Some Background on Attacks
| Some Background.
Trying to give some overall frameworks and/or classifications for
attacks is really very difficult. Unfortunately, there are
myriad ways in which computer systems can be attacked and many
approaches make use of at least some aspects of other approaches.
Regardless of these difficulties I think it is important to try. Some considerations that help to organize attacks are to consider the following.
Obviously, there are many other targets and ways that attacks work. But it is also important to realize that the boundaries between these aspects or categories are generally not very well defined. Some other issues that can be important to keep in mind are
While talking about attacks we will also try to present ways to avert, intercept and stymie attacks and future attacks. Some of the easiest ways to stymie attacks are listed below.
Now for a bit on ports and sockets. Ports and Sockets Refresher. What happens if two network applications running on the same device are sending and receiving packets at the same time? Remember that an IP address is used to route the messages to particular devices. Port numbers are used to route messages within the device to ensure there isn't confusion about what packets go with what message. Port numbers are used as add ons to the IP address. They are used by TCP and UDP to identify the specific application that is sending or receiving the message. Common internet applications have predefined port numbers. This sort of standardization makes communication easier. These assigned port numbers are called well known ports and contained in the following table. |
| Application | TCP Port | UDP Port |
| FTP - Data | 20 | |
| FTP | 21 | |
| SSH | 22 | |
| Telnet | 23 | |
| SMTP | 25 | 25 |
| TIME | 37 | 37 |
| TACACS+ Login | 49 | 49 |
| DNS | 53 | 53 |
| TACACS+ Database | 65 | 65 |
| HTTP | 80 | 80 |
| Kerberos | 88 | 88 |
| POP3 | 110 | 110 |
| NNTP | 119 | 119 |
| NetBIOS name service | 137 | 137 |
| SNMP | 161 | 161 |
| IRC | 194 | 194 |
| LDAP | 389 | 389 |
| NetWare over IP | 396 | 396 |
| Apple QuickTime | 458 | 458 |
| ISAKMP | 500 | 500 |
| rexec | 512 | |
| UNIX rlogin | 513 | |
| UNIX Broadcast Naming - rwho | 513 | |
| UNIX rsh and rep | 514 | |
| UNIX SYSLOG | 514 | |
| SSL Shell - SSHELL | 614 | 614 |
| L2TP | 1701 | |
| PPTP | 1723 | 1723 |
| RADIUS - authorization | 1812 | 1812 |
| RADIUS accounting | 1813 | 1813 |
| There are 65,536 usable ports. Ports 0 through
1024 are reserved as well known ports. So you can see there are a large number of ports available that a vulnerability scanner might find open or exploitable. Fortunately, defaults are almost always configured to keep ports closed and secure unless they are intentionally open for providing some service. A socket is the endpoint of a connection. You must have a socket in order for communication to happen. Different socket types use different addressing methods. The most common approach is to use an IP address combined with a port number. In UNIX this is called AF_NET addressing. Another UNIX approach called AF_UNIX uses pathnames to identify sockets. BSD - Berkeley Sockets became the standard for TCP/IP communications. Winsock - Windows Sockets are loaded as a DLL - Dynamic Link Library in Windows operating system platforms. If you have multiple versions of an application open, such as Internet Explorer, packets associated with an HTTP request will be configured to use port 80. But how will your system know which of the open Internet Explorer sessions should be receiving the packets? This is done using a different socket designation for each port. |