社交网络攻击资源-CSDN文库

安全技术

需积分: 10 8 浏览量 2018-10-29 16:38:35 上传评论收藏 4.56MB PDF 举报

资源推荐

资源详情

资源评论

CHAPTER

INFORMATION IN THIS CHAPTER

• BringingtheSocialNetworkstoTheirKnees

• SavingtheSocialNetworksandOurselves

Social Networking

Infrastructure Attacks

Social networks today host millions of users. The services offered by social networks

vary from basic communications to applications that can help you on a daily basis.

Keep in mind that the trafﬁc on these sites is considered legitimate trafﬁc.

All of this has created the perfect storm for attackers. They now have a platform

that if they can compromise, it will provide access to millions of victims. It also

allows them to hide their tracks within legitimate trafﬁc streams. Oh yeah, we can’t

forget that it becomes more difﬁcult to shut down a social network than it does a

single user. So, we have to rely on the social networks to protect themselves from

attacks, thus protecting us.

BRINGING THE SOCIAL NETWORKS TO THEIR KNEES

It was just a normal day in August 2009. You got up for work, drank your coffee or

whatever your caffeine ﬁx is, took Rover for a walk, and got ready for work, nothing

out of the ordinary. The same type of morning you’ve had for the past 15 years. Then,

you decided, “Let’s check my Twitter account.” You go to the Web site to log in, and

you are presented with a page like Figure 1.1.

“Twitter is down!!!!!!!!!” you scream. You think, “How can this happen? Is it the

end of the world?” The truth is that it isn’t the end of the world, and actually all that

has happened is Twitter, Facebook, and a handful of other social networking sites all

fell victim to a cyber attack.

People have grown to rely on social networks for everyday life. They are not only

checking and posting to these accounts from their home PCs but also posting from

their work PCs and their cell phones. However, it is not only people are relying on

these networks but corporations have taken an interest as well. Corporations are now

Bringing the Social Networks to Their Knees

Twitter has become a part of the world’s communication network; in other words,

everyone is Tweeting. AT&T uses Twitter to communicate network outages for

Internet service providers (ISPs). The Center for Disease Control (CDC) has inte-

grated Twitter as a means for managing alerts. The US State Department even asked

Twitter to reschedule their maintenance window during the protests over the disputed

election in Iran. Numerous other companies and people use Twitter as their primary

source of news updates. So, bringing down Twitter would have an effect on the pro-

ductivity of these companies as well.

Here is the twist to this story; the DDoS attack was launched against Twitter,

Facebook, LiveJournal, Google’s Blogger, and YouTube to silence a single user.

That’s right; they didn’t care about affecting everyone; they were just concerned with

a single user. The attack was both a personal and political attack against a Georgian

blogger that had accounts on all of these sites.

Come to ﬁnd out, the account Cyxymu was owned by a Georgian Economics

professor. It is speculated that the attack occurred in response to the professor’s con-

tinued criticism of Russia’s conduct in the year-long war with Georgia.

Who would have ever thought that one person voicing his or her opinion could cause

an attack on an entire site? This just goes to show the power social networks have.

This seems like a good time for us to take a look at DDoS attacks and the auton-

omy behind them.

Distributed Denial-of-Service Attacks

All of this talk of DDoS – what the heck is it? Before understanding DDoS, one

must ﬁrst understand the denial-of-service (DoS) attack. Looks like it may be time

to take a trek down the technical jargon path. A DoS attack is deﬁned as an attack

coming from one Internet Protocol (IP) address to monopolize a computer resource,

so intended users are unable to utilize the resources. DoS attacks typically attempt to

do one of the following:

