Attack - technical definition

The term attack can be used in a number of ways, from the more general meaning of an attempt by a cracker to break into a computer to deface a home page or to install a virus on a computer to the more technical information security approach of the term, meaning an attack to a cryptosystem. In the latter usage, a security professional is suggesting that a cracker is searching for weaknesses in the computer system that will allow him or her to decrypt encrypted information in that system.

The various types of attacks on computer systems are many and include the following: passive attacks, which, when using sniffers, can take place by eavesdropping and may not be detected; active attacks, which require some interaction such as altering data and can be detected; remote attacks, which do not occur on-site; a hit-and-run ping of death attack, which crashes a computer; a smurf or persistent attack, which affects the target’s machine for a limited amount of time—and then lets it return to normal; a replay attack, which is an active attack whereby the cracker tries to capture message parts and then resend a message sometime later with changes; a brute-force attack, which is a fatiguing attempt to try all combinations until a successful break-in occurs; a man-in-the-middle attack, which involves either eavesdropping on an existing connection or interposing oneself in the middle of a connection and changing data; a hijack attack, which literally hijacks one side of a connection; and rewrite attacks, which change an encrypted message without first decrypting it.

Targeted attacks that have the goal of taking over control of a computer system typically contain five distinct phases. In the reconnaissance phase, the attacker tries to find potential candidates for an attack; he or she gathers information about the infrastructure of a network, the people involved in using and managing the network, and the computers attached to it. The second phase includes a scan of the system or a range of systems for vulnerabilities. In the third phase, the vulnerabilities are exploited, either by gaining access to the system or denying service to it. In the fourth phase, the attacker uses a variety of methods to gain access by installing a back door listener, a RootKit, or a Kernel-level RootKit. The last phase of an attack typically involves the attackerÂ’s covering his or her tracks so that the administrator of a computer system would find it difficult to detect that the system has been compromised.

See Also: Active Attacks; Back or Trap Door; Cracker; Kernel; Man-in-the-Middle Attack; Passive Attacks; Ping of Death Attack; Replay Attack; RootKit; Smurf; Vulnerabilities of Computers.