There are many kinds of invasive invasive threats, and all of them cannot be described here because there will be a new form of intrusion every day. Some intrusion, such as the PING server address, may seem hazardous. However, after discovering the existence of the server, hackers may try more serious attacks. This means that all invasions should be potentially harmful. Some major invasions are:
The packet sniffer sniffer refers to an application software or hardware device that is connected to the LAN and acquires information from Ethernet frames. The original purpose of these systems is to troubleshoot and analyze Ethernet communication, or in depth the frames to check a single IP packet. The sniffer runs in a mixed mode; ie they listen to each packet on the physical wire. Many applications (such as Telnet) send user names and password information in a plaintext (can be displayed by olfactory). This means that hackers with an olive detector can get access to many applications.
When the sniffer does not generate a network communication, the firewall can't find a sniff, and many potential sniffing people are your own users in the firewall. Free sniffer software can be downloaded from the Internet, and your user may be running it on its PC, checking them while passing the data package. If your PC is running a Microsoft (R) Windows (R) operating system, users typically require administrator privileges to run the sniffer, which limits the number of users who may try to sniff. However, your administrator user (possibly) can run the sniffer. In addition to accessing confidential data, they may view the plain text password, as described above. Since many people will use the same password to each application, the intruder can infer the content of the encoded password, and obtain further access rights. There are various measures to calculate sniffing. The main measure is to use strong encrypted passwords, but this exceeds the range of this module. IP spoofing IP spoofing refers to changes to the source address of the IP packet to hide the identity of the sender. The route operation in the Internet uses only the target address to send packets and ignore the source address. Therefore, hackers can send destructive packets to your system and hide their sources so that you can't know its source. Deceptions may not be destructive, but it indicates that the invasion is about to begin. This address may be outside the network (to hide the identity of the invader), and it may be one of the trusted internal addresses with access to privileges. Deception is usually used to deny service (DOS) attacks, this module will be described later. Deny Service Attack DOS Attack is one of the most difficult attacks. The difference between DOS attacks and other types of attacks is that they will not cause permanent damage to the network. Instead, they try to stop the network operation by bombarding a specific computer (server or network device), or by reducing the throughput of the network link to the performance difference to the performance of the customer is bored and organized. Distributed DOS (DDoS) is launched from many different computers and focuses on your system attacks. The computer that attacks itself does not start attack, but because of its own security vulnerability, it makes them infiltrated. Application layer attack application layer attack is usually the most open attack, usually using well-known weaknesses, such as web servers and database servers. These problems, especially for web servers, is designed to be available for unknown and unable to be trusted. Most of the attacks are known in the product. This means that the best defense mechanism is usually the latest update program for installing the manufacturer. The inadioled structured query language (SQL) SLAMMER worm affected 35,000 systems in a short period of time released in January 2003. It uses known issues in Microsoft (R) SQL Server2000, and Microsoft has issued patchs for this issue in August 2002. This worm is the use of many administrations without application recommendations, and no proper firewall is installed (the firewall can block packets from ports sent to the worm). When these conditions have occurred, the firewall is just a barrier behind it; manufacturers recommend applying the upgrade program to all products, especially to prevent application layer attacks. The network reconnaissance network reconnaissance is to scan the network to discover a valid IP address, a domain name system (DNS) name, and IP port, and then initiate an attack. The network reconnaissance itself does not damage the system. However, find which addresses are using it to help someone start malicious attacks. If you look at the log of the firewall, you will find that most intrusion is in this form. Typical probes include Scanning Transmission Control Protocol (TCP) and User Dataset Protocol (UDP) ports, as well as other well-known listening ports, such as Microsoft SQL Server, Network Basic Input / Output System (NetBIOS), Hypertext Transfer Protocol ( HTTP) and the port used by the Simple Mail Transfer Protocol (SMTP).
