet to verify the user request. This serial number no special requirements, as long as only you can. The client receives the answer, and then confirm once, the connection will be established. The TCP Protocol Specification requires that each of the second replacement sequence number 2 5 million times. But most of the UNIX system, the actual replacement frequency is much less than this number, and the next replacement number is often predictable. And hack is exactly what this may predict the servers initial sequence number of the ability makes the attack can be completed. The only thing that can combat this method of attack is to make the initial sequence number generation has more randomness. The most secure solution is to use an encryption algorithm to generate the initial sequence number. Additional CPU load on the current hardware speed is negligible.

1 3, to become masters, captured System Control

On UNIX systems, too many files is accessible only by the super-user has, and rarely can be performed by a certain type of user all, which makes the administrator must be in root under a variety of operations, this practice is not very safe. Hacking the primary object is the root, most often the attack target is the Super-User Password. Strictly speaking, the UNIX user's password is not encrypted, it is just as DES algorithm to encrypt a common string key. Now there were many used to decrypt the software tool, they use the CPU of the high speed research do search password. Attack once successful, the hacker will become the UNIX system of the Emperor. Therefore, the system of rights separation of powers, if the set mail system administrator, then mail the system e-mail administrator may not have super-user privilege to the case of the good management of the mail system, which will make system security a lot.

In addition, the attacker compromised the system, often using 金蝉脱壳. delete the system operation log, make your own is not the system administrator found, after a comeback. It is useful to soldiers, to billing-headed, as a network attacker will do everything possible methods, using a variety of stratagems to attack the target system. This is the so-called thirty-six of the interlocking on.