Databases Reference
In-Depth Information
Table 5.2.
Denial of service attacks.
Attack Type
Service
Mechanism
Effect of the Attack
Apache2
http
Abuse
Crashes httpd
Back
http
Abuse/Bug
Slows down server response
Land
http
Bug
Freezes the machine
Mail bomb
N/A
Abuse
Annoyance
SYN flood
TCP
Abuse
Denies service on one or more ports
Ping of death
Icmp
Bug
None
Process table
TCP
Abuse
Denies new processes
Smurf
Icmp
Abuse
Slows down the network
Syslogd
Syslog
Bug
Kills the Syslogd
Teardrop
N/A
Bug
Reboots the machine
Udpstrom
Echo/Chargen
Abuse
Slows down the network
this class of attacks are regular buffer overflows, which are caused by regular
programming mistakes and environment assumptions. Table 5.3 presents
some of the attack types in this category whose service and effect of the
attack type is
user session
and
Gains root shell
respectively for all type of
attacks.
5.5.1.4.
Remote to user attacks
A remote to user (R2U) attack is a class of attacks where an attacker sends
packets to a machine over a network, then exploits machines vulnerability to
illegally gain local access as a user. There are different types of R2U attacks:
the most common attack in this class is done using social engineering. Some
of the R2U attacks are presented in Table 5.4.
5.5.2.
System parameters
Complex relationships exist between features, which are dicult for humans
to discover. The IDS must therefore reduce the amount of data to be
Table 5.3.
User to root attacks.
Type of Attacks
Mechanism
Eject
Buffer overflow
Ffbconfig
Buffer overflow
Fdformat
Buffer overflow
Loadmodule
Poor environment sanitation
Perl
Poor environment sanitation
Ps
Poor temp file management
Xterm
Buffer overflow
