What is Malicious Codes Attack?

By | 9th November 2015

There are four primary types of attacks, they are:

  1. Reconnaissance
  2.  Access

iii.  Denial of Service

  1. Worms, Viruses, and Trojan Horses
  2. Reconnaissance

Reconnaissance attack is a kind of information gathering on network system and services. This enables the attacker to discover vulnerabilities or weaknesses on the network. It could be likened to a thief surveying through a car parking lot for vulnerable – unlocked – cars to break into and steal.

Reconnaissance attacks can consist of:

a,  Internet information lookup

b,  Ping sweeps

c,  Port scans

d,  Packet sniffers

Network intruders can use Internet tools, such as the nslookup and whois utilities, to easily determine the IP address space assigned to a given organisation or network. After finding out the IP address, the intruder can then ping the publicly available IP addresses to identify the addresses that are active.

There are automate ping sweep tool which an attacker can use, such as fping or gping, these tools methodically pings all network addresses in a given range or subnet. This is like to going through a section of a telephone directory and calling each number to know who answers.

When the attacker discovers active IP addresses, the intruder or attacker uses a port scanner (Nmap or Superscan –softwares designed to search a network host for open ports) to determine which network services or ports are active on the active IP addresses. The port scanner queries the ports to determine the application or operating system (OS) type and version, running on the targeted host. Based on the information gathered, the intruder can determine if a possible vulnerability or weakness that can be exploited exists.

Packet sniffing or Network snooping are common terms for eavesdropping. The information gathered by eavesdropping can be used to pose other attacks to the network.

A common method for eavesdropping on communications on a network is to capture TCP/IP or other protocol packets and decode the contents using a protocol analyser or similar tools such as wireshark. After packets are captured, they can be examined for vulnerable information.

An intruder to eavesdrop on a management protocol called SNMP can use protocol analyser or wireshark.

SNMP provides a means for network devices to collect information about their status and to send it to an administrator. An intruder could eavesdrop on SNMP versin1 queries and gather valuable information on network devices configuration.


                                                Types of Network attacks

Network Access Attacks

Denial of Service (DoS) Attacks

Malicious Codes Attacks : Worm, Virus, and Trojan horse

Leave a Reply

Your email address will not be published. Required fields are marked *