dismiss received packets. This is the point when remote attackers are
able to infiltrate and supply packets with a correct sequential number.
The attackers can even manipulate the communication with their
commands, or modify it some other way.
TCP Hijacking attacks aim to interrupt server‑client, or peer‑to‑peer
communications. Many attacks can be avoided by using
authentication for each TCP segment. It is also advised to use the
recommended configurations for your network devices.
6.2.6 SMB Relay
SMBRelay and SMBRelay2 are special programs able to carry out an
attack against remote computers. The programs take advantage of
the Server Message Block file sharing protocol, which is layered onto
NetBIOS. If a user shares any folder or directory within the LAN, he or
she most likely uses this file sharing protocol.
Within the local network communication, password hashes are
exchanged.
SMBRelay receives a connection on UDP port 139 and 445, relays the
packets exchanged by the client and server, and modifies them. After
connecting and authenticating, the client is disconnected. SMBRelay
creates a new virtual IP address. The new address can be accessed
using the command “net use \\192.168.1.1“. The address can then be used
by any of the Windows networking functions. SMBRelay relays SMB
protocol communication except for negotiation and authentication.
Remote attackers can use the IP address, as long as the client
computer is connected.
SMBRelay2 works on the same principle as SMBRelay, except it
uses NetBIOS names rather than IP addresses. Both of them can
carry out “man‑in‑the‑middle” attacks. These attacks allow remote
attackers to read, insert and modify messages exchanged between
two communication endpoints without being noticed. Computers
exposed to such attacks often stop responding or unexpectedly
restart.
To avoid attacks, we recommend that you use authentication
passwords or keys.
6.2.7 ICMP attacks
The ICMP (Internet Control Message Protocol) is a popular and
widely‑used Internet protocol. It is used primarily by networked
computers to send various error messages.
Remote attackers attempt to exploit the weaknesses of the ICMP
protocol. The ICMP protocol is designed for one‑way communication
requiring no authentication. This enables remote attackers to trigger
so‑called DoS (Denial of Service) attacks, or attacks which give
unauthorized individuals access to incoming and outgoing packets.
Typical examples of an ICMP attack are ping flood, ICMP_ECHO
flood and smurf attack. Computers exposed to the ICMP attack are
significantly slower (this applies to all applications using the Internet)
and have problems connecting to the Internet.
6.3 Email
Email, or electronic mail, is a modern form of communication with
many advantages. It is flexible, fast and direct. Email played a crucial
role in the proliferation of the Internet in the early 1990‘s.
Unfortunately, with their high level of anonymity, email and the
Internet leave room for illegal activities such as spamming. Broadly
categorized, spam includes unsolicited advertisements, hoaxes and
proliferation of malicious software – malware. The inconvenience and
danger to the user is increased by the fact that the costs of sending
are next to zero, and authors of spam have many tools and sources
available to acquire new email addresses. In addition, the volume and
variety of spam makes it very dicult to regulate. The longer you use
your email address, the higher the possibility of it ending up in a spam
engine database. Some hints for prevention:
▪ If possible, don’t publish your email address on the Internet
▪ Only give your email address to trusted individuals
▪ If possible, don’t use common aliases – with more complicated
aliases, the probability of tracking is lower
▪ Don’t reply to spam that has already arrived in your inbox
▪ Be careful when filling out Internet forms – be especially aware
of checkboxes such as “Yes, I want to receive information about…
in my inbox.”
▪ Use “specialized” email addresses – e.g. one for your work, one for
communication with your friends, etc.
▪ From time to time, change your email address
▪ Use an Antispam solution
6.3.1 Advertisements
Internet advertising is one of the most rapidly growing forms of
advertising. Email advertising uses email as a means of contact. Its
main marketing advantages are zero costs, high level of directness
and eectiveness; what’s more, messages are delivered almost
immediately. Many companies use email marketing tools to eectively
communicate with their current and prospective customers.
This means of advertising is legitimate, since the user may be
interested in receiving commercial information about some products.
But the fact is that many companies send unsolicited bulk commercial
messages. In such cases, email advertising crosses the line and
becomes spam.
The amount of unsolicited commercial e‑mail has become a real
problem, since it shows no signs of abating. Authors of unsolicited
email naturally try to masquerade spam as legitimate messages. On
the other hand, legitimate advertising in large quantities may cause
negative reactions.
6.3.2 Hoaxes
A hoax is a message spread across the Internet. Usually it is sent via
email and sometimes via communication tools like ICQ and Skype.
The message itself is often a joke or Urban Legend.
Computer Virus hoaxes try to generate fear, uncertainty and doubt
(FUD) in the recipients, bringing them to believe that there is an
“undetectable virus“ deleting files and retrieving passwords, or
performing some other harmful activity on their system.
Some hoaxes are meant to cause emotional embarrassment to
others. Recipients are usually asked to forward such messages to all
their contacts, which perpetuates the life‑cycle of the hoax. There
are mobile phone hoaxes, pleas for help, people oering to send you
money from abroad, etc. In most cases it is impossible to track down
the intent of the creator.
In principle, if you see a message prompting you to forward it to
everyone you know, it may very well be a hoax. There are many
specialized web sites on the Internet which can verify whether an
email is legitimate or not. Before forwarding, perform an Internet
search on any message you suspect of being a hoax.
6.3.3 Phishing
The term phishing defines a criminal activity which uses techniques of
social engineering (manipulating users in order to obtain confidential
information). Its aim is to gain access to sensitive data such as bank
account numbers, PIN codes, etc.
To Next Page
Loading...
Need help?
General
