URL

Scenario : Joe turns on his computer to access personal online banking When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. when he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?

Leave a Comment / CEHv11 / By

Scenario : Joe turns on his computer to access personal online banking When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. when he examines the website URL closer, he finds that the site is not secure and the web address appears different.
What type of attack he is experiencing?

Option 1 : Dos attack
Option 2 : ARP cache poisoning
Option 3 : DNS hijacking
Option 4 : DHCP spoofing

1. Dos attack

A Distributed Denial of Service (DDoS) attack may be a non-intrusive internet attack made to require down the targeted website URL or slow it down by flooding the network, server or application with fake traffic. When against a vulnerable resource-intensive endpoint, even a small amount of traffic is enough for the attack to succeed.
Distributed Denial of Service (DDoS) attacks are threats that website owners must familiarize themselves with as they’re a critical piece of the safety landscape. Navigating the varied sorts of DDoS attacks are often challenging and time consuming. to assist you understand what a DDoS attack is and the way to stop it, we’ve written the subsequent guide.

Understanding a DDoS Attack

The objective of a DDoS attack is to stop legitimate users from accessing your website URL. For a DDoS attack to achieve success , the attacker must send more requests than the victim server can handle. differently successful attacks occur is when the attacker sends bogus requests.

How does a DDoS Attack Work?

The DDoS attack will test the bounds of an internet server, network, and application resources by sending spikes of faux traffic. Some attacks are just short bursts of malicious requests on vulnerable endpoints like search functions. DDoS attacks use a military of zombie devices called a botnet. These botnets generally contains compromised IoT devices, websites, and computers.
When a DDoS attack is launched, the botnet will attack the target and deplete the appliance resources. A successful DDoS attack can prevent users from accessing an internet site or slow it down enough to extend bounce rate, leading to financial losses and performance issues.

What is the Goal Behind a DDoS Attack?

The main goal of an attacker that’s leveraging a Denial of Service (DoS) attack method is to disrupt an internet site availability:
• the web site can become slow to reply to legitimate requests.
• the web site are often disabled entirely, making it impossible for legitimate users to access it.
Any sort of disruption, counting on your configuration, are often devastating to your business.

2. ARP cache poisoning

ARP Poisoning (also referred to as ARP Spoofing) may be a sort of cyber attack administered over an area Area Network (LAN) that involves sending malicious ARP packets to a default gateway on a LAN so as to vary the pairings in its IP to MAC address table. ARP Protocol translates IP addresses into MAC addresses. Because the ARP protocol was designed purely for efficiency and not for security, ARP Poisoning attacks are extremely easy to hold out as long because the attacker has control of a machine within the target LAN or is directly connected thereto .
The attack itself consists of an attacker sending a false ARP reply message to the default network gateway, informing it that his or her MAC address should be related to his or her target’s IP address (and vice-versa, so his or her target’s MAC is now related to the attacker’s IP address). Once the default gateway has received this message and broadcasts its changes to all or any other devices on the network, all of the target’s traffic to the other device on the network travels through the attacker’s computer, allowing the attacker to examine or modify it before forwarding it to its real destination. Because ARP Poisoning attacks occur on such a coffee level, users targeted by ARP Poisoning rarely realize that their traffic is being inspected or modified. Besides Man-in-the-Middle Attacks, ARP Poisoning are often wont to cause a denial-of-service condition over a LAN by simply intercepting or dropping and not forwarding the target’s packets.

3. DNS hijacking

DNS Hijacking also called DNS Poisoning or DNS spoofing, may be a tactic commonly employed by authoritarian regimes to limit access, block, and censor content on the web .
This censorship are often achieved by forcing local Internet Service Providers (ISPs) to implement the hijacking, or by monitoring and inspecting traffic directly at strategic routing points. the most important example of DNS hijacking is that the Great Firewall.

Every website has an IP address which is linked to its URL by a website Name Server (DNS). once you A URL, like expressvpn.com, into the address bar of your browser, the address is shipped to a DNS server.
A DNS server keeps a record of the IP address of each website and its corresponding URL, which your computer will lookup and hook up with the URL you entered. it’s very almost like a phone book, during which the names of individuals are listed with their physical address. On the DNS server, The URL acts because the name and therefore the IP is that the address.
Several companies publish the DNS addresses of internet sites , and an algorithm allows them to remain up so far at an equivalent time. Unless the DNS server is malicious or poorly configured, it doesn’t matter much which one you employ .

4. DHCP spoofing

The Dynamic Host Configuration Protocol (DHCP) makes configuring networks easier. Today, rather than individually fixing every client, every PC, every smartphone and each network-compatible device, we mostly use DHCP. Individual network users receive their IP addresses, subnet masks and other information via a server. This not only simplifies working with large networks, it also minimizes sources of error. Because the address assignment process is dynamic, it isn’t possible for 2 devices to be assigned an equivalent IP address. It also reduces the specified address space. If the device leaves the network, the IP address can automatically be reapproved for a replacement network user.
At an equivalent time, however, this simplification creates a gateway for criminals. once you believe somebody else to try to to the work for you, you fork over a number of your control. As a result, things are often happening within the background that you simply never determine about. this will also happen with DHCP, however, there’s a solution: The fraudulent use of DHCP are often countered with so-called “DHCP snooping”. How does this security technology work?

What is DHCP snooping used for?

When using DHCP, a server ensures that individual clients receive their configurations. For this to happen, the client must first send an invitation to the network via broadcast. In doing so, the network user wishes to work out which DHCP servers are available and ready to respond. All available DHCP servers reply to the present request. Should there be several active servers within the network, the client chooses the one whose answer reaches them first. With this DHCP server, the client then receives the address assignment. this is often the purpose where we normally encounter the system’s weak part , where it’s accessible for criminals.
It is possible to introduce other servers (so-called rogue DHCP servers) into the network. If one among these manages to succeed in the client first with a response, the network user receives the configuration info via the malicious server. The rogue DHCP server will then send erroneous or manipulated data. As a result, the client is incorrectly setup within the network. This makes it possible to route the client to a wrong gateway — otherwise referred to as DHCP spoofing. Criminals can record data transfers via the gateway so as to get sensitive information. this is often also mentioned as a man-in-the-middle attack. The assignment of incorrect addresses, in contrast, can cause a denial-of-service attack, leading to the paralysis of the whole network. DHCP snooping prevents malicious servers from establishing contact.
DHCP snooping, however, not only protects from criminal schemes, but also from error sources that occur through the irresponsible use of additional routers. If a replacement router is installed into an already existing network, it can confuse the DHCP. The new router then assigns addresses that actually shouldn’t be assigned. this will cause connection errors. Especially within the context of business operations, it can cause problems when employees add their own devices to the network without informing the network administrator about it.

Learn CEH & Think like hacker

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

Leave a Comment