Week 2 Assignment
A spoofing attack in network security is an act in which a bad guy or malicious program deceive another person or program by falsifying identity, to gain an illegal advantage by performing legitimate actions or giving up some important sensitive data. Common types of spoofing attacks are ARP spoofing, DNS spoofing and IP address spoofing. And these types of spoofing attacks are used to attack networks, spread malware and to gain confidential information or else data.
For example: IP spoofing in which hackers replace a valid IP address with an affected one to deceive a genuine system.
Two common types of spoofing attacks executed by adversaries to attack access control:
Email Spoofing Attack:
In email spoofing attack, a fake email header will be spoofed in the sender’s address form field so that the message appears as if it came from someone or some other than the actual source. This kind of tricks are used in phishing or scamming people because they think that they got an email from a legitimate source and the goal is to get recipients open or even possibly respond to it. In the same Reply-To field, there will be a different ID than the original email ID, it will be visible until the recipient replies to its sender back. Earlier years back, an Indian businessman got a hefty loss of money to adversaries who carried out email spoofing attacks. To prevent from email spoofing recipient should trace IP address or else by reading the message headers and avoiding it by not clicking on unfamiliar attachments or links that installs malware on the computing device.
Phone Spoofing Attack:
In phone spoofing, a bad guy will change its caller ID to another numbers or else making calls from the internet with fake numbers. There are few applications that can be used to find out spoofers or else frequency shift keying technique be used to transmit the caller ID instead of the actual number in a binary form. Like Spoof cards can also be used to check fake caller ID’s and in most cases, phone spoofing is used just to fissure voice mail boxes which don’t really need any passwords to get in, if your number is associated with bad guys. To protect yourself from bad guys, say them to be on hold on going call and dial the number displayed on a screen with another device and if it is found to be busy then it’s a genuine caller. However, if a scammer calls and pretends to be a customer support from a certain company avoid giving your financial/personal information over the phone. If else they will be going to use your personal information by spoofing your number and call your bank, pass security questions and can impersonate you.
Denial of Service Attack(DoS) and its function:
In denial of service attack, a bad guy attempts to deny service to valid users from accessing information or services by targeting their computer and its network connections the user uses, they may prevent you from accessing the websites, email, online accounts unusable or temporarily unavailable. The most common type of DoS attack occurs when bad guys “flood” a network with traffic, or send information that may trigger a crash. The general methods of DoS attacks are flooding services or crashing services which happens to the system due to high traffic for the server to load and slows down. Popular flood attacks include:
Buffer overflow attacks – the concept of this attack is to send more traffic to a network address than programmers to build system to exploit bugs that define certain application and networks.
ICMP flood – controls misconfigured network devices by sending spoofed packets that pings computer of the targeted network, instead of just one specific machine. The network is then generated to increase the traffic and is known as the ping of death.
SYN flood – sends a request to connect to a server, but never completes the handclasp. Continues until all open ports are flooded with requests and none are available for valid users to connect.
Two real Denial of service Attacks that occurred in the last few years:
GitHub is a repository for public code, and in 2015 they were hit by the largest DDoS attack in their history.
Two pages were a target of this attack, Great Fire and the Chinese version of the New York Times, and both were regarding projects that are designed to combat censorship in China. The malicious code has been traced back to China, even to the Chinese government, as the instigator of the attack. The origin of the code was China Unicom which has aided the Great Firewall of China, a censorship organization, in the past. Throughout the period of the attack, GitHub experienced outages across its entire network, not just the two targeted pages.
On New Year’s Eve of 2015, the BBC was hit with what was thought to be the largest DDoS attack in history.
The BBC’s entire domain including its on-demand television and radio player were down for three hours and continued to have issues for the remainder of the day. The attack was claimed by a group called the New World Hackers who state they were using the attack as a “test of power.” They also claimed attacking at a rate of 600Gbps, but this size was later proven to be false.
The attack tree is a concept of formal, methodical way of describing the security of the network systems based on changing attacks. Basically, represents attacks against a system in a tree structure with an aim of achieving the goal in diverse ways, and have been used in a variety of applications. For example:
Attack tree for cheating on a final exam for this course: