Information Technology Reference
In-Depth Information
private passwords of the victim, which could allow to have the total
availability of resources, or even, in some cases, allow the access to systems
to take their exclusive control. Let us think for example to the so-called
computerized home, when an attacker manages to gain access to our
authenticated information, he has at its disposal all the resources of our home,
the refrigerator, the heater, etc. Just think like a sniff of action would be
extremely damaging at a meeting between co-workers who, with their
handheld devices, in an ad hoc connection, exchange data or office informa-
tion. This would irreparably compromise the firm security. Sniffing is done
by means of antennas that intercept radio waves emitted by devices that
communicate with each other, and which, when interfaced, display on a
screen the contents of the communication packages.
6.3
Denial of service attack
Often system administrators are concerned about attacks on their network
that could compromise the integrity or confidentiality of the data of their
computers, but not all attacks are brought to get access to a system. Hackers
may also execute a much easier attack called DoS. In general, a DoS attack is
designed to consume all the resources of the attacked system, preventing
other users to use them; therefore we are talking about an attack that limits
the availability of a service.
On Microsoft, one of the first programs to create a DoS was the famous
WinNuke, a utility able to exploit a weakness of the Windows machine: it
suffices simply opening a connection to port 139 and sending a special
package, causing the famous blue screen Windows error and a reboot (the
port is the access point to a particular network service in a machine, in this
case the NetBIOS). The DoS is also a feared attack by PDAs, by which it is
possible to avoid the synchronization between Palm and PC through the
network. A similar attack is the kiss of death (KoD) that stops the connecti-
vity of the handheld.
6.4
Distributed denial of service
In DDoS attacks the system denies access to information and services to duly
authorized users. As an example in early 2000 an attack of this kind
paralyzed for several hours some important US sites, making it impossible
the use of Internet to millions of users. The principle on which the attack is
based is simple: flooding of requests to some random sites, so that they can
no longer bear the load of requests and as a consequence they stop working,
the system is not available for a long time because all the false requests have
to be satisfied. To be able to orchestrate an attack of this kind, it is used
