Chapter 2: Types of Attacks
21
MODIFICATION ATTACKS
A modification attack is an attempt to modify information that an attacker is not autho
-
rized to modify. This attack can occur wherever the information resides. It may also be at
-
tempted against information in transit. This type of attack is an attack against the
integrity of the information.
Changes
One type of modification attack is to change existing information, such as an attacker
changing an existing employee’s salary. The information already existed in the organiza
-
tion but it is now incorrect. Change attacks can be targeted at sensitive information or
public information.
Figure 2-4.
Interception using incorrect name resolution information
Insertion
Another type of modification attack is the insertion of information. When an insertion at
-
tack is made, information that did not previously exist is added. This attack may be
mounted against historical information or information that is yet to be acted upon. For
example, an attacker might choose to add a transaction in a banking system that moves
funds from a customer’s account to his own.
Deletion
A deletion attack is the removal of existing information. This could be the removal of in
-
formation in a historical record or in a record that is yet to be acted upon. For example, an
attacker could remove the record of a transaction from a bank statement (thus causing the
funds that would have been taken from the account to remain).
How Modification Attacks Are Accomplished

It is more difficult to successfully mount a modification attack of information in tran
-
sit. The best way to do this would be to first execute an interception attack against the traf
-
fic of interest and then change the information before passing it on to the destination.
DENIAL-OF-SERVICE ATTACKS
Denial-of-service (DoS) attacks are attacks that deny the use of resources to legitimate us
-
ers of the system, information, or capabilities. DoS attacks generally do not allow the at
-
tacker to access or modify information on the computer system or in the physical world.
DoS attacks are nothing more than vandalism.
Denial of Access to Information
A DoS attack against information causes that information to be unavailable. This may be
caused by the destruction of the information or by the changing of the information into an
unusable form. This situation can also be caused if the information still exists but has been
removed to an inaccessible location.
Denial of Access to Applications
Another type of DoS attack is to target the application that manipulates or displays infor-
mation. This is normally an attack against a computer system running the application. If
the application is not available, the organization cannot perform the tasks that are done
by that application.
Denial of Access to Systems
A common type of DoS attack is to bring down computer systems. In this type of attack,
the system along with all applications that run on the system and all the information that
is stored on the system become unavailable.
Denial of Access to Communications
DoS attacks against communications have been performed for many years. This type of
attack can range from cutting a wire, to jamming radio communications, to flooding net
-

system with the information could be stolen or destroyed. Short-term DoS attacks against
the information can be made by simply turning off the system. Turning off the system will
also cause a DoS against the system itself. Computer systems can also be crippled by DoS at-
tacks aimed directly at the system. Several such attacks exist (either due to vulnerabilities in
the operating systems or known protocol issues—see Chapter 13 for more details).
Applications can be rendered unavailable through any number of known vulnerabili-
ties. This type of vulnerability allows an attacker to send a predefined set of commands to
the application that the application is not able to process properly. The application will
likely crash when this occurs. Restarting the application restores service but the applica
-
tion is unavailable for the time it takes to restart.
Perhaps the easiest way to render communications unusable is to cut the wire. This type
of attack requires physical access to the network cables but as we have seen over time,
backhoes make great DoS tools. Other DoS attacks against communications consist of send
-
ing extraordinarily large amounts of traffic against a site. This amount of traffic overwhelms
the communications infrastructure and thus denies service to legitimate users.
Not all DoS attacks against electronic information are intentional. Accidents play a
large role in DoS incidents. For example, the backhoe that I mentioned in the last para
-
graph might cut a fiber-optic transmission line by accident while working on another job.
Such cuts have caused widespread DoS incidents for telephone and Internet users. Like
-
wise, there have been incidents of developers testing new code that causes large systems
to become unavailable. Clearly, most developers do not have the intent of rendering their
systems unavailable. Even children can cause DoS incidents. A child on a data center tour
will be fascinated by all the blinking lights. Some of these lights and lighted switches will
24
Network Security: A Beginner’s Guide
be near eye level for a child. The temptation to press a switch and possibly shut down a

Electronic Information
Electronic information may be more susceptible to a repudiation attack than information
in physical form. Electronic documents can be created and sent to others with little or no
proof of the identity of the sender. For example, the “from” address of an e-mail can be
changed at will by the sender. There is little or no checking done by the electronic mail
system to verify the identity of the sender.
Chapter 2: Types of Attacks
25
The same is true for information sent from computer systems. With few exceptions,
any computer system can take on any IP address. Thus, it is possible for a computer sys
-
tem to masquerade as another system.
NOTE:
This is a very simplified example. One system can take on the IP address of another if it is on
the same network segment. Taking on the IP address of another system across the Internet is not easy
and does not provide a true connection.
Denying an event in the electronic world is much easier than in the physical world.
Documents are not signed with handwritten signatures and credit card receipts are not
signed by the customer. Unless a document is signed with a digital signature, there is
nothing to prove that the document was agreed to by an individual. Even with digital sig
-
natures, a person could say that the signature was somehow stolen or that the password
protecting the key was guessed. Since there is very little proof to link the individual to the
event, denying it is much easier.
Credit card transactions are also easier to deny in the electronic world. There is no sig
-
nature on the receipt to match against the cardholder’s signature. There may be some
proof if the goods were sent to the cardholder’s address. But what if the goods were sent
somewhere else? What proof is there that the cardholder was actually the person who
purchased the goods?