• Consumption of computational resources, such as bandwidth, disk space, or

processor time

• Disruptionofcongurationinformation,suchasroutinginformation

• Disruption of state information, such as unsolicited resetting of Transmission

Control Protocol (TCP) sessions

• Disruptionofphysicalnetworkcomponents

• Obstructingthecommunicationmediabetweentheintendedusersandthevictim,

so they can no longer communicate adequately

A DDoS is nothing more than a more powerful version of a DoS. Instead of

the attack originating from a single source, multiple sources are used to simulta-

neously launch the attack. Launching this type of attack bombards the target with

requests, thus overloading the resource. Also, by launching from multiple locations,

it becomes more difﬁcult to track down the attacker.

www.pcworld.com/article/169809

CHAPTER 1 Social Networking Infrastructure Attacks4

If you haven’t dealt with these types of attacks, you may be a little confused at

this point. So, we will take a look at an analogy of the two types of attacks.

Let’s go old school and talk about prank calls. In these two examples, we will

use a kid who is mad at his or her teacher. For our analogy, we will call the kid

“Johnny”:

Analogy 1

Johnny is mad at his teacher for giving him detention. So, when Johnny gets home,

he starts calling his teacher. When he or she answers, Johnny just hangs up and

immediately calls back. By continuing to do this, Johnny ties up the teacher’s phone

line. Getting tired of answering the call, the teacher just implements call block, and

the attack is over.

Analogy 2

Johnny is extremely mad at his teacher this time. He or she had the nerve to give

him detention for a week. So, Johnny decides it is time to get even. Instead of

him calling the teacher this time, he decides to go cyber. Johnny crafts an e-mail

claiming that the recipient has received a trip. However, in order to receive the trip,

they must call this number, the teacher’s number, between 3:00 and 4:00 p.m. on

Tuesday. Johnny then blasts the e-mail out as spam. During Johnny’s speciﬁed time,

the teacher starts receiving thousands of calls from different numbers. Call block

will not help this time.

In the ﬁrst analogy, the teacher experienced a DoS attack. It was from a single

source, and it wasn’t hard to ﬁgure out where it was coming from. However, in the

second analogy, the teacher experienced a DDoS attack. The attack originated from

multiple sources, which makes it harder to determine where the attack is coming

from and also harder to protect against.

Johnny is a bad boy!! These were the simplest of attacks. DDoS attacks have

been used to bring down the communications of large companies. This seems like

the perfect time to dive deeper into these attacks and take a look at the autonomy of

a DDoS attack.

Autonomy of a DDoS Attack

DDoS attacks are scary attacks. They are easy to perform and difﬁcult to determine

who launched the attack. Basically, anyone with a computer and a little know-how

could launch a DDoS attack. Figure 1.2 illustrates a basic DDoS attack.

NOTE

Youhaveprobablyheardpeopletalkaboutreceivingspam.Whenyourstheardthatyou

mayhavethought,“Spamiscannedmeat,right?”Spamisaprocessedmeat;however,that

isnotwhatwearetalkingabout.Wearetalkingaboutelectronicspam.Spamistheabuse

ofelectronicmessagingsystemstosendunsolicitedbulkmessagesindiscriminately.

剩余129页未读，继续阅读

评论收藏

内容反馈

0大白0

粉丝: 3
资源: 3

社交网络攻击

soc-Epinions1.txt.gz

网络攻击解析

网络攻击字典

网络攻击分类

网络攻击与检测

网络攻击解决

藏经阁-基于社交网络的大规模网络攻击自动对抗技术.pdf

基于社交网络的大规模网络攻击自动对抗技术.pdf

基于位置的社交网络中的攻击和防御：一种启发式数论方法

网络攻击与防范

网络攻击与防御 网络攻击与防御

《网络攻击与防御+网络攻击与防御》

网络攻击与网络安全

\网络攻击与防范

未来网络攻击模式研究

分布式社交网络中Biclique攻击延迟容忍算法.pdf

基于JavaWeb的社交网络项目后台

社交网络安全问题及解决措施.pdf

网络攻击与防御

云计算时代的社交网络平台和技术

社交网络在银行互联网金融反欺诈的应用.pdf

蜜罐技术在社交网络反垃圾信息中应用

最新资源

网络攻击与防御网络攻击与防御