Explain any three of the outside attacks briefly-01762
This subjective question is related to the book/course
vu it430 E-Commerce.
It can also be found in
vu it430 Mid Term Solved Past Paper No. 8.
Eavesdropping/ sniffing/snooping In this type of attack the hacker has the ability to monitor network traffic using some kind of network monitoring software. For example, a hacker may install some backdoor or Trojan horse that can monitor the key strokes of a user while typing and send the typed information to the hacker.
Password attacks Such attacks are basically a result of eavesdropping through which the hacker is able to know the account ID or password of a particular user. Then using it the hacker gains access to the network and gather information such as user names, passwords, computer names, resources etc. That can lead to modification, deletion or rerouting of network data.
IP address spoofing You know that there are two IP addresses available on a data packet - IP addresses of the sender and the destination. The address of the destination only matters for routing. It is possible that a hacker (having special capabilities) seizes the control of a router, changes the IP address of the source/sender on data packets and thus forces the destination machine to send the information/web page to a different machine, that is, the machine of the hacker. This is called IP address spoofing.
Man in the middle attacks In it the attacker is able to monitor, capture and control data between sending and receiving machines. He may apply IP address spoofing technique to divert the packets to its machine, then modify the packets and resend the misleading information to the actual client. Another form of man-in-the-middle attack is where the hacker is able to substitute the IP address of a genuine web site with the IP address of his own web site due to some security hole in the software that runs on a domain name server. A client would think that he is communicating or receiving the information form a genuine web site, though it would not be the case actually.
Denial of services (DOS) attacks In this type of attack, the attacker gains access to the network and then send invalid data to network services or applications. These services or applications consequently become unable to perform their normal tasks or functions. Hence, sending a flood of data to a particular service or computer can cause it to overload or shutdown. This attack is specially used to take down websites on the internet, when repeated requests for web pages are deliberately initiated so as to choke down a web server.
