IP Security
Throughout the last few decades, computers on the Internet have been subject to many different attacks:
- Password-guessing attacks
With password-guessing attacks, attackers repeatedly try to guess user passwords.
- Social-engineering attacks
With attacks of this kind, attackers send email or some other message in an attempt to get users to reveal their passwords or set the passwords to a new value specified by the attacker.
- Server vulnerability attacks
With these, attackers exploit a flaw or undocumented command in a server and use the exploit to gain privileged access to the computer on which the server was running.
In the 1990s, the actual infrastructure of the Internet came under attack as well. (See Chapter 24 for more details.)
- Network sniffers
Using network sniffers, attackers capture passwords and other sensitive pieces of information passing through the network as they are transmitted.
- IP spoofing attacks
Attackers use such attacks to break into hosts on the Internet.
- Connection hijacking
Connection hijacking is used by attackers to seize control of existing interactive sessions (e.g., telnet).
- Data spoofing
Data spoofing is used by attackers on a rogue computer on a network to insert data into an ongoing communication between two other hosts. This type of attack has been demonstrated as an effective means of compromising the integrity of programs executed over the network from NFS servers.
In the first years of the 21st century, network security was complicated further ...
Get Practical UNIX and Internet Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
