In this context, the term scanner refers to a software program that is used by hackers to remotely determine possible vulnerabilities of a given system.
Administrators also use scanners to detect and correct vulnerabilities in their own systems before an intruder finds them. Many scanning programs are available as freeware on the Internet.
A good scanning program can locate a target computer on the Internet (one that is vulnerable to attack), determine what TCP/IP services are running on the machine, and probe those services for security weaknesses.
A spoofing attack is when a malicious party impersonates another device or user on a network.
There are several different types of spoofing attacks; including e-mail spoofing, IP address spoofing attacks, ARP spoofing attacks, DNS server spoofing attack.
E-mail spoofing involves sending messages from a bogus e-mail address or faking the e-mail address of another user. Most e-mail servers have security features to prevent sending messages from unauthorized users; nevertheless, it is possible to receive e-mail from an address that is not the actual address of the person sending the message.
In an IP address spoofing attack, an attacker sends IP packets from a false (or “spoofed”) source address in order to disguise itself. IP spoofing consists in sending the address from a computer but using as a source address the one of a trusted computer.
There are many tools and practices that organizations can employ to reduce the threat of spoofing attacks. Common measures that organizations can take for spoofing attack prevention include packet filtering, the use of spoofing detection software and the use of cryptographic network protocols.
Denial of Service Attacks (DoS) and Distributed DoS (DDoS)
As it is detailed in [8], “Denial of Service attacks are one of the most popular choices of Internet hackers who want to disrupt a network’s operations. Although they do not destroy or steal data as some other types of attacks do, the objective of the DOS attacker is to bring down the network, denying service to its legitimate users. DOS attacks are easy to initiate; software is readily available from hacker websites that will allow anyone to launch a DOS attack with little or no technical expertise”.
In this kind of attacks, the system receives too many requests and it is not able to return communication with the requestors. The system then consumes resources waiting for the handshake to complete. Eventually, the system cannot respond to any more requests rendering it without service.
Distributed DoS (DDoS) attacks use intermediary computers called agents (that are compromised systems), which are often infected with a Trojuse an. These systems constitute a botnet and are used to target a single system causing a DoS attack.
The difference with a classical DoS attack is due to the use of botnet in DDoS with many computers (can number in the hundreds or even thousands) and many Internet connections, often distributed globally in DDoS.
The attacker activates remotely these Trojan programs, causing the intermediary computers to simultaneously launch the actual attack. This effectively makes it impossible to stop the attack simply by blocking a single IP address since the attack comes from computers, which may be on networks anywhere in the world. Moreover, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.
It is important to note that DDOS attacks pose a two-layer threat. Not only could the network be the target of a DOS attack that crashes their servers and prevents incoming and outgoing traffic, but also their computers could be used as the “innocent middle men” to launch a DOS attack against another network or site.
DDoS attacks can be divided into volume-based attacks, protocol attacks and application layer attacks, according with the target of the attack. In the first case, the objective is to saturate the bandwidth of the network, in the second to consume server or intermediate communication equipment resources, and in the third case to crash the application server.