Computer
Networks are system where a collection of computers and servers to be connected
together to communicate or share information through various communication
channels. Communication channels include the Internet, local area network, or wireless local are nework. Various threats or vulnerabilities can be
potentially presented in any of these communication channels. There are
basically no computers that are totally safe from any threats or vulnerabilities,
except a powered-off computer.
Due to the technology and ease of
communication, the Internet has become so popular that it has been incorporate virtually
into every aspect of a modern human’s life. As such, connection to this big
network made it even more susceptible to threats and vulnerabilities. Let’s
discuss on two of the well-known network attacks, the TCP SYN
flood attack and SQL injection.
1) TCP SYN flood attack – Any
service that binds to or listens on a TCP port is potentially at risk with the TCP SYN flood attacks. TCP SYN flood attacks in turn would lead to a clear
potential of the denial-of-service attack (which will be discuss later). Attackers
made use of the TCP 3-way handshake to perform the TCP SYN flood attack. In a
normal connection, the TCP protocol establishes the connection using a 3-way
handshake with these three steps:
I. The client requests a connection
by sending a SYN (synchronize) message to the server
II. The server acknowledges this
request by sending SYN-ACK back to the client
III. The client responds with an ACK,
and the connection is established
The attack works by leaving the
connection half-open by not responding with the expected ACK. As a result, the
server be waiting for the ACK till the server’s resources are being used up and
refused accept any new connection.
The solution to the TCP SYN flood attack is to patch the server's operating system, where the TCP protocol stack are being update with the bug fixed. After the fixed the length of each three-way handshake queues were increased and the timeout value was also reduced.
The solution to the TCP SYN flood attack is to patch the server's operating system, where the TCP protocol stack are being update with the bug fixed. After the fixed the length of each three-way handshake queues were increased and the timeout value was also reduced.
2) SQL injection aims to attack
the database through the website using the code injection technique to exploits
the vulnerability of the website's software (often due to misconfiguration). The
attacker insert a string of SQL commands through the web forms, it will change
the content of the database when the SQL server execution these malicious codes. Watch the below below to see how this exploitation works.
To prevent SQL injection attacks, web administrators should always validate through the user input by testing the type, length, format, and range of the web page. The web administrator should also take precautions against malicious input, by testing out the web page with commons malicious codes.
Reference:
http://www.networkcomputing.com/unixworld/security/004/004.txt.html
http://en.wikipedia.org/wiki/SYN_flood
http://en.wikipedia.org/wiki/SQL_injection
http://msdn.microsoft.com/en-us/library/ms161953.aspx
http://en.wikipedia.org/wiki/SYN_flood
http://en.wikipedia.org/wiki/SQL_injection
http://msdn.microsoft.com/en-us/library/ms161953.aspx
No comments:
Post a Comment