The methods

Usually, strangers do not have access to your local network or the computers on it. So nobody can access the protected area without the corresponding access credentials or passwords. If these credentials cannot be gained by espionage, the attackers will attempt to reach their objectives in a different way.

One basic approach is to smuggle data into the network using one of the approved routes for data exchange, which then opens up access to the attacker from within. Attachments in e-mails or active content on web pages can be used to install a small program on a computer, which is then caused to crash. The program then uses the crash to create a new administrator on the computer, which can then be remotely used for further actions in the LAN.

If access via e-mail or WWW is not possible, an attacker may also search for a server on the LAN that offers certain services that can be used for their own purposes. The services on these servers are identified through specific ports in the TCP/IP protocol, so the search for open ports is referred to as port scanning. The attacker initiates this with a certain program that requests the desired services either from the Internet in general or from specific networks only. The corresponding response will come from unprotected computers.

A third option is to intercept and eavesdrop on an existing data connection. The attacker observes the victim's Internet connection and analyzes the connections. They then use an active FTP connection to insert their own data packets into the LAN.

One variant of this method is the "man-in-the-middle” attack. The attacker first observes to the communication between two computers and then intervenes.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo