Skip to main content

8: Advanced Network Topics

Honeypots and Network Attacks

Honeypot

A Honeypot is essentially a decoy system or network resource.

  • Purpose: To attract potential attackers, allowing you to monitor their activities and study their techniques.

  • Rules:

    warning Enticement, NOT entrapment. E.g., You can't let attackers download fake payroll files.

    Why? If legal or insurance matters arise, improper handling might jeopardize claims or cases.

  • Goal: Deflect attackers from genuine assets and keep them contained long enough to gather intelligence or for possible identification.

Honeynet

A Honeynet is an extension of the honeypot concept, but it involves a whole network set up for the same deceptive purpose.

Network Attacks

Teardrop Attack

  • Description: A DoS attack involving the sending of mangled IP fragments with overlapping, oversized payloads to a target machine.

  • Effect: The target system tries, and fails, to reassemble these fragments, often leading to system crashes.

image.png

Fraggle Attack

  • Description: A DoS attack where an attacker sends a large volume of spoofed UDP traffic to a router's broadcast address within a network. It's akin to the smurf attack but uses UDP instead of ICMP traffic.

Land Attack

  • Description: Layer 4 DoS attack where both the source and destination addresses in a TCP segment are set to be the same.

  • Effect: Vulnerable machines might crash or freeze because the TCP stack keeps trying to process the confusing packet.

SYN Flood

  • Description: A DoS attack where attackers send multiple SYN requests (the initiation step in TCP handshake) to a target, overwhelming it.

  • Effect: Consumes server resources, rendering the system unresponsive to legitimate traffic.

Ping of Death

  • Description: Involves sending an abnormally large ping packet. The max allowed packet size is 65,536 bytes. Ping of Death sends packets of size 65,537 bytes or larger.

TCP 3-way Handshake

The TCP 3-way handshake is the process used in a TCP/IP network to establish a connection between a client and a server.

  1. SYN: The client sends a SYN (synchronize) packet to the server.

  2. SYN-ACK: The server responds with a SYN-ACK (synchronize-acknowledge) packet.

  3. ACK: The client replies with an ACK (acknowledge), and the connection is established.

This handshake ensures both the client and server are ready for data transmission. Think of it as a polite introduction. Before two people (client and server) have a detailed conversation (data exchange), they introduce themselves and acknowledge each other.

Back to top