IV- II SEM CSE, Cyber Security

Unit - II
(15A05806)
Unit-2
🡺 Tools and methods used in Cyber Crime
Network attack incidents reveal that attackers are often very systematic in launching their
attacks. The basic stages of an attack are described here to understand how an attacker can
compromise a network here
1. Initial Uncovering
2. Network probe
3. Crossing the line toward electronic crime (E-crime)
4. Capturing the network
5. Grab the data
6. Covering tracks
1. Initial Uncovering
Two steps are involved here. In the first step called as reconnaissance, the attacker gathers
information, as much as possible, about the target by legitimate means – searching the information
about the target on the Internet byGoogling social networking websites and people finder websites.
2. Network probe
At the network probe stage, the attacker uses more invasive techniques to scan the
information. Usually, a “ping sweep” of the network IP addresses is performed to seek out
potential targets, and then a “portscanning” tool.
3. Crossingthe line towardelectronic crime (E-crime)
Now the attacker is toward committing what is technically a “computer crime.” He/she
does this by exploiting possible holes on the target system.
4. Capturing thenetwork
At thisstage, the attacker attemptsto “own” the network.The attacker gains a foothold in
the internal network quickly and easily, by compromising low-priority target systems. The next
step is to remove any evidence ofthe attack.
5. Grab the data: Now that the attacker has “captured the network” he/she takes advantage of
his/her positiontostealconfidentialdata,customercredit cardinformation,defacewebpages,
alterprocesses and even launch attacks at other sites from your network, causing a potentially
expensive and embarrassing situation for an individual and/or for anorganization.
6. Covering tracks
This is the last step in any cyber-attack, which refers to the activities undertaken by the
attacker to extend misuse of the system without being detected.
🡺 Proxy Servers and Anonymizers

Proxy server is a computer on a network which acts as an intermediary for connections with
 other computers on that network. The attacker first connects to a proxy server and establishes a

Page 1 of 18
CREC
IV- II SEM CSE, Cyber Security
Unit - II
(15A05806)
connection with the target system through existing connection with proxy.
A proxy server has following purposes:

1. Keep the systems behind the curtain (mainly for securityreasons).

2. Speed up accessto a resource (through “caching”). It is usually used to cache the webpages

from a web server.

3. Specialized proxy servers are used to filter unwanted content such as advertisements. 4.

Proxyserver can be used asIP addressmultiplexerto enable to connect number ofcomputers

onthe Internet, whenever one has only one IP address

One of the advantages of a proxy server is that its cache memory can serve all users. If one
or more websites are requested frequently, may be by different users, it islikely to be in the proxy’s
cache
memory,whichwillimproveuserresponsetime.Infacttherearespecialserversavailableknownascache
servers? A proxy can also do logging.
Listed are few websites where free proxy servers can be found:
1. http://www.proxy4free.com

2. http://www.publicproxyservers.com

3. http://www.proxz.com

4. http://www.anonymitychecker.com

5. http://www.surf24h.com

6. http://www.hidemyass.com

An Anonymizers or an anonymous proxy is a tool that attemptsto make activityon the

Internet untraceable. It accessesthe Internet on the user’s behalf, protecting personal information by
hiding the source computer’s identifyinginformation.
Listed are few websites where more information about Anonymizers can be found:

1. http://www.anonymizer.com

2. http://www.browzar.com

3. http://www.anonymize.net

4. http://www.anonymouse.ws

5. http://www.anonymousindex.com

🡺 Phishing Password Cracking

While checking electronic mail (E-Mail) one day a user finds a message from the bank
threatening him/her to closethebankaccount ifhe/shedoesnotreplyimmediately. Althoughthemessage
 seemsto be suspiciousfromthe contents ofthe message, it is difficult to conclude that it is a fake/false
E Mail.

It is believed that Phishing is an alternative spelling of “fishing,” as in “to fish for information.”
The first documented use of the word “Phishing” was in 1996.

Page 2 of 18
CREC
IV- II SEM CSE, Cyber Security
Unit - II
(15A05806)
1. How PhishingWorks?
Phishers work in the following ways
1. Planning: Criminals, usually called as phishers, decide the target and determine how to get

E Mail address of that target or customers of that business. Phishers often use mass mailing
and address collection techniques as spammers.
2. Setup: Once phishers know which business/business house to spoof and who their victims

are, they will create methods for delivering the message and to collect the data about the
target. Most often this involves E-Mail addresses and a webpage.
3. Attack: Thisisthe step people are most familiar with the phisher sends a phony message

that appears to be from a reputable source.

