O'Reilly logo

Securing Windows NT/2000 Servers for the Internet by Stefan Norberg

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

TCP/IP Configuration

The Internet Protocol (IP) is the language of the Internet. All computers on the Internet exchange data using TCP/IP. The current versions of TCP, UDP, and the IP protocol (Version 4) all became Internet standards in 1981.

An issue with TCP/IP is it offers no form of security such as authentication, encryption, or data integrity. There are many methods of attacking the existing TCP/IP protocol suite. These attacks include:

Connection hijacking

This occurs when an attacker takes over an existing session. It is, for example, possible for an attacker to take over a Telnet session after a user has logged in. The attacker has to be able to listen to any packets exchanged between the server and the client, and forge packets to launch this attack. There is a good paper on connection hijacking available at http://www.insecure.org/stf/iphijack.txt.

Data insertion

A stealth attack similar to connection hijacking. The goal is to insert data into an existing session to run commands to break into or to sabotage the target system.

Denial of service

The purpose of a denial of service attack is to make a site unavailable to normal users. Flooding the network connection of a server with connection attempts may achieve this.

Man-in-the-middle

An attack that tricks a client into believing that it’s talking to the real destination server. In fact, it’s talking to another system (controlled by the attacker) that is, in turn, talking to the real destination server. This attack ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required