|
 ABSTRACT
The Internet put the rest of the world at the reach of our computers. In the same way it also made our computers reachable by the rest of the world. Good news and bad news!. Over the last decade, the Internet has been subject to widespread security attacks. Besides the classical terms, new ones had to be found in order to designate a large collection of threats: Worms, break-ins, hackers, crackers, hijacking, phrackers, spoofing, man-in-the-middle, password-sniffing, denial-of-service, and so on.Since the Internet was born of academic efforts to share information, it never strove for high security measures. In fact in some of its components, security was consciously traded for easiness in sharing. Although the advent of electronic commerce has pushed for "real security" in the Internet, there is yet a huge amount of users (including scientists) very vulnerable to attacks, mostly because they are not aware of the nature (and ease) of the attacks and still believe that a "good" password is all they need to be concerned about.We wrote this paper aiming for a better understanding of the subject. In the paper we report some of the major actual known attacks. Besides the description of each attack (the what), we also discuss the way they are carried on (the how) and, when possible, the related means of prevention, detection and/or defense.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
|
| |
2
|
C. H. Bennett, G. Brassard, A. K. Ekert, Quantum Cryptography. Scientific American, v. 267, n.4, 1992, pp. 50-57.
|
| |
3
|
Bruce Schneier, Applied Cryptography. Wiley, Second Edition, 1996, pp. 554-557.
|
| |
4
|
|
| |
5
|
|
| |
6
|
D. Comer, Internetworking with TCP/IP Vol. 1. Prentice Hall, Third Edition, 1995.
|
| |
7
|
|
| |
8
|
ISS Sniffer FAQ. http://www.iss.net/.
|
| |
9
|
D. Atkins et al.,Internet Security. New Riders, 1996, pp. 258-279.
|
| |
10
|
|
| |
11
|
SSL Version 3.0. http://home.netscape.com/eng/ssl3/ssl-toc.html.
|
| |
12
|
N. Haller, The S/KEY One-Time Password System. RFC 1760, Bellcore, February 1995.
|
| |
13
|
J. Kohl, C. Neuman, The Kerberos Network Authentication Service (V5). RFC 1510, September 1993.
|
| |
14
|
Project Loki. Phrack Magazine, Volume Seven, Issue Forty-Nine, File 06. Whitepaper by route@infonexus.com for Phrack Magazine. Guild Productions, August 1996.
|
| |
15
|
D. C. Plummer, An Ethernet Address Resolution Protocol. RFC 826, 1982.
|
| |
16
|
D. Atkins et al.,Internet Security. New Riders, 1996, pp. 257-316.
|
| |
17
|
|
| |
18
|
A. S. Tanenbaum, Computer Networks. Prentice Hall, 3rd. ed., 1996, pp. 355-359.
|
| |
19
|
C. Hedrick, Routing Information Protocol. RFC 1058, 1988.
|
| |
20
|
|
| |
21
|
IP-spoofing Demystified. By route@infonexus.com Guild Productions, June 1996.
|
| |
22
|
R. Morris, A Weakness in the 4.2 BSD UNIX TCP/IP Software. Computing Science Technical Report 117. AT&T Bell Laboratories, 1985.
|
| |
23
|
L. Joncheray, A Simple Active Attack Against TCP. Merit Network, Inc. lpj@merit.edu, April 1995.
|
| |
24
|
IP Spoofing Attacks and Hijacked Terminal Connections. CERT Advisory CA-95:01. Available at http://www.cert.org and at ftp://info.cert.org/pub/cert_advisories/ 1995.
|
| |
25
|
|
| |
26
|
TCP SYN Flooding and IP Spoofing Attacks. CERT Advisory CA-96.21. Available at http://www.cert.org and at ftp://info.cert.org/pub/cert_advisories/ 1996.
|
INDEX TERMS
Keywords:
Client-Server,
Covert Channel,
DNS,
Denial of Service,
Ethernet,
Hijacking,
ICMP,
Kerberos,
One-Time Password,
Ping,
RIP,
Sniffing,
Spoofing,
TCP/IP
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf