network attacks: + ping of death - craft too larg IP packet by using a spoofed offset + TCP overwrtie - fool firewall by overwriting allowed port with unallowed port by using offset1 + IP spoofing - forge IP packet with faked source address (race condition); redirect reply to attacker + ARP attack 1 - race against reply + ARP attack 2 - forge fake queries -> inject fake mappings -> DOS or traffic hijacking + blind IP spoofing - send IP packet with fake source address -> DOS; wrong information... + MITM + RIP attack - inject routes into host -> DOS, MITM + ICMP echo attack 1 - use ping to determine hosts alive + ICMP echo attack 2 - SMURF attack; Send echo requests with victim's source address to subnet -> DOS + ICMP redirect attack - use redirect message to hijack traffic or cause DOS + ICMP Dest. unreachable attack - spam forged Dest. unreachable messages in subnet to cut off a host + UDP spoofing - blind IP spoofing on UDP level + UDP hijacking - race against UDP reply + UDP storms - send UDP datagram to echo service and source chargen device -> echo loop -> DOS - can also use two echo services + TCP spoofing - kill host to impersonate; start TCP handshake with spoofed IP packet; to complete the handshake either sniff sequencenumber or guess it + TCP hijacking - use spoofed TCP segments to reset and open an existing connection (and redirect it); guess or sniff sequence numbers + SYN flooding attack - DOS; start handshake with SYN but dont reply to SYN/ACK; counterattack: drop half open connections or SYN cookies + DOS TCP attacks: - Process Table attack - make lots of connections to daemons that fork a new process -> process table is filled - Land attack - send SYN packet with source and destination port and adress being the same -> internal ACK-storm portscans: + UDP Portscan - send zero length UDP packet; reply "port unreachable" -> service is down + TCP SYS scanning - aka "half open"; send SYN; if reply SYN/ACK -> open; if RST -> port closed; then send RST + TCP FIN scanning - send FIN packet; most implementations send RST when port is closed and nothing when open - variations: XMAS: FIN + PSH + URG; NULL: no flags