Some Common Types of Attacks
on Computer Security & Antivirus
Below you will find a list of the most common attacks that we face daily on the Internet, ordered by types:
Scan (Search):
Scanning,
as a method of discovering potentially exploitable communication channels, has
been in use for a long time. The idea is to scan as many listening ports
as possible, and save information on those that are receptive or useful for
each particular need.
There are different types of Scanning according to the techniques,
ports and protocols exploited:
·
TCP connect
scanning - Basic way to scan TCP ports to find
open ports to enter.
· TCP SYN
scanning: simulates a client-server connection in
which a SYN packet is sent, if it receives a response, communication is cut and
that port is registered as open.
· TCP FIN
Scanning- Stealth Port Scanning: similar
to the previous one but more clandestine.
· Fragmentation
scanning: modification of the previous ones, but
fragmenting the packages.
· Eavesdropping-packet
sniffing: intercepts packets from the network
without modifying them to, for example, find out passwords.
· Snooping downloading: same as above, but also intercepts files that can
be downloaded.
Authentication attacks:
This type
of attack aims to deceive the victim's system to enter it, for this the
attacker makes identity theft. Generally, this deception is carried out by
taking the sessions already established by the victim or by obtaining their
username and password.
· Spoofing-Looping: consists of impersonating someone else and then
taking actions on their behalf. There are several types such as IP
spoofing, DNS, WEB etc.
· Web Spoofing (Phishing): the attacker creates a fake website similar to the
original, allowing to find out from the victim's data to bank codes.
· IP
Splicing-Hijacking: consists
of impersonating an authorized user when he identifies himself.
· Using Back Doors: allows you to bypass normal authentication methods.
· Use of
Exploits: they take
advantage of hardware or software failures to enter the system.
· Obtaining
Passwords: obtaining passwords by trial and error
or through programs that use dictionaries with millions of keys that they try
to find the correct key.
Denial of service (DOS):
The
current protocols were designed to be used in an open community and with a
relationship of mutual trust. Reality indicates that it is easier to
disorganize the functioning of a system than to access it; Thus, Denial of
Service attacks aim to saturate the victim's resources in such a way that the
services provided by the victim are disabled.
· Jamming or
Flooding: disable or saturate system resources,
such as memory, disk, etc.
· Syn Flood: A "half-way" connection is established,
so that the computer is awaiting a response from the hostile computer, thus
slowing down the system.
·
Connection
Flood: causes the connection limits to be
exceeded, leaving the Internet server hanging.
·
Net Flood: saturates the line with malicious traffic,
preventing useful network traffic.
· Land Attack: consists of sending a packet with the source
address and port the same as the destination one, causing the system to crash.
· Super nuke or Win
nuke: sending manipulated packets to port
range 137-139 that causes the computer to hang.
· Teardrop I and
II-Newtear-Bonk-Boink: prevents
the fragments that form a package from being correctly assembled, causing the
system to saturate.
· E-Mail
Bombing-Spamming: the
first consists of saturating an email account by mass sending the same message,
and what spamming does is a mass sending of an email to thousands of users
without their consent.
Mod-Damage Attacks:
· Tampering or
Data Diddling: unauthorized
modification of the data or software installed on the victim system, including
deletion of files.
·
Fingerprint
Removal: consists of eliminating all the tasks
that the intruder performed on the system to prevent it from being located.
· Attacks Using
Java Applets: Take advantage
of security flaws in ?? java virtual machines ?? to launch attacks.
· Attacks through
JavaScript and VBscript: used
to, for example, send emails without the user's knowledge, read directories,
files, view the history of visited pages, etc.
· Attacks Using
ActiveX: manipulate the code of certain
browsers, so that it does not ask the user for confirmation when downloading
another active control from the Internet, thus they can introduce malicious
code.
· Vulnerability
Attacks in Browsers: allows
access to the computer's buffer and run programs such as format.com.
Exploitation of design, implementation and operation
errors:
Many systems are exposed to security "holes" that are exploited to access files, passwords, or gain privileges. These vulnerabilities are caused by programming flaws in operating systems, software applications, network protocols, Internet browsers, email, etc.
Recommendations to avoid the spread of viruses and
spyware
1) Always have an antivirus and
antispyware program active; It is advisable not to trust just one, but
using more than one does not mean that we must have them all installed, we
simply run those antivirus and antispyware in their scanning option, on the
folder that contains the files to review.
2) Just as important as having the antivirus installed is having it fully updated. Currently, updates are daily in most programs, or at least weekly, so if the antivirus we have is not updated with a maximum frequency of one week, it would be best to change to another that had daily updates or several weekly. The same happens with an antispyware program, we must keep it as up-to-date as possible, since this way security holes are corrected that can put our security at risk. Many worms nowadays are successful due to the laziness of users to update their programs, so an awareness of continuous renewal of the programs on our computers, especially those more delicate such as browsers, operating systems, P2P clients and others, is basic to be sure.
3) Do not open any message or file received via email
from unknown or very little known sources. In the case of familiar
persons, the corresponding precautions must also be taken. Make sure with
that person of the shipment, and never execute them before passing the updated antivirus to these
files. When in doubt, simply choose to delete the message and the attached
files.
4) Do not download anything from websites that you do not have
serious references to, or that are not fairly well known. And if files are
downloaded, we must do as with the attached files; examine them with the
antivirus before executing or downloading them.
5) Test several antivirus, firewalls,
antispyware, etc., downloading its trial version (trial version) that usually
lasts between 15 and 30 days, with which we can try several before deciding to
buy the one that best suits our needs. Tell us about its ease of use
and configuration, after-sales support, features, and performance. Find
users of those programs who provide us with their opinion about this or other
similar programs. The best we can do is navigated in a forum dedicated to
security or in those of the program's company, where we can read important
details of the operation of the people who use it. They will even answer
the questions we ask them, and we will see the advantages and disadvantages of
the users themselves.
No comments:
Post a Comment