Understanding hacker's common intrusion methods

Guide

In Interent, in order to prevent hackers from invading their own computers, it is necessary to understand the common methods used by hackers to invade target computers. Hackers commonly used intrusion methods such as data-driven attacks, system files illegal use, forgery information attacks and remote manipulation, the following is a brief description of these intrusion methods.

data-driven attacks

A data-driven attack is an attack initiated by a specially seemingly harmless program that the hacker sends or replicates to the target computer. The attack allows hackers to modify network security-related files on the target computer, making it easier for hackers to invade the target computer the next time. Data-driven attacks mainly include buffer overflow attacks, formatted string attacks, input verification attacks, synchronous vulnerabilities, and trust vulnerabilities. Forgery Information Attack

Forgery information attack means that a hacker can make a false path between the source computer and the target computer by sending the spoofed routing information, so that the packets flowing to the target computer are through the computer that the hacker operates, thus obtaining personal sensitive information such as bank account password in these packets. for Information Protocol vulnerability attacks

In the local area network, the IP address's source path option allows the IP packet to select a path to the destination computer itself. When a hacker attempts to connect to an unreachable computer A on the back of a firewall, he only needs to set the IP Address source path option in the sent request message, which points to the firewall for one of the destination addresses of the message, but the end address points to computer A. When a message arrives at a firewall, it is allowed to pass because it points to a firewall instead of computer A. The IP layer of the firewall handles the source path of the message is changed and sent to the internal network, so the message arrives at the unreachable computer A, thus achieving a vulnerability attack on the information protocol. Remote Control

Remote control refers to the hacker in the target computer to start an executable program, the program will display a forged login interface, when users enter accounts, passwords and other login information in the interface, the program will user input account, password to the hacker's computer. At the same time, the program closes the login interface, prompting "system failure" information, requiring the user to log in again. This attack is similar to phishing sites that are frequently encountered on the Internet. using System administrator error attacks

In the local area network, the person is one of the most important factors of the LAN security, when the system administrator appears the WWW server System configuration error, the ordinary user users ' permission enlargement and so on mistake, these mistakes may provide the opportunity for the hacker. Hackers use these errors, coupled with the grasp of finger, netstat and other commands, so as to achieve intrusion attacks. Resend Attack

Resend an attack is a hacker collects specific IP packets to tamper with their data, and then resend the IP packet one by one, thereby deceiving the target computer receiving the data to implement the attack. ICMP packet attack

In a local area network, a redirect message can change the routing list of routers that the router can use to suggest another better way to propagate data. ICMP packet attack means that the hacker can use the redirect message effectively, turn the connection to an unreliable computer or path, or make all the messages forwarded through an unreliable computer, thus realizing the attack. vulnerability attacks on source path selection

The vulnerability attack for source path selection means that a hacker transmits a source path message with an internal computer address to a local area network by manipulating a computer located outside the local area network. Because the router trusts this message, it sends an answer message to a computer located outside the local area network because it is the source path option for p. The defense against this attack is to configure the router appropriately, allowing routers to discard messages that are sent in from outside the LAN and claiming to be from the internal computer. Ethernet Broadcast Method

The Ethernet Broadcast method attack mode is to set the computer network card interface to Chaos Mode (promiscuous), so as to realize the interception of all packets in the LAN, analyze the account and password saved in the packet, and steal the information. Jump-Attack

On the Internet, many Web sites have servers or supercomputer using UNIX operating systems. Hackers will try to log on to one of the UNIX-equipped computers, gain system privileges through the operating system's vulnerabilities, and then access and invade the rest of the computers as a base, known as jumps (island-hopping).

Hackers often jump this way several times before attacking the final destination computer. For example, a hacker in the United States may log on to a computer in Asia and then log on to a computer in Canada before jumping into Europe and launching an attack from a French computer to the FBI network before entering the FBI network. In this way, even if the attacked computer finds out where the hacker is attacking itself, it is hard for managers to track down the hacker. Moreover, once the hacker obtains the system privilege of a computer, it can delete the system log when exiting, and cut off the "rattan". stealing TCP protocol connections

In almost all UNIX-enabled protocol families, there is a widely known vulnerability that makes it possible to steal TCP connections. When a TCP connection is being established, the server confirms the user request with an answer message containing the initial serial number. This serial number has no special requirements, as long as it is the only one can be. The client receives the answer, confirms it once, and the connection is established. The TCP protocol specification requires the replacement of the serial number 250,000 times per second, but most Unix systems actually change much less often than this, and the next replacement is often predictable, and the hacker has the ability to anticipate the initial serial number of the server, allowing the intrusion to complete. The only way to prevent this attack is to make the initial sequence number more random, the safest solution is to use the encryption algorithm to generate the initial sequence number, resulting in the additional CPU load on the current hardware speed can be ignored. Capture System Control

In a Unix system, too many files can only be created by Superuser, and rarely by a certain group of users, which makes it very safe for the system administrator to operate under root permissions. Because the primary object of a hacker attack is root, the most frequently targeted target is the password of the superuser. Strictly speaking, the user password under UNIX is not encrypted, it is just a key to encrypt a common string as the DES algorithm. There are a number of software tools that are used to decrypt the CPU's high speed, exhaustive search for passwords. Once the attack succeeds, the hacker becomes an administrator on the UNIX system. Therefore, the user rights in the system should be divided, such as setting the mail system Administrator management, then the mail system Mail administrator can not have super user privileges in the case of a good management of the messaging system, which makes the system much more secure.

This article is reproduced from: http://www.linuxprobe.com/hacker-intrusion-methods.html

Free to provide the latest Linux technology tutorials Books, for the open source technology enthusiasts to do more and better: http://www.linuxprobe.com/