Top Layer In The News

Network attacks 101
- Lycos Asia

March 20, 2002

FIREWALLS and intrusion detection systems (IDS) are standard protection against attacks and unauthorised entries into a company's private network or server. But they are not enough to counter new security threats that are continually being unleashed in the Internet.

Generally, these attacks can be categorised as denial of service (DoS), distributed denial of service (DDoS), network intrusion, viruses and worms.

Network intrusion
The attackers or hackers gain access to a network by probing and sniffing out weak spots in the hardware and software configuration, or by cracking passwords using brute force.

Another method is IP spoofing where an intruder sends messages to the target computer using the IP address of a trusted host computer, so that the data appears to be coming from that trusted host.

An intrusion detection system (IDS) is designed to detect suspicious network activity by cross-analysing inbound and outbound traffic against a database of traffic profiles associated with different attack methods and patterns of normal activity.

IDS plays a critical role in network security, but as traffic flow gets faster and hacker methods become more sophisticated, a better IDS solution is required.

Denial of Service
In this attack, a huge number of data packets is sent to the network. Because the system's resources are tied up trying to cope with this traffic, it is unable to handle requests from legitimate users, who are thus denied services.

A more damaging attack is distributed denial of service or DDoS in which an array of systems connected to the Internet are used to send a flood of network traffic to a single site. In other words, the flood is coming to the victim from different directions, and not just from one source.

Hackers gain access to vulnerable Internet systems such as university networks and use these sites as launch pads for DDoS attacks. Programs used to launch DDoS attacks include Trin00, TribeFlood Network (TFN), TFN2K and Stacheldraht.

Viruses, Worms and Trojan Horses
Viruses and worms are malicious programs or pieces of software code that are usually disseminated via e-mail or Internet packets. When a virus gets into an unsuspecting computer, it often replicates itself and uses the e-mail system to send out copies of the virus to other recipients in the e-mail address list.

Some viruses destroy data while others -- the worms -- simply replicate themselves over and over, thus using up system memory. -- Material provided by Top Layer Networks

Trojan Horse
A common method of intrusion is to send e-mail with seemingly harmless applications as attachments. These applications or applets (tiny software programs) get into the network server and hide there, much like the giant Wooden Horse that the ancient Greeks used to eventually defeat Troy.

In the epic poem, The Iliad (composed around 700 BC), an invading Greek force had been fighting the Trojans for over 10 years. Because of the strong city walls, the Trojans remained undefeated and there seemed to be no end in sight for the war.

So, one day, the most devious of the Greek leaders, a chap called Odysseus, suggested building a wooden horse with a hollow belly that was large enough to hide a handful of warriors. The horse was built and after the warriors, including Odysseus, were hidden inside, the Greek armies sailed away. The Trojans came out, took the horse inside the city and celebrated. At night, the warriors emerged from the wooden structure, opened the gates to let in their compatriots -- who had sailed back after dusk -- and together they slaughtered the Trojans and razed the beautiful city.