This in-depth article takes a look at hacking on the Internet. Covering hacker motivation, computer viruses, security, personal firewalls and how to track a hacker!
4. Hacking Techniques
4.1 Overview of Hacking Techniques
The depth and variety of techniques employed by hackers to illegally enter a computer system are vast, for this
reason I intend to provide a brief overview of some of the more common techniques involved, without going into to much detail on
any particular technique.
Hacking a system is a two-step process, Gathering Information and Launching an Attack.
4.2 Gathering Information
A dedicated hacker may spend several months gathering information on the intended target before launching an
attack armed with this new information. Some of the more 'hands-on' techniques involved were discussed in depth in the previous
section entitled "Infiltration and Trashing", but there are also more remote methods available to the hacker.
Port Scanning: A port scanner is a program that automatically detects security weaknesses in a remote system. Scanners are
TCP port scanners, that attack TCP/IP ports and services (Telnet or FTP, for example), and record the response from the target. In
this way, they learn valuable information about the targeted system such as if whether or not the remote system will allow an anonymous
user to log in, or indeed if the system is protected by a firewall.
Many hackers simply type large amounts of IP addresses into a port scanning program and launch random attacks on many users
simultaneously, hoping to strike it lucky with that one system that shows a serious weakness.
Packet Sniffing: A sniffer is a piece of software that grabs information 'packets' that travel along a network. That network
could be running a protocol, such as Ethernet, TCP/IP, IPX or others. The purpose of the sniffer is to place the network interface
into 'promiscuous' mode and by doing so, capture all network traffic. Looking into packets can reveal valuable information like
usernames, passwords, addresses or the contents of e-mails.
4.3 Launching Attacks
There are many attacks employed by hackers. Here is an overview of just some of the more common:
Denial of Service (DOS): A denial of service attack is basically an act of sabotage against a service running on a port on
a targeted system. The aim is to disable the service, for example a web server, in order to prevent people from being able to
access that service remotely.
A typical denial of service attack would involve sending hundreds or even thousands of connection requests to a single machine at any
one time, causing the machine to crash under the strain. A more advanced approach is to send corrupt connection requests, that
exploit a flaw in the service software which fails to recognise the malformed data when it attempts to process it, resulting in a
Trust Relationship Exploitation (Spoofing): A 'spoofing' attack involves the hacker forging their source address, in order to
use their machine to impersonate another. These machines may be operating within a 'trusted zone', for example, where each computer
will challenge another trying to connect to it to identify itself. If the computer cannot authenticate itself with the computer that
it is trying to connect to, the connection will not be allowed. The hacker uses this relationship to impersonate a particular
computer in order to gain access, and because the authentication dialog between computers is automatic, the hacker never needs
to use a username or password.
Password Cracking: A password cracker is a program that attempts to decrypt or otherwise disable password
protection. Often simulation tools are used to simulate the same algorithm as the original password program. Through a
comparative analysis, these tools try to match encrypted versions of the password to the original. Many password crackers are
simply brute-force engines that try word after word from a dictionary, often at very high speeds.
Packet Fragmentation Attacks: The packet fragmentation attack leads to attacks that bypass many current firewalls, because of
the way datagrams reassemble. Datagrams are supposed to be fragmented into packets that leave the header portion of the packet intact
except for the modification of the fragmented packet bit and the filing in of an offset in the IP header. This indicates at which
byte in the whole datagram the current packet is supposed to start. Once the whole datagram is reassembled, it is processed as if
it came in as a single packet.
According to the IP specification, fragmented packets are to be reassembled at the receiving host. This means that an attacker can
send a TCP packet to port 80 through the firewall. The host, behind the firewall, starts to reassemble the packet. The attacker
then sends a second packet that overwrite the first and gets, for example, telnet access, which was originally forbidden by the
Packet Sequence Attacks: In packet sequence attacks, the hacker tries to guess the random sequence number of TCP packets so
that he/she can insert their own packets into a connection stream. In this way the hacker can supply new corrupt content between
two hosts, while remaining largely anonymous.
Operating System Exploits: All operating systems (Windows NT, Unix, Redhat Linux etc.) have their own specific vulnerabilities
and bugs that need to be resolved by 'patching' the OS in order to keep it up to date. Unfortunately, many system administrators
neglect to do so frequently enough, leaving their systems open to attack. Hackers, however, are very thorough in keeping abreast
of all the possible vulnerabilities in all operating systems.
DNS (Domain Name Servers) Exploits: In DNS exploit attacks, the DNS cache is corrupted by the hacker. The mapping of DNS
domain names and IP addresses can be changed so that traffic is redirected to bogus locations, for example to a pornography site
in order to cause embarrassment to the targeted site.
FTP (File Transfer Protocol) Bounce Attacks: The main problem with FTP bounce attacks is that the hacker can use the PORT
command in active FTP mode in order to establish connections with machines other the original FTP server, effectively allowing the
hacker's connection to 'bounce' off the FTP server to another clients machine.
FTP Core Dumping: FTP core dumping enables the hacker to bring down the FTP service. A core dump may be stored on an
FTP readable area, where it can then be retrieved in a following FTP session. The first few lines contain the password file that
can be cracked offline. Once the hacker has the password, they can impersonate a legitimate user and remove, update or delete files