ESET SMART SECURITY 4 - QUICK START GUIDE FOR MICROSOFT WINDOWS 7-VISTA-XP-2000-2003-2008 Guía de usuario descargar pdf (Pagina 121)

121

6.2.5 TCP desynchronization

TCP desynchronization is a technique used in TCP Hijacking attacks. It is triggered by a process in which the sequential

number in incoming packets differs from the expected sequential number. Packets with an unexpected sequential

number are dismissed (or saved in the buffer storage, if they are present in the current communication window).

In desynchronization, both communication endpoints dismiss received packets, at which point remote attackers are

able to infiltrate and supply packets with a correct sequential number. The attackers can even manipulate or modify

communication.

TCP Hijacking attacks aim to interrupt server-client, or peer-to-peer communications. Many attacks can be avoided by

using authentication for each TCP segment. It is also advised to use the recommended configurations for your network

devices.

6.2.6 SMB Relay

SMBRelay and SMBRelay2 are special programs that are capable of carrying out attacks against remote computers. The

programs take advantage of the Server Message Block file sharing protocol, which is layered onto NetBIOS. A user

sharing any folder or directory within the LAN most likely uses this file sharing protocol.

Within local network communication, password hashes are exchanged.

SMBRelay receives a connection on UDP port 139 and 445, relays the packets exchanged by the client and server, and

modifies them. After connecting and authenticating, the client is disconnected. SMBRelay creates a new virtual IP

address. The new address can be accessed using the command “net use \\192.168.1.1“. The address can then be used by

any of the Windows networking functions. SMBRelay relays SMB protocol communication except for negotiation and

authentication. Remote attackers can use the IP address, as long as the client computer is connected.

SMBRelay2 works on the same principle as SMBRelay, except it uses NetBIOS names rather than IP addresses. Both can

carry out “man-in-the-middle” attacks. These attacks allow remote attackers to read, insert and modify messages

exchanged between two communication endpoints without being noticed. Computers exposed to such attacks often

stop responding or unexpectedly restart.

To avoid attacks, we recommend that you use authentication passwords or keys.

6.2.7 ICMP attacks

The ICMP (Internet Control Message Protocol) is a popular and widely-used Internet protocol. It is used primarily by

networked computers to send various error messages.

Remote attackers attempt to exploit the weaknesses of the ICMP protocol. The ICMP protocol is designed for one-way

communication requiring no authentication. This enables remote attackers to trigger so-called DoS (Denial of Service)

attacks, or attacks which give unauthorized individuals access to incoming and outgoing packets.

Typical examples of an ICMP attack are ping flood, ICMP_ECHO flood and smurf attacks. Computers exposed to the

ICMP attack are significantly slower (this applies to all applications using the Internet) and have problems connecting to

the Internet.

1 2 ... 116 117 118 119 120 121 122 123 124

Sin comentarios

ESET SMART SECURITY 4 - QUICK START GUIDE FOR MICROSOFT WINDOWS 7-VISTA-XP-2000-2003-2008 Guía de usuario Pagina 121