Beware of 13 ways hackers hack into computers

Source: Internet
Author: User
Tags system log superuser permission firewall

What methods do hackers use to invade our computers? Presumably a lot of rookie want to know, in fact, hacking methods include: (1) Deception (2) looting (3) out of thin (4) Sneak (5) in the Tongue Hidden Knife (6) shoplifting (7) for Corpse (8) Diversion (9) (10) Wet Water Touch Fish (11) Hong (12) cynical (13) took. Hackers often have a serial, not to be careful.

1, deception, data-driven attacks

A data-driven attack occurs when some seemingly harmless special programs are sent or copied to a network host and executed to initiate an attack. For example, a data-driven attack can cause a host to modify files related to network security, making it easier for hackers to invade the system next time.

2, looting, illegal use of system documents

A Directory of UNIX system executables, such as/bin/who, that can be read by all users. Some users can get their version number from an executable file, and combine the published data to know what vulnerabilities the system will have, such as the SendMail version number by using the telnet instruction. Forbidding access to executable files does not prevent hackers from attacking them, but at least it can make this attack more difficult. Some of the vulnerabilities are generated by configuration files, access control files, and default initialization files. One of the most famous examples is the software used to install SunOS Version 4, which creates a/rhosts file that allows anyone on the local area network (Internet) to obtain superuser privileges on that host from anywhere. Of course, initially this file was set up for easy installation from the Internet without the need for superuser permission and checking. Wise thousand worry, must have a loss, operating system design loopholes for hackers open the back door, for Win95/win NT a series of specific attacks is a good example.

3, out of thin, false information attack

By sending spoofed routing information, the false path of the system source host and target host is constructed so that packets flowing to the target host are passed through the attacker's system host. This provides sensitive information and useful passwords to people.

4, sneak, for information Protocol vulnerability attacks

The source path option for the IP address allows the IP packet to select a path to the system destination host itself. Imagine an attacker attempting to connect to a unreachable host a behind a firewall. He only needs to set the IP Source path option in the sent request message, so that the message has a destination address pointing to the firewall, and the final address is host a. When the message arrives at the firewall, it is allowed to pass because it points to the firewall instead of host a. The IP layer of the firewall handles the source path of the message is changed and sent to the internal network, so the message arrives at the unreachable host A.

5, Xiaolicangdao, remote control

The default login interface (shell scripts), configuration, and client files are another problem area that provides an easy way to configure the execution environment for a program. This can sometimes cause a remote manipulation attack: An executable program is launched on the attacked host, which displays a forged login interface. When the user enters the login information (username, password, etc.) in this disguised interface, the program transmits the information entered by the user to the attacker's host, and then closes the interface to give a "system failure" prompt, requiring the user to log in again. The real login interface will then appear. Similar attacks will still occur before we can get a better version of the operating system for the next generation. An important role of the firewall is to prevent illegal users from logging on to the protected network host. For example, when packet filtering is done, the external host can be prevented from Telnet to the internal host.

6, shoplifting, using system administrator error attack

One of the important factors of network security is people! Countless historical facts show that it is easiest to breach the barrier. Thus man-made errors, such as the WWW server System configuration errors, ordinary users use the right to expand the use of the user, so that the hacker caused by the machine. Hackers often use the system administrator's error to collect attack information. such as finger, netstat, arp, mail, grep and other commands and some hacker tool software.

7, reincarnated, Resend (replay) attack

Collect specific IP packets, tamper with their data, and then resend one by one, spoofing the receiving host.

8. Diversion, diversion

Attacks on ICMP packets, though difficult, are sometimes used by hackers to attack with ICMP packets. Redirecting messages can change the list of routes that a router can recommend to the host to take another better path. An attacker can effectively use redirect messages to turn a connection to an unreliable host or path, or to forward all packets through an unreliable host. The way to deal with this kind of rib is to filter all ICMP Redirect messages, and some routing software can configure them. Simply discarding all redirected messages is undesirable: Hosts and routers often use them, such as when a road failure occurs.

9, for the source path options for vulnerability attacks

Force the message to reach the destination host through a specific path. Such messages can be used to capture firewalls and spoof hosts. An external attacker could transmit a source path message with an internal host address. The server trusts this message and sends an answer message to the attacker, as this is the IP's source path option requirement. The best way to deal with this attack is to configure the router so that it discards messages that come in from the external network that claim to be internal.

10, mixed water fish, Ethernet broadcast attack

I use the Ethernet interface as an scrambling mode (promiscuous) to intercept all packets in the local range.

11, Hong, jump-type attack

Many sites on the Internet now use UNIX operating systems. Hackers will try to log on to a UNIX host first, gain system privileges through the operating system's vulnerabilities, and then access the rest of the hosts as a stronghold, known as jumps (island-hopping).

Hackers often jump this way several times before they reach the destination host. For example, an American hacker may log on to a host in Asia before entering a U.S. FBI network, then log on to a host in Canada, then jump to Europe and launch an attack from a French host to the FBI. This attack on the network even if the hacker has found out where to launch an attack on their own, managers are difficult to track back to go, not to mention hackers in the acquisition of a host system privileges, you can delete the system log in the exit, the "cane" cut. As long as you can log on to UNIX systems, you can be relatively easy to become superuser, which makes it a focus for hackers and security experts.

12, cynical, steal TCP protocol connection

Network interconnection protocols also exist in many vulnerable areas. And the interconnection protocol was originally created to facilitate the exchange of information, so the designer has little or no security concerns. The analysis of security protocols has become one of the most harmful strokes of attack.

In almost all of the UNIX-enabled protocol families, there is a long known vulnerability that makes it possible to steal TCP connections. When a TCP connection is being established, the server confirms the user request with an answer message containing the initial serial number. This serial number has no special requirements, as long as it is the only one can be. The client receives the answer, confirms it once, and the connection is established. The TCP protocol specification requires that the serial number be replaced 250,000 times per second. But most Unix systems actually replace the frequency much less than this number, and the next number of replacements is often predictable. The hacker has the ability to predict the initial serial number of the server so that the attack can be done. The only way to prevent this attack is to make the initial sequence number more random. The safest solution is to use the encryption algorithm to generate the initial sequence number. The extra CPU computing load is negligible for the current hardware speed.

13, took, capture the system control right

In Unix systems, too many files are owned only by Superuser, and few can be owned by a certain group of users, which makes it not safe for an administrator to perform various operations under root. The primary object of a hacker attack is root, and the most frequently targeted target is superuser password. Strictly speaking, the user password under UNIX is not encrypted, it is just a key to encrypt a common string as the DES algorithm. There are a number of software tools that are used to decrypt them, using the CPU's high speed to search for passwords. Once the attack succeeds, the hacker becomes the emperor of the UNIX system. Therefore, the power of the system in the separation of powers, if you set the mail system Administrator management, then the mail system Mail administrator can not have super user privileges in the case of a good management of the mail system, which makes the system much more secure.

In addition, after the attacker compromised the system, often use King to delete the system running log, so that they are not found by the system administrator, then a comeback. So there is the way of the military, to take into account that, as a cyber attacker will do everything possible to use a variety of tricks to attack the target system. This is the so-called 36-meter in the chain.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.