4. Collection: Phishersrecord the information of victims entering into webpages or pop-up

windows. 5. Identity theft and fraud: Phishers use the information that they have gathered to
make illegal purchases or commit fraud.
Phishing started off as being part of popular hacking culture. Nowadays, more and more
organizations/institutes provide greater online access for their customers and hence criminals
are successfully using Phishing techniquesto stealpersonal information and conduct ID theft
at a global level. We have explained Phishing and Identity theft.
2. Password Cracking
Password islike a key to get an entry into computerized systems like a lock. Password
cracking is a processof recovering passwordsfromdata that have been stored in or transmitted
bya computersystem.

Thepurposeof password cracking is as follows:

1. To recover a forgotten password.

2. As a preventive measure by system administrators to check for easily crackable passwords.

3. To gain unauthorized access to a system.

Manual password cracking isto attempt to logonwith different passwords. The attacker
followsthe following steps
1. Find a valid user account such as an administrator or guest;

2. Create a list of possible passwords;

3. Rank the passwords from high to low probability;

 4. Key-in each password;

5. Try again until a successful password is found.

Passwords can be guessed sometimes with knowledge of the user’s personal information: 1.
Blank (none);
2. The words like “password,” “passcode” and “admin”;

3. Series of letters from the “qwerty” keyboard, for example, qwerty, asdf or qwertyuiop.Page

3 of 18

CREC
IV- II SEM CSE, Cyber Security
Unit - II
(15A05806)
4. User’s name or login name;

5. Name of user’s friend/relative/pet;

6. User’s birthplace or date of birth, or a relative’s or a friend’s;

7. User’s vehicle number, office number, residence number or mobile number;

8. Name of a celebritywho is considered to be an idol bythe user;

9. Simple modification of one ofthe preceding,suchassuffixing a digit, particularly1, or reversing the

order of letters.
Online Attacks
An attacker can create a script file (i.e., automated program) that will be executed to try each
password in a list and when matches, an attacker can gain the access to the system. The most popular
online attack is man-in-the middle (MITM) attack, also termed as “bucket-brigade attack” or
sometimes “Janus attack.”
Offline Attacks
Mostly offline attacks are performed from a location other than the target (i.e., either a computer
system or while on the network) where these passwordsreside or are used.
Strong, Weak and Random Passwords
A weak password is one, which could be easily guessed, short, common and a system default
password that could be easily found byexecuting a brute force attack and byusing a subset of all
possible passwords.
Here are some of the examples of “weak passwords”:
1. Susan: Common personal name;
2. aaaa: repeated letters, can be guessed;
3. rover: common name for a pet, also a dictionary word;
4. abc123: can be easily guessed;
5. admin: can be easily guessed;
6. 1234: can be easily guessed;
 7. QWERTY: a sequence of adjacent letters on many keyboards;
8. 12/3/75: date, possibly of personal importance;
9. nbusr123: probably a username, and if so, can be very easily guessed;
10. p@$$\/\/0rd: simple letter substitutions are preprogrammed into password cracking
tools;
11. password: used very often – trivially guessed;
12. December12: using the date of a forced password change is very common.
Here are some examples of strong passwords:
1. Convert_£100 to Euros!: Such phrases are long, memorable and contain an extended

symbol to increase the strength of the password.

Page 4 of 18
CREC
IV- II SEM CSE, Cyber Security
Unit - II
(15A05806)
2. 382465304H: It is mix of numbers and a letter at the end, usually used on mass user

accounts and such passwords can be generated randomly.

3. 4pRte!ai@3: It is not a dictionary word; however it has cases of alpha along with

numeric and punctuation characters.

