Page 34 - index
P. 34
The Door is Ajar: How an Attack Begins
In order to determine the method of attack, hackers assess the potential value of attacking a
particular system based on elements like unpatched software, vulnerable operating systems
and available remote access protocols.
There are several readily available tools hackers use to gain knowledge about a system.
Through them, the hacker can learn about the operating system and version being used, the
current set of open ports, the status of the firewall and other details that helps them discover
accessible hosts on a network.
For example, the famous nmap tool lets you—among other things—scan the reserved TCP
ports of the target system:
Not shown: 984 filtered ports
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp closed ftp
22/tcp open ssh
25/tcp closed smtp
53/tcp closed domain
80/tcp open http Apache httpd 2.2.15 ((Ubuntu))
|_html-title: HTML Title
110/tcp closed pop3
113/tcp closed auth
443/tcp open https
993/tcp closed imaps
995/tcp closed pop3s
5432/tcp closed postgresql
8080/tcp closed http-proxy
8083/tcp closed unknown
8086/tcp closed unknown
8443/tcp closed https-alt
Nmap done: 1 IP address (1 host up) scanned in 4.68 seconds
Once the attacker knows the particular vulnerabilities of a system, they can decide whether a
vulnerability exploit or a brute-force attack would be more successful. If the system doesn’t have
any clearly apparent vulnerabilities, the latter attack becomes the more feasible option.
The cybercriminal will then start searching for an access point, which is normally a protocol
used for remote control such as SSH (on UNIX systems) and RDP (on systems running
Windows).
This is where the human element is so crucial in doing its part to prevent an attack. In many
breach cases we have seen, system administrators didn’t realize that remote protocols were
active on their systems that enabled unauthorized access.
34 Cyber Warnings E-Magazine – May 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
