Network attacks concern themselves mostly with bringing down a network in order that it becomes almost totally unusable. However, some of the techniques used here is also used for Network Intrusion.
Hence, natuarlly, a lot of people confuse network attacks with network intrusion. They believe that these two terms are just the same part of hacking. Though it is true that these two techniques are hacking techniques, it is untrue that these two are the same. In fact, there is a clear line distinguishing them. Please refer to the Network Intrusion section for more information on how to differentiate between Network attack and Network Intrusion.
History of hacking
Network intrusion
Deterring Network Attackers
Safeguarding your data
Why would hackers want to use network attacks instead of network intrusion to exact their revenge (or whatever they have in mind)? After all, network intrusion seems like a powerful method of wreaking havoc especially since it gives you a much larger set of options on what kind of havoc to leave the network with. Of course, with power comes a lot of risk.
Lower risk
There is a much higher chance of getting caught by the authorities while conducting a network intrusion then when doing a network attack. The chances of getting caught doing a network attack is usually so tiny that most amateur and unskilled hackers choose to attack instead of intrude a network.
Less work
To successfully intrude a network (that includes not getting caught), a lot of work has to be done. There is a lot of planning done before a hacker even thinks of intruding a network, unless he wants to be flushed out of the network in a couple of minutes and reported to the authorities.
Experienced hackers usually spend many days, even weeks or months, to make sure they know what they are doing when intruding a network and that there are multiple options for them to intrude the network, just in case Murphy’s Law comes into play and that particular technique does not work on that particular day. They also need to plan an easy escape plan where they can escape cleanly (that includes having all traces removed) when they find that the system admin of the network is trying to track them down and persecute them.
Therefore, as a result, some prefer Network attacks to Network intrusion to carry out their revenge.
Availabilty of generic methods and a plethora of tools
There is rarely a set collection of methods on which network intrusion can be carried out. This makes it hard for a person to write a program for network intrusion for the masses to use as each network will require a slightly different solution.
Network attacks on the other hand, can be done with relative ease. It can be done even by someone with no knowledge whatsoever about networks. In other words, even non-hackers can carry out a network attack. This is because there a lot of generic ways to carry out network attacks, thus, leading to a plethora of already-written software for anyone to use to attack a network. In addition to that, unknowing users can be made to do the dirty work of attacking a network for you. It is thus easy and fast to carry out an attack.
What can hackers gain from network attacks?
It is needless to say that a network attack will boost the ego of the attacker. When he sees that the network he brought down become front-page news, he will get a deep sense of satisfaction that he is all-powerful, almost divine and the poor helpless company couldn’t do anything to stop his wrath. This phenomenon (what we’d like to call “anonymous fame”) is an innate part of every human. If he could, he would want his name to be there, but that would compromise his identity. Thus, he settles for anonymous fame instead.
Eavesdropping
The name eavesdropping comes from the fact that this technique involves secretly listening to the data traveling through the attacked network. Clearly, it is like eavesdropping as the network admins won’t know about it. Other names for eavesdropping include sniffing and snooping. Eavesdropping is only possible because most data sent through connections are sent as plaintext and are unencrypted. Thus, a hacker can just listen to the connection stream between the two connected users and get whatever information he needs. This method is usually employed by those who are unwilling to take large risks as this method is a very low-risk method. There is almost no chance of getting caught when this method is used as no intrusion is involved and the hacker can back off quickly without a trace if anything goes wrong. This method is also used for those who want to listen to what is shared between two people, be it secret data or just a personal conversation. In this respect, this method is the best for spies and blackmailers.
Identity Spoofing
No, spoof here does not refer to a prank. Much like pranks use trickery to deceive people into believing the liars, identity spoofing involves tricking the network into believing that the hacker is using some other computer. Another name that is more commonly used to refer to identity spoofing is Internet Protocol (IP) address spoofing. Packets of data sent out on the network contain information about the IP address of origin, etc. An experienced enough programmer is able to create a program to change this data in all the packets that leave his computer so that he can deceive the computer receiving the packets into thinking that the packets came from somewhere else. IP spoofing cannot be used for all forms of connections, however. It can only be used for operations which do not require a reply from the server to continue. This is because the client will never get the reply from the server as the server will be sending out the reply to the computer addressed by the spoofed IP address. To verify the validity of a user who logs on to a certain network or computer, most networks and operating systems look at the IP address of the user who is logging on to determine whether he or she is from inside the network. However, with IP spoofing as an option, this highly vulnerable method can be easily bypassed by creating packets holding IP information which says that those packets came from inside that network. With this, the hacker can then gain access to the network. Note however that, even though IP spoofing can lead to an intrusion, it is NOT an intrusion in itself. The act of IP spoofing isn’t an intrusion. It does not involve any entry into the network. Just alteration of packets before they enter a network.
Denial-of-Service (DoS) Attack
As implied by its name, a DoS attack repeatedly attacks a particular network or server until it is too overwhelmed that it is brought down. It may also be done by exploiting a bug in the Operating System on which the server runs on in order that the server can be made to crash fairly easily and quickly. This method is the most common amongst all the network attack methods listed here. Most of us would have heard of DoS attacks at least once in our lifetime. The reason why this method is so popular is because it has virtually no risk at all. If done properly, it is impossible to track down the originator of a DoS attack on a network. This is especially so when Distributed DoS (DDoS) attacks come into play. Not only are these highly destructive (they can bring a network down for days or even weeks), they render the original attacker completely untraceable.
DDoS attacks involve sending out memory-resident programs to unsuspecting users and then sending instructions to these programs to carry out the DoS attacks. The net effect is that the server is bombarded by many different computers (each with its own bandwidth) at very high speeds.
DoS and DDoS attacks are usually carried out by people who do not want to think twice after planning the attack. Through DoS and DDoS, they can just plant these programs, push a button and then mind their own business while the target server or network is brought down.
Network attacks cause a lot of damage, both financially and in terms of time. They are possibly a much bigger threat than network intrusions for the mere fact that network intrusions are much easier to detect and stop. Between the start of the year 2000 and the end of the year 2003, it is estimated that there was a 783% increase in attacks on networks. That is a very huge multiplicand in such a short time of 3 years. Observe the graph below:
Source: Getting more for your IT expenditures
It has also been predicted that increasing trends in network attack occurrence will cause an increase in spending in security outsourcing by 20.9% by 2007. An increase in outsourcing translates into more money wasted to maintain the network. It can thus be seen that network attacks are a real pest in causing financial damage.
Reference
Internet protocol security from microsoft.com
Getting more for your IT expenditures
http://www.wetstonetech.com/f/Getting_ More_from_IT_Expenditures.pdf
Network Attack and Defense
http://www.cl.cam.ac.uk/ftp/users/rja14/c18_anderson.pdf
Attacks and Countermeasures
http://whitepapers.zdnet.co.uk/0,39025945,60012686p-39000546q,00.htm
Network Security: An MPE/iX Overview
http://jazz.external.hp.com/papers/SolSymposium_03/NWSecurity.ppt