Runall dvi
Download 499.36 Kb. Pdf ko'rish
|
1-m
- Bu sahifa navigatsiya:
- 21.2.2 Attacks Using Internet Protocols and Mechanisms
|
638
Chapter 21 ■ Network Attack and Defense are also separated by college and department. Recently, mobility and virtual networks have made definition of clear network boundaries even harder. This debate goes by the buzz-word of deperimiterisation and I’ll return to it later. One final attack is worth mentioning under the heading of attacks on local networks, and that’s the rogue access point. Occasionally one finds WiFi access points in public areas, such as airports, that have been deployed maliciously. The operator might sit in the airport lounge with a laptop that accesses the Internet via a paid WiFi service and advertises a free one; if you use it, he’ll be able to sniff any plaintext passwords you enter, for example to your webmail or Amazon account, and if you tried to do online banking he might conceivably send you to a malicious site. So the effects can be somewhat like drive-by pharming, although more reliable and less scalable. In addition, rogue access points may also be devices that employees have installed for their own convenience in defiance of corporate policy, or even official nodes that have been misconfigured so that they don’t encrypt the traffic. Whether unencrypted WiFi traffic is a big deal will depend on the circumstances; I’ll discuss this in more detail later when we come to encryption. 21.2.2 Attacks Using Internet Protocols and Mechanisms Moving up now to the Internet protocol suite, the basic problem is similar: there is no real authenticity protection in the default mechanisms. This is particularly manifest at the lower level TCP/IP protocols, and has given rise to many attacks. Consider for example the 3-way handshake used by Alice to initiate a TCP connection to Bob and set up sequence numbers. This protocol can be exploited in a surprising number of different ways. Now that service denial is becoming really important, let’s start off with the simplest service denial attack: the SYN flood. Download 499.36 Kb. Do'stlaringiz bilan baham: 
|