4. MoOoOfIn245679: It is long with both alphabets and numerals.

5. t3wahSetyeT4: It is not a dictionary word; however, it has both alphabets and

numerals. Random Passwords

We have explained in the previous section how most secure passwords are long with
random strings of characters and how such passwords are generally most difficult to remember.
Password is stronger if it includes a mix of upper and lower case letters, numbers and other
symbols, when allowed, for the same number of characters.
The general guidelines applicable to the password policies, which can be implemented
organization-wide, are as follows:
1. Passwords and user logon identities (IDs) should be unique to each authorized user.
2. Passwords should consist of a minimum of eight alphanumeric characters.
3. There should be computer-controlled lists of prescribed password rules and periodic testing
to identify any passwordweaknesses.
4. Passwordsshould be kept private, that is, not shared with friends, colleagues.
5. Passwords shall be changed every 30/45 days or less.
6. User accounts should be frozen after five failed logon attempts.
7. Sessions should be suspended after 15 minutes (or other specified period) of inactivity and
require the passwords to be re-entered.
8. Successful logons should display the date and time of the last logon and logoff. 9. Logon IDs
 and passwords should be suspended after a specified period of non-use. 10. For high-risk
systems, after excessive violations, the system should generate an alarm and be able to
simulate a continuing session (with dummy data) for the failed user.
🡺 Keyloggers and Spywares
Keystroke logging, often called keylogging, is the practice of noting (or logging) the keys
struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware
that such actions are being monitored.
1. Software Keyloggers
Software keyloggers are software programs installed on the computer systems which
usually arelocatedbetweenthe OSandthekeyboardhardware, andeverykeystrokeisrecorded.
SC-KeyLog PRO
It allows to secretly record computer user activities such as E-Mails, chat conversations,
visited websites, clipboard usage, etc. in a protected log file.

Page 5 of 18
CREC
IV- II SEM CSE, Cyber Security
Unit - II
(15A05806)
Spytech SpyAgent Stealth
It provides a large variety of essential computer monitoring features as well as website and
application filtering, chat blocking and remote delivery of logs via E-Mail or FTP. All in one
Keylogger
It is an invisible keystrokes recorder and a spy software tool that registers every activity on
the PC to encrypted logs.
Stealth Keylogger
Perfect Keylogger
KGBSpy
Spy Buddy
Elite Keylogger
CyberSpy
Powered Keylogger
2. Hardware Keyloggers
To install these keyloggers, physical access to the computer system is required. Hardware
keyloggers are small hardware devices.
Listed are few websites where more information about hardware keyloggers can be found:
1. http://www.keyghost.com
2. http://www.keelog.com
3. http://www.keydevil.com
4. http://www.keykatcher.com
 3. Antikeylogger
Antikeylogger is a tool that can detect the keylogger installed on the computer system and
also can remove the tool. Visit http://www.anti-keyloggers.com for more information. Advantages
of using Antikeylogger are as follows:
1. Firewalls cannot detect the installations of keyloggers on the systems; hence,
Antikeylogger can detect installations of keylogger.
2. Thissoftwaredoesnotrequireregularupdatesofsignaturebasestoworkeffectivelysuchas
other antivirus and antispyprograms..
3. Prevents Internet banking frauds. Passwords can be easily gained with the help of
installing keyloggers.
4. It prevents ID theft (we will discuss it more in Chapter 5).
5. It secures E-Mail and instant messaging/chatting.
🡺Spywares
Spyware is a type of malware that is installed on computers which collects information about
users without their knowledge.

Page 6 of 18
CREC
IV- II SEM CSE, Cyber Security
Unit - II
(15A05806)
The features and functions of such Spywares are beyond simple monitoring.
1. 007 Spy: It has following key features:
• Capability of overriding “antispy” programs like “ad-aware”;
• Record all websites url visited in internet;
• Powerful keylogger engine to capture all passwords;
• View logs remotely from anywhere at any time;
• Export log report in html format to view it in the browser;
• Automatically clean-up on outdated logs;
• Password protection.
2. Spector Pro: It has following key features:
• Captures and reviews all chats and instant messages;
• captures E-Mails (read, sent and received);
• captures websites visited;
• captures activities performed on social networking sites such as MySpace and
Facebook;
• enables to block any particular website and/or chatting with anyone;
• acts as a keylogger to capture every single keystroke (including usernames and
passwords).
 3. eBlaster: Besides keylogger and website watcher, it also records E-Mailssent and received,
files uploaded/downloaded, logging users’ activities, record online searches, recording
Myspace and Facebook activities and anyother program activity.
4. Remotespy: Besides remote computer monitoring, silently and invisibly, it also monitors and
records users’ PC without any need for physical access. Moreover, it records
keystrokes(keylogger),screenshots,E-Mail,passwords,chats,instantmessengerconversations
and websites visited.
5. Stealth Recorder Pro: It is a new type of utility that enables to record a variety of sounds and
transfer them automatically through Internet without being notified by original location or
source. It has following features:
• Real-time mp3 recording via microphone, cd, line-in and stereo mixer as mp3, wma or
wav formatted files;
• Transferring via e-mail or ftp, the recorded files to a user-defined e-mail address or ftp
automatically;
• Controlling from a remote location;
• Voice mail, records and sends the voice messages.
6. Stealth Website Logger: It records all accessed websites and a detailed report can be
available on a specified E-Mail address.

