DNS is a distributed database to provide mapping between host names and IP addresses. Forward DNS mapping : domain name to address
Inverse : address to domain name
The essence of DNS attack lies upon that the attacker controls the DNS server for the target zone and is able to make any malicious forward and inverse mapping.
Eg, there are ‘target.com’ with IP: 1.1.1.1
‘attack.com’ with IP: 2.2.2.2
‘trust.com’ that ‘target.com’ trusts.
The attacker modifies the DNS so that 2.2.2.2 appears to be associated with trust.com. Then the remote connection between target.com and attack.com can be occurred.

Attack against TCP/IP

TCP vulnerability
A normal TCP connection is established according to the 3 way handshake protocol. [ 1/ The client send s to the server a SYN message which includes an initial sequence number SNc. 2/ The server acknowledges it by replying a SYN message including its current sequence number SNs and a piggybacking ACK with SNc. 3/ The client acknowledges the reply by sending and ACK message with SNs. ] If the procedure succeeds, a TCP connection is established and the client starts to send data packets.The attacker uses spoof addresses in this method.

ICMP attack
It is used by gateways to advise hosts of better routes. First, the attacker penetrates into a secondary gateway availavle to the target .
He sends a false TCP open-connection packet to the target with a spoofed source address ; a trusted one. The target will reply to the latter through primary gateway. During the process, the intruder sends a false redirect message, which refers to the bogus connection from the trusted host thourgh the 2nd gateway and to target. This appears to be legitimate and thus the target will accept this and change routing table. If the target updates its routing table accordingly, future traffic from the target to the trusted host will be directed to the 2nd gateway which is under control of the hacker. With the spoofed address of the trusted host, he can establish connections to the target.
ICMP ကုိ DDoS မွာလည္းသုံးၾကပါတယ္။ နက္ဝပ္တစ္ခုထဲက စက္တစ္ခုဆီကုိ destination address ေနရာမွာ IP broadcast address နဲ႔ ICMP echo request packet ပုိ႔လုိက္ရင္ နက္ဝပ္ထဲကစက္ေတြအားလုံးဆီကုိေရာက္သြားပီး အားလုံးက reply ျပန္ပါတယ္။ Source address ေနရာမွာ target ရဲ့ address ေရးထည့္လုိက္ရင္ ….ဟဲဟဲ

Attack against BGP ( Border Gate Protocol )

Internet routing မွာ intra နဲ႔ inter -domain routing ရွိပါတယ္။ BGP က inter- ပါ။ Autonomous Systems ေတြမွာ သုံးပါတယ္။ AS တစ္ခုဟာ BGP ကုိသုံးပီး သူ႔နက္ဝပ္ထဲက IP range with IP prefixes ေတြကုိ သူ႔ဝန္းက်င္က AS ေတြသိေအာင္လုပ္ပါတယ္။ routing information အတြက္ပါ။ BGP ေတြဟာ encrypted လုပ္မထားပါဘူး။ ပီးေတာ့ သူထဲက message ေတြကုိ ဖ်က္တာ၊ ျပင္တာေတြအတြက္လည္း မကာကြယ္ပါဘူး။ အဲဒီေတာ့… routing information ေတြ လုိသလုိထည့္ပီး man in middle attack လုပ္လုိ႔ရပါတယ္။

စားေမးပြဲ ရွိလည္း မေနႏိုင္ဘူးဗ်ာ။