Monday, February 14, 2011

Server hacking techniques

(This is a post corresponding to Chapter #8 "Electronic commerce" textbook about web server hardware and software)

In todays world, where almost everything is on servers it is important to know not only how to use, configure and manage them, but also how to secure them, and which are the methods a server could be compromised.

There are multiple reasons why a webserver gets compromised or hacked, one of the major reason is installing the webserver with default and lack of updates and weak passwords.

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.
One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.This is one of the most used methods.

There are two general forms of DoS attacks: those that crash services and those that flood services. Attacks can be directed at any network device, including attacks on routing devices and web, electronic mail, or Domain Name System servers.
A DoS attack can be perpetrated in a number of ways.  Popularly, the attacks are divided into three classes:

  1. bandwidth attacks,
  2. protocol attacks,
  3. logic attacks


Address Resolution Protocol (ARP) spoofing, also known as ARP flooding, ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP Spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. The attack can only be used on networks that actually make use of ARP and not another method of address resolution.

Ping flood is based on sending the victim an overwhelming number of ping packets, usually using the "ping" command from unix-like hosts (the -t flag on Windows systems has a far less malignant function). It is very simple to launch, the primary requirement being access to greater bandwidth than the victim.

Peer-to-peer attacks
With peer-to-peer there is no botnet and the attacker does not have to communicate with the clients it subverts. Instead, the attacker acts as a "puppet master," instructing clients of large peer-to-peer file sharing hubs to disconnect from their peer-to-peer network and to connect to the victim's website instead

Keyloggers And Trojans

If A hacker can manage to install a trojan or a keylogger on administrator's computer then, the malicious hacker can easily capture the credentials

DNS Cache Poisoning Attack

If a hacker can manage to insert fake address records for a domain name into DNS server and can make the webserver accept the fake address record then the hacker or intruder can easily control your browser, This attack is extremely dangerous as it happens without the users knowledge

1 comment:

  1. nice Kris. I was wondering how many of this attacks occur and how the big companies are dealing with.

    ReplyDelete