Page 7 of 18
CREC
IV- II SEM CSE, Cyber Security
Unit - II
(15A05806)
It has following key features:
• Monitor visited websites;
• Reports sent to an E-Mail address;
• Daily log;
• Global log for a specified period;
• Log deletion after a specified period;
• Hotkey and password protection;
• Not visible in add/remove programs or task manager.
7. Flexispy: It is a tool that can be installed on a cell/mobile phone.
After installation, Flexispy secretly records coversation that happens on the phone and sends
this information to a specified E-Mail address.
8. Wiretap Professional: It is an application for monitoring and capturing all activities on the
system. It can capture the entire Internet activity. ftis spy software can monitor and record E
Mail, chat messages and websites visited. In addition, it helps in monitoring and recording
of keystrokes, passwords entered and all documents, pictures and folders viewed.
9. PC Phone Home: It is a software that tracks and locates lost or stolen laptop and desktop
 computers. Every time a computer system on which PC Phone Home has been installed,
connected to the Internet, a stealth E-Mail is sent to a specified E-Mail address of the user’s
choice.
10. SpyArsenal Print Monitor Pro: It has following features:
• Keep track on a printer/plotter usage;
• record every document printed;
• find out who and when certain paper printed with your hardware.
🡺 Virus and Worms
Computer virus is a program that can “infect” legitimate programs by modifying them to
include a possibly “evolved” copy of itself. Viruses spread themselves, without the knowledge or
permission of the users, to potentially large numbers of programs on many machines. Viruses can take
some typical actions:
1. Display a message to prompt an action which may set of the virus;

2. Delete files inside the system into which viruses enter;

3. Scramble data on a hard disk;

4. Cause erratic screen behavior;

5. Halt the system (PC);

6. Just replicate themselves to propagate further harm. E

Page 8 of 18
CREC
IV- II SEM CSE, Cyber Security
Unit - II
(15A05806)
Explain how viruses spread
(a) Through the internet,
(b) Through a stand-alonecomputer system and
(c) Through local networks.

Fig: Virus spreads through the Internet.

 Fig: Virus spreads through stand-alone system.

Page 9 of 18
CREC
IV- II SEM CSE, Cyber Security Fig: Virus spreads through local networks.
(15A05806) Unit - II
 ⮚ Types of Viruses
Computer viruses can be categorized based on attacks on various elements ofthe
systemand can putthe system and personal data on the system in danger.
1. Boot sector viruses: It infects the storage media on which OS is stored (e.g., floppy diskettes and

hard drives) and which is used to start the computer system. The entire data/programs are stored
on the floppy disks and hard drives in smaller sections called sectors..
2. Program viruses: These viruses become active when the program file (usually with extensions

.bin, .com, .exe, .ovl, .drv) is executed (i.e., opened – program is started). Once these program files
get infected, the virus makes copies of itself and infects the other programs on the computer system.
3. Multipartite viruses: It is a hybrid of a boot sector and program viruses. It infects program files

along with the boot record when the infected program is active.

Page 10 of 18
CREC
 IV- II SEM CSE, Cyber Security (15A05806) Unit - II

4. Stealth viruses: It camouflages and/or masks itself and so detecting this type of virus is very

difficult. It can disguise itself such a way that antivirus software also cannot detect it thereby
preventing spreading into the computersystem.
5. Polymorphicviruses: It actslikea “chameleon” that changesitsvirus signature (i.e., binarypattern)

every time it spreadsthrough the system (i.e., multiplies and infects a new file).
6. Macro viruses:Manyapplications,suchasMicrosoftWordandMicrosoftExcel,supportMACROs

(i.e., macro languages). These macros are programmed as a macro embedded in adocument. 7.
Active X and Java Control: All the web browsers have settings about Active X and JavaControls.
Little awareness is needed about managing and controlling these settings of a web
browser. A typical definition of computer virus/worms might have various aspects
such as: 1. A virus attacks specific file types (or files).
2. A virus manipulates a program to execute tasks unintentionally.

