-
Eavesdropping, 竊聽封包
-
Spam, 垃圾郵件
-
Bypass FW, 繞過防火牆
this attack is particularly easy in wireless LANs, where no physical connections are necessary, and it is advantageous for an attacke to remain invisible (unaddressable) on the network.
- using tool:
Network tap or span
- Prevention
(1) Encrption on network level or app level
(2) Traffic padding to prevent identify time
(3) Reroute to anonymize its origin
(4) Mandate trusted routed for data (the info is only traversing trusted network domain)
spammers manipulate the content and keywors in therir msg.
- Prevention
to do a filter to mail server (Mail Transfer Agent & Mail User Agent) by administrator, to config a blacklist of spam src.
the leak that FW has is that it only inspect the 1st fragment of a fragmented packets. Hacker sends out a 1st harmless fragment, which will satisfy the packet filter. Other packets followed wil then overwrite the 1st fragement with malicios data.
- Remark
IP fragmentation is an internet protocol process that breaks packets into smaller fragments, so that the resulting pieces can pass through a link with a smaller maximum transmission unit (MTU) than the original packet size.
The fragments are reassembled by the receiving host.
- Prevention
a solution to this problem is for TCP/IP stacks not to allow fragments to overwrite each other.