Students are advised to carefully study the given scenario and complete three tasks based on this scenario.
Reconnaissance attack is defined as the unauthorized discovery and mapping of systems, services, or
vulnerabilities of the target network. If an attacker or intruder wants to attack a network, he needs some
information about target network like which IP (Internet Protocol) addresses are alive, which ports and
services are active on those IP addresses and what operating system is running. With reconnaissance attacks,
an attacker can gather such information and can execute an actual attack on the target network. For a
considerable time reconnaissance attacks are not detected because they have no impact on the network.
Operation of reconnaissance attacks
Reconnaissance attack is an initial step for an intruder to attack a network. To gather information
about the target network, first, an intruder performs a ping sweep of the target network to get IP addresses
that are alive. Then, the intruder performs port scans to determine which ports or services are active on the IP
addresses which are alive. After determining live ports, the intruder starts querying the ports to find what
operating system is running, the type and version of the applications, software running and the configuration
that has been applied on the target host. Reconnaissance attack can be used as an administrative tool or as an
attacking tool.
Access Attacks
Access attacks can be said as accessing network traffic in an illegal way. With the help of access attacks
intruders can retrieve data, gain access and can escalate their access privileges across the networks or
systems. They are used to gain access to confidential databases, web accounts and other sensitive
information. Access attack can occur in different ways.
DoS and DDoS
After reconnaissance attacks, DoS attacks are the most common form of security attacks. DoS attacks
are the most difficult attacks to eliminate completely because they are not targeted to gain access to the
network or the information on the network. Attackers use DoS attack to prevent legitimate users from
accessing information or services in the network.
Task-1
Reconnaissance attacks consist of Packet sniffers, Port scans, Ping sweeps and Internet information queries.
Describe each of these and discuss mitigation techniques for each one.
Task 2
Access attacks consist of Password attacks, Trust exploitation, Port redirection, Man-in-the-middle attacks and
Buffer overflow. Describe each type of access attack and also discuss how these attacks can be mitigated.
Task 3
Illustrate Denial of Service attack and Distributed Denial of Service attack with suitable examples of these
attacks.
Task 4
Select a published paper (preferably from the ACM DL or IEEE CSDL) that is discussing one aspect of Network
Security (For example, Latest encryption and decryption techniques, different types of attacks and their
mitigation etc). Summarize this paper in one page. The summary should include the main ideas presented in
the paper. The paper you select MUST NOT BE DISCUSSED BY ANOTHER STUDENT.