3. An infected program produces more viruses.

4. An infected program may run without error for a long time.

5. Viruses can modify themselves and may possibly escape detection this way.

🡺 Trojan Horses and Backdoors

Trojan Horse is a program in which malicious or harmful code is contained inside apparently
harmless programming or data in such a way that it can get control and cause harm, for example,
ruining the file allocation table on the hard disk. ATrojanHorse mayget widelyredistributed as part ofa
computer virus. The term Trojan Horse comes from Greek mythology about the Trojan War.
Some typical examples of threats by Trojans are as follows
1. They erase, overwrite or corrupt data on a computer.

2. They help to spread other malware such as viruses (by a dropperTrojan).

3. They deactivate or interfere with antivirus and firewall programs.

4. They allow remote access to your computer (by a remote accessTrojan).

5. They upload and download files without your knowledge.

6. They gather E-Mail addresses and use them for Spam.

7. They log keystrokes to steal information such as passwords and credit card numbers. 8. They

copy fake links to false websites, display porno sites, play sounds/videos and display images.
9. They slow down, restart or shutdown the system.

10. They reinstall themselves after being disabled.

11. They disable the task manager.

12. Theydisablethecontrol panel.

Page 11 of 18
CREC
IV- II SEM CSE, Cyber Security (15A05806) Unit - II

🡺 Backdoor

A backdoor is a means of access to a computer program that bypasses security

mechanisms. A programmer may sometimes install a backdoor so that the program can be
accessed for troubleshooting or other purposes.
Following are a few examples of backdoor Trojans:
1. Back Orifice: It is a well-known example of backdoor Trojan designed for remote system

administration. It enables a user to control a computer running the Microsoft Windows OS froma
remote location. The name is a word play on Microsoft BackOffice Server software. Readers may
visit http://www.cultdeadcow.com/tools/bo.html to know more about backdoor.
2. Bifrost: It is another backdoor Trojan that can infect Windows 95 through Vista. It uses the typical

server, server builder and client backdoor program configuration to allow a remote attacker, who
uses client, to execute arbitrary code on the compromised machine.
3. SAP backdoors: SAP is an Enterprise Resource Planning (ERP) system and nowadays ERP is the

heart of the business technological platform. These systems handle the key business processes of
the organization, such as procurement, invoicing, human resources management, billing, stock
management and financial planning.
4. Onapsis Bizploit: It is the open-source ERP penetration testing framework developed by the

Onapsis Research Labs. Bizploit assists security professionals in the discovery, exploration,
vulnerability assessment and exploitation phases of specialized ERP penetration tests. Readers
may visit http://www.onapsis.com/research.html to know more about this tool.
How to Protect from Trojan Horses and Backdoors
Follow the following steps to protect your systems from Trojan Horses and backdoors: 1.
Stay away from suspect websites/weblinks: Avoid downloading free/pirated software’s that
often get infected by Trojans, worms, viruses and other things.
2. Surf on the Web cautiously: Avoid connecting with and/or downloading any information
from peer-to-peer (P2P) networks, which are most dangerous networks to spread Trojan
Horses and other threats.
3. It may be experienced that, after downloading the file, it never works and here is a threat
that although the file has not worked, something must have happened to the system the
malicious software deploys its gizmos and the system is at serious health risk.
4. Install antivirus/Trojan remover software: Nowadays antivirus software(s) have built-in
feature for protecting the system not only from viruses and worms but also from malware
such as Trojan Horses.
 Page 12 of 18
CREC
IV- II SEM CSE, Cyber Security (15A05806) Unit - II

Peer-to-Peer (P2P) Networks

Peer-to-peer, commonly abbreviated as P2P, is any distributed network architecture

composed of participants that make a portion of their resources.

1. Hybrid P2P: There is a central server that keeps information about the network. The peers
are responsible for storing the information.
2. Pure P2P: There is absolutely no central server or router. Each peer acts as both client and
server at the same time. This is also sometimes referred to as “serverless” P2P. 2. Mixed P2P: It is
between “hybrid” and “pure” P2P networks. An example of such a network is Gnutella that has no
central server but clusters its nodes around so-called “supernodes.” 🡺 Steganography
Steganography is a Greek word that means “sheltered writing.” It is a method that
attempts to hide the existence of a message or communication. The word “steganography”
comes from the two Greek words: steganos meaning “covered” and graphein meaning “to write”
that means “concealed writing.”

