Intrusion tools, techniques and solution


Intrusion attacks on websites or blogs are very common. To prevent your system from such attacks, you must know the possible threats. Read the article about intrusion tools, techniques and solution to prevent hackers' intrusion.

Have you faced intrusion attacks on your website or blog? Hackers use a number of tools & techniques to attack networks and to prevent your system from such attacks, you must know the possible threats.

Intrusion tools & techniques


Hackers employ a wide body of software tools like SATAN and Internet Security Scanner to intrude into the network. They may even employ the software tools you use in your network. For example, enterprise firewalls have remote management applications with short passwords. Most firewalls have hidden rules that allow the attachment of their remote management client software wrongly assuming that you will always want to be able to remotely manage your firewall.

A typical intrusion can be the following techniques, assuming that the intruder has no other information about your website than its address.

Address Scans - Hackers usually scan the class C range of IP addresses around the host and reverse the DNS lookup to determine what hosts are registered to your company. They can easily find public hosts on the address even if you haven't publicized the website's address.

Port Scans - Hackers scan across responding hosts to find the services being run on each publicly reachable host. Port Scans usually run through firewalls as long as host can be reached, especially of the scan is limited to service ports such as 80 and 21. Some firewalls are capable of detecting such attacks immediately and block them.

Services Evaluation - In this type of attack, hackers probe the common service ports like Chargen, Echo, SMTP, HTTP, DNS, Telnet, POP, NetBIOS, etc., and determine the operating system type of each host. Windows based hosts respond on NetBIOS ports but they usually do not respond on Telnet. Similarly, UNIX hosts respond on Telnet but not on the RPC Locator service used by Windows NT. Linux hosts respond on a variety of services and thus are easiest to spot.

Target Selection -Here, the hacker selects the weakest host. He usually targets the host with the most running services assuming that little or no work has been done to secure that host's default configuration. Windows hosts that respond on port 139 or NetBIOS are certain to be attacked as exploiting this service can give the full control of the machine to the hacker.

Service Specific Probes -Here, the hacker uses vulnerability analysis tools like SATAN against UNIX systems or the Internet Scanner for Windows hosts. The probes check the service vulnerabilities which are easy to exploit.

Automated Password Attacks - The hacker uses such attack against services like HTTP, FTP and NetBIOS which allow access to the file system. Many software programs are specifically written to perform a high rate of logon attempts using dictionaries of common passwords. NetBIOS auditing tool is just one example. Failing this attack, the hacker may concede defeat or resort to simpler denial of service attacks. If a hacker ever gains console access to your machine, he may run a high speed local automated password cracker like NT Crack or Crack against your host to exploit other accounts.

Esoteric Attacks - This is an unusual, uncommon and a difficult tactic employed by less number of hackers. These attacks include source-routed attacks, hijacking attempts, network sniffing for passwords and emails to install a Trojan horse. Such multi-faceted attacks are rare.

Solution


The only solution to this problem is powerful Intrusion Detection Systems (IDS). These Are software systems that detect intrusions to your network based on a number of signs. They block attacks and take effective countermeasures if the network is already infected. There are a number of Intrusion Detection Systems in market and some of these are even free. Check this website regularly to know about the varied Intrusion Detection Systems.

Read Intrusion Detection Systems and a detection software program you can use


Comments

No responses found. Be the first to comment...


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: