Gaining access is the most important phase of an attack in terms of potential damage, although attackers don’t always have to gain access to the system to cause damage. For instance, denial-of-service attacks can either exhaust resources or stop services from running on the target system. Stopping a service can be carried out by killing processes, using a logic/time bomb, or even reconfiguring and crashing the system. Resources can be exhausted locally by filling up outgoing communication links.
The exploit can occur locally, offline, or over a LAN or the Internet as a deception or theft. Examples include:
- Stack-based buffer overflows
- Denial-of-service and distributed denial-of-service
- Session hijacking
Attackers use a technique called spoofing to exploit the system by pretending to be strangers or different systems. They can use this technique to send a malformed packet containing a bug to the target system in order to exploit vulnerabilities. Packet flooding may be used to remotely stop availability of the essential services. Smurf attacks try to elicit a response from the available users on a network and then use their legitimate address to flood the victim.
Factors that influence the chances of an attacker gaining access into a target system include the architecture and configuration of the target system, the skill level of the perpetrator, and the initial level of access obtained. The most damaging type of the denial-of-service attacks can be distributed denial-of-service attacks, where an attacker uses zombie software distributed over several machines on the Internet to trigger an orchestrated large scale denial of services.
Certified Ethical Hacker v7