Fig: How steganography works.

1. Steganography tools
DiSi-Steganograph

It is a very small, DOS-based steganographic program that embeds data in

PCX images.

Invisible Folders

It has the ability to make any file or folder invisible to anyone using your PC
even on a network.
 Page 13 of 18
CREC
IV- II SEM CSE, Cyber Security (15A05806) Unit - II

Invisible Secrets

It not only encrypts the data and files for safe-keeping or for secure transfer across the
Net but also hides them in places such as picture or sound files or webpages. These types of
files are a perfect disguise for sensitive information.
Stealth Files
It hides any type of file in almost any other type of file. Using steganography
technique, Stealth Files compresses, encrypts and then hides any type of file inside various
types of files (including EXE, DLL, OCX, COM, JPG, GIF, ART, MP3, AVI, WAV, DOC,
and BMP) and other types of video, image and executable files.
2. Steganalysis
Steganalysis is the art and science of detecting messages that are hidden in images,
audio/video files using steganography. The goal of steganalysis is to identify suspected
packages and to determine whether or not they have a payload encoded into them, and if
possible recover it. Automated tools are used to detect such steganographed data/information
hidden in the image and audio and/or video files.
🡺 SQL Injection
Structured QueryLanguage (SQL) is a database computer language designed for
managing data in relational database management systems (RDBMS). SQL injection is a code
injection technique that exploits a security vulnerability occurring in the database layer of an
application.
The vulnerability is present when user input is either filtered incorrectly for string literal
escape characters embedded in SQL statements or user input is not strongly typed and thereby
unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur
whenever one programming or scripting language is embedded inside another. SQL injection
attacks are also known as SQL insertion attacks
1. Steps for SQL Injection Attack
Following are some steps for SQL injection attack:
1. The attacker looks for the webpages that allow submitting data, that is, login page, search
page, feedback, etc.
 2. To check the source code of any website, right click on the webpage and click on “view
source” (if you are using IE – Internet Explorer) – source code is displayed in the notepad.
The attacker checks the source code of the HTML, and look for “FORM” tag in the HTML
code. Everything between the
<FORM< and </FORM> have potential parameters that might be useful to find the
vulnerabilities.
<FORM action=Search/search.asp method=post>

Page 14 of 18
CREC
IV- II SEM CSE, Cyber Security Unit - II
(15A05806)
<input type=hidden name=A value=C></FORM>

3. The attacker inputs a single quote under the text box provided on the webpage to accept the
user- name and password. This checks whether the user-input variable is sanitized or
interpreted literally by the server.
4. The attacker uses SQL commands such as SELECT statement command to retrieve data
from the database or INSERT statement to add information to the database.
2. Blind SQL Injection
Blind SQL injection is used when a web application is vulnerable to an SQL injection but
the results of the injection are not visible to the attacker. The page with the vulnerability may
not be the one that displays data.
Using SQL injections, attackers can:
1. Obtain some basic information if the purpose of the attack is reconnaissance.

2. May gain access to the database by obtaining username and their password. 3.

Add new data to the database.

4. Modify data currently in the database.

3. Tools used for SQL Server penetration

1. AppDetectivePro
2. DbProtect
3. Database Scanner
4. SQLPoke
5. NGSSQLCrack
6. Microsoft SQL Server Fingerprint (MSSQLFP) Tool
4. How to Prevent SQL Injection Attacks
SQL injection attacks occur due to poor website administration and coding. fte following
steps can be taken to prevent SQL injection.
 1. Input validation
2. Modify error reports
3. Other preventions
🡺 Buffer Overflow
Buffer overflow, or buffer overrun, is an anomaly where a process stores data in a buffer
outside the memory the programmer has set aside for it. The extra data overwrites adjacent memory,
which may contain other data, including program variables and program flow control data. This may
result in erratic program behavior, including memory access errors, incorrect results, program
termination (a crash) or a breach of system security.

Page 15 of 18
CREC
IV- II SEM CSE, Cyber Security (15A05806) Unit - II

In C and C++, there are no automatic bounds checking on the buffer – which means a user
can write past a buffer. For example,
int main ()
{
int buffer[10]; buffer[20] = 10;
}
Types of Buffer Overflow
1. Stack-Based Buffer Overflow
1. Stack buffer overflow occurs when a program writesto a memory address on the program’s
call stack out- side the intended data structure usually a fixed length buffer.
2. “Stack” is a memory space in which automatic variables are allocated.
3. Function parameters are allocated on the stack and are not automatically initialized by the
system, so they usually have garbage in them until they are initialized.
4. Once a function has completed its cycle, the reference to the variable in the stack is
removed.
The attacker may exploit stack-based buffer overflows to manipulate the program in various ways
by overwriting:
1. A local variable that is near the buffer in memory on the stack to change the behavior of

the program that may benefit the attacker.

