Types of Attacks
The types of cyber attackers and their motivations are too numerous and varied to list. They
range from the novice hacker who is attracted by the challenge, to the highly skilled
Vulnerabilities, Threats, and Attacks 9
professional who targets an organization for a specific purpose (such as organized crime,
industrial espionage, or state-sponsored intelligence gathering). Threats can originate from
outside the organization or from inside. External threats originate outside an organization
and attempt to breach a network either from the Internet or via dialup access. Internal
threats originate from within an organization and are usually the result of employees or other
personnel who have some authorized access to internal network resources. Studies indicate
that internal attacks perpetrated by disgruntled employees or former employees are
responsible for the majority of network security incidents within most organizations.
There are three major types of network attacks, each with its own specific goal:
■ Reconnaissance attack—An attack designed not to gain access to a system or network
but only to search for and track vulnerabilities that can be exploited later.
■ Access attack—An attack designed to exploit vulnerability and to gain access to a system
on a network. After gaining access, the goal of the user is to
— Retrieve, alter, or destroy data.
— Add, remove, or change network resources, including user access.
— Install other exploits that can be used later to gain access to the network.
■ Denial of service (DoS) attack—An attack designed solely to cause an interruption on a
computer or network.
Reconnaissance Attacks
The goal of this type of attack is to perform reconnaissance on a computer or network. The
goal of this reconnaissance is to determine the makeup of the targeted computer or network
and to search for and map any vulnerability. A reconnaissance attack can indicate the
potential for other, more-invasive attacks. Many reconnaissance attacks are written into
scripts that allow novice hackers or script kiddies to launch attacks on networks with a few
mouse clicks. Here are some of the more common reconnaissance attacks:
■ Domain Name Service (DNS) query—Provides the unauthorized user with such
information as what address space is assigned to a particular domain and who owns that
domain.
■ Ping sweep—Tells the unauthorized user how many hosts are active on the network. It
is possible to drop ICMP packets at the perimeter devices, but this occurs at the expense
of network troubleshooting.
■ Vertical scan—Scans the service ports of a single host and requests different services at
each port. This method enables the unauthorized user to determine what type of
operating system and services are running on the computer.
10 Chapter 1: Network Security
■ Horizontal scan—Scans an address range for a specific port or service. A very common
horizontal scan is the FTP sweep. This is done by scanning a network segment to look
for replies to connection attempts on port 21.
■ Block scan—A combination of the vertical scan and the horizontal scan. In other words,
it scans a network segment and attempts connections on multiple ports of each host on
that segment.