Network Vulnerabilities

Niken D Cahyani
Gandeva Bayu Satrya

Telkom Institute of Technology

Learning Objectives

Explain the types of network vulnerabilities

List categories of network attacks
Define different methods of network attacks

1. Network Vulnerabilities

What are the weaknesses that can be found in networks

that make them targets for attacks?
There are two broad categories of network
vulnerabilities: those based on the network transport
media, and those found in the network devices
themselves

1.1. Media-Based Vulnerabilities

Monitoring network traffic is an important task for a network

administrator. It helps to identify and troubleshoot network
problems, such as a network interface card (NIC) adapter that
is defective and is sending out malformed packets. Monitoring
traffic can be done in two ways.

First, a managed switch on an Ethernet network that supports port

mirroring allows the administrator to configure the switch to redirect
traffic that occurs on some or all ports to a designated monitoring
port on the switch.
A second method for monitoring traffic is to install a network tap. A
network tap (test access point) is a separate device that can be
installed between two network devices, such as a switch, router, or
firewall, to monitor traffic.

Methods to view switch traffic

1.2. Network Device Vulnerabilities

Weaknesses in network devices themselves can also be

targets for attackers.
Common network device vulnerabilities include weak
passwords, default accounts, back doors, and privilege
escalation.

a. Weak Passwords

A password is a secret combination of letters and numbers that serves

to authenticate (validate) a user by what he knows. Network devices
are commonly protected by passwords to prevent unauthorized users
from accessing the device and changing configuration settings.
Although passwords are often the only line of defense for a network
device, passwords actually provide weak security. This is because of
what is known as the password paradox.
For a password to remain secure and prevent an attacker from
discovering it, it should never be written down but instead must be
committed to memory.

a. Weak Passwords [cont]

Characteristics of weak passwords include:
A common word used as a password (such as April)
Not changing passwords unless forced to do so
Passwords that are short (such as ABCD)
Personal information in a password (such as the name of
a child or pet)
Using the same password for all accounts
Writing the password down

b. Default Accounts

A default account is a user account on a device that is

created automatically by the device instead of by an
administrator.
Default accounts are used to make the initial setup and
installation of the device (often by outside personnel)
easier, without the need to create temporary individual
accounts.
Default accounts usually have full administrator privileges
in order to not inhibit the installation process. Although
default accounts are intended to be deleted after the
installation is completed, often they are not.

c. Back Doors

Normally a network administrator would set up an

account for a user on a network device and assign
specific privileges to that account.
A back door is a method to circumvent the protection
intended by this process.
A back door is an account that is secretly set up without
the administrators knowledge or permission, that cannot
be easily detected, and that allows for remote access to
the device.

d. Privilege Escalation

Just as operating systems and many applications can be

the victims of privilege escalation, network devices are
also at risk. It is possible to exploit a vulnerability in the
network devices software to gain access to resources that
the user would normally be restricted from obtaining.
For example, in one network device an administrative
user with read-only permission could create a specific
Web address or uniform resource locator (URL) and enter
it on an Administration Web page to escalate privileges to
a full administrative level.

Objectives

Explain the types of network

vulnerabilities
List categories of network attacks
Define different methods of network
attacks

2. Categories of Attacks

Based on the previously mentioned vulnerabilities, there

are a number of different categories of attacks that are
conducted against networks.
These categories include denial of service, spoofing, manin-the-middle, and replay attacks.

NB : These categories represent what the end

result of
the attack is intended to accomplish.

2.1. Denial of Service (DoS)

A denial of service (DoS) attack attempts to consume network

resources so that the network or its devices cannot respond to
legitimate requests.
In one type of DoS attack, a device or computer submits numerous
initial requests to a server for a service, but does not respond when
the server requests information, thus making the server wait.
A variant of the DoS is the distributed denial of service (DDoS)
attack. Instead of using one computer, a DDoS may use hundreds or
thousands of zombie computers in a botnet to flood a device with
requests.

DoS Attack

2.2. Spoofing

Spoofing is impersonation; that is, it is pretending to be

someone or something else by presenting false
information. There are a variety of different attacks that
use spoofing. For example:

Because most network systems keep logs of user activity, an

attacker may spoof her address so that her malicious actions
would be attributed to a valid user.
An attacker may spoof his network address with an address of a
known and trusted host in order that the target computer would
accept the packet and act upon it.

2.3. Man-in-the-Middle

Man-in-the-middle attacks are common on networks. This

type of attack makes it seem that two computers are
communicating with each other, when actually they are
sending and receiving data with a computer between
them, or the man-in-the-middle.

Man-in-the-middle attacks can be active or passive.

2.4. Replay

Once that session has ended, the man-in-the-middle

would attempt to login and replay the captured
credentials. A more sophisticated attack takes advantage
of the communications between a network device and a
server.
Administrative messages that contain specific network
requests are frequently sent between a network device
and a server. When the server receives the message, it
responds with another administrative message back to the
sender

3. Methods of Network Attacks

Just as there are different categories of attacks on

networks, there are several different ways to perform
these attacks.
Network attack methods can be protocol-based or
wireless, as well as other methods.

3.1. Protocol-Based Attacks

Targeting vulnerabilities in network protocols is one of the most

common methods of attack. This is because the weakness is inherent
within the protocol itself and can be harder to defend against since it
is built into the communication.
Any network or system that uses this protocol is vulnerable to these
attacks, significantly increasing the number of possible victims.
Some of the most common protocol-based attacks are attacks on
antiquated protocols, DNS attacks, ARP poisoning, and TCP/IP
hijacking.

3.1. Protocol-Based Attacks

Antiquated protocols
Because of the security vulnerabilities of SNMPv1 and SNMPv2, SNMPv3 was introduced in
1998. SNMPv3 uses usernames and passwords along with encryption to foil an attackers attempt
to view the contents.

DNS attacks
One type of DNS attack is to substitute a fraudulent IP address so that when a user enters a
symbolic name, she is directed to the fraudulent computer site.

ARP poisoning
If the IP address for a device is known but the MAC address is not, the sending computer sends
out an ARP packet to all computers on the network that says, If this is your IP address, send back
to me your MAC address.

TCP/IP hijacking.
In a TCP/IP hijacking attack, the attacker creates fictitious (spoofed) TCP packets to take
advantage of the weaknesses

TCP/IP Hijacking

3.2. Wireless Attacks

As wireless networks have become commonplace, new

attacks have been created to target these networks.
These attacks include rogue access points, war driving,
bluesnarfing, and blue jacking.

3.3. Other Attacks and Frauds

Other types of attacks and frauds that are sometimes

found today are null sessions and Domain Name Kiting.

Null sessions are unauthenticated connections to a Microsoft Windows 2000 or

Windows NT computer that do not require a username or a password. Using a
command as simple as C:\>net use \\192.168.###.###\IPC$ "" /u: could allow an
attacker to connect to open a channel over which he could gather information about the
device, such as network information, users, and groups.
Domain Name Kiting is a variation on the kiting concept of taking advantage of
additional time. Registrars are organizations that are approved by ICANN (Internet
Corporation for Assigned Names and Numbers) to sell and register Internet domain
names (such as www.course.com). In order to provide a means for registrars to correct
mistakes, a five-day Add Grade Period (AGP) permits registrars to delete any newly
registered Internet domain names and receive a full refund of the registration fee.