2. The return address in a stack frame. Once the function returns, execution will resume at

the return address as specified by the attacker, usually a user input-filled buffer. 3. A function
pointer, or exception handler, which issubsequently executed. The factorsthat contribute to
overcome the exploits are
1. Null bytes in addresses.
 2. Variability in the location of shell code.

3. Differences between environments.

2. NOPs
NOP or NOOP (short form of no peration or no operation performed) is an
assembly language instruction/ command that effectively does nothing at all.
3. Heap Buffer Overflow
Heap buffer overflow occurs in the heap data area and may be introduced
accidentally by an application programmer, or it may result from a deliberate exploit. In either
case, the overflow occurs when an application copies more data into a buffer than the buffer
was designed to contain. The characteristics of stack-based and heap-based programming are
as follows:

Page 16 of 18
CREC
IV- II SEM CSE, Cyber Security (15A05806) Unit - II

1. “Heap” is a “free store” that is a memory space, where dynamic objects are allocated. 2.

The heap is the memory space that is dynamically allocated new(), malloc() and calloc()
functions.
3. Dynamically created variables are created on the heap before the execution program is

initialized to zeros and are stored in the memory until the life cycle of the object has
completed.
How to Minimize Buffer Overflow

Although it is difficult to prevent all possible attacks, the following methods will definitely help
to minimize such attacks:

1. Assessment ofsecure code manually

2. Disable stack execution

3. Compilertools

🡺 Attacks on Wireless Networks

Even when people travel, they still need to work. Thus, work seems to be moving out of
the traditional offices into homes, hotels, airport lounges and taxis.
The following are different types of “mobile workers”:
1. Tethered/remote worker: This is considered to be an employee who generally remains at a single

point of work, but is remote to the central company systems.

2. Roaming user: This is either an employee who works in an environment (e.g., warehousing, shop

floor, etc.) or in multiple areas (e.g., meeting rooms).

3. Nomad: This category covers employees requiring solutions in hotel rooms and other semi
 tethered environments where modem use is still prevalent, along with the increasing use of
multiple wireless technologies and devices.
4. Road warrior: This is the ultimate mobile user and spends little time in the office; however,

he/she requires regular access to data and collaborative functionality while on the move, in transit
or in hotels.

Fig: Wireless Networks

Page 17 of 18
CREC
IV- II SEM CSE, Cyber Security (15A05806) Unit - II

Wireless technology is no more buzzword in today’s world. Let us understand important

components of wireless network, apart from components such as modems, routers, hubs and
firewall, which are integral part of any wired network as well as wireless network. 1. 802.11
networking standards:
Institute of Electrical and Electronics Engineers (IEEE)-802.11 is a family of standards
for wireless local area network (WLAN), stating the specifications and/or requirements for
computer communication in the 2.4, 3.6 and 5 GHz frequency bands.
2. Access points: It is also termed as AP. It is a hardware device and/or a software that acts as a
central transmitter and receiver of WLAN radio signals.
3. Access points: It is also termed as AP. It is a hardware device and/or a software that acts as a
central transmitter and receiver of WLAN radio signals.
1. Free Wi-Fihotspots.
2. Commercial hotspots.
4. Service Set Identifier (SSID)
5. Wired Equivalence Privacy (WEP):
6. Wi-Fi Protected Access (WPA AND WPA2)
7. Media Access Control (MAC)
Traditional Techniques of Attacks on Wireless Networks
1. Sniffing: It is eavesdropping on the network and is the simplest of all attacks. Sniffing is the
simple process of intercepting wireless data that is being broadcasted on an unsecured network.
 2. Spoofing: The primary objective of this attack is to successfully masquerade the identity by
falsifying data and thereby gaining an illegitimate advantage.
1. MAC address Spoofing
2. IP Spoofing
3. FrameSpoofing
3. Denial of service (DoS)
4. Man-In-The-Middle Attack (MITM)
5. Encryption Cracking

Page 18 of 18
CREC