Section(B)

Secure Socket Layer (SSL)

provides security to the data that is transferred between web browser and server.
SSL encrypts the link between a web server and a browser which ensures that all
data passed between them remain private and free from attack.

Secure Socket Layer Protocols:

• SSL record protocol

• Handshake protocol

• Change-cipher spec protocol

• Alert protocol

SSL Protocol Stack:

SSL Record Protocol:

SSL Record provides two services to SSL connection.

• Confidentiality

• Message Integrity

In the SSL Record Protocol application data is divided into fragments. The

fragment is compressed and then encrypted MAC (Message Authentication

Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5
(Message Digest) is appended. After that encryption of the data is done and in
last SSL header is appended to the data .
Handshake Protocol:

Handshake Protocol is used to establish sessions. This protocol allows the client
and server to authenticate each other by sending a series of messages to each
other. Handshake protocol uses four phases to complete its cycle.

• Phase-1: In Phase-1 both Client and Server send hello-packets to each

other. In this IP session, cipher suite and protocol version are exchanged for
security purposes.

• Phase-2: Server sends his certificate and Server-key-exchange. The server

end phase-2 by sending the Server-hello-end packet.

• Phase-3: In this phase, Client replies to the server by sending his

certificate and Client-exchange-key.

• Phase-4: In Phase-4 Change-cipher suite occurs and after this the

Handshake Protocol ends.

Alert Protocol:

This protocol is used to convey SSL-related alerts to the peer entity. Each
message in this protocol contains 2 bytes.

The

level is further classified into two parts:

Warning (level = 1):

This Alert has no impact on the connection between sender and receiver. Some
of them are:

Bad certificate: When the received certificate is corrupt.

No certificate: When an appropriate certificate is not available.

Certificate expired: When a certificate has expired.

Certificate unknown: When some other unspecified issue arose in processing the
certificate, rendering it unacceptable.

Close notify: It notifies that the sender will no longer send any messages in the
connection.

Unsupported certificate: The type of certificate received is not supported.

Certificate revoked: The certificate received is in revocation list.

Fatal Error (level = 2):

This Alert breaks the connection between sender and receiver. The connection
will be stopped, cannot be resumed but can be restarted. Some of them are :

Handshake failure: When the sender is unable to negotiate an acceptable set of

security parameters given the options available.

Decompression failure: When the decompression function receives improper

input.

Illegal parameters: When a field is out of range or inconsistent with other fields.

Bad record MAC: When an incorrect MAC was received.

Unexpected message: When an inappropriate message is received.

The second byte in the Alert protocol describes the error.

Salient Features of Secure Socket Layer:

• The advantage of this approach is that the service can be tailored to the
specific needs of the given application.

• Secure Socket Layer was originated by Netscape.

• SSL is designed to make use of TCP to provide reliable end-to-end secure

service.
• This is a two-layered protocol.

Versions of SSL:

SSL 1 – Never released due to high insecurity.

SSL 2 – Released in 1995.

SSL 3 – Released in 1996.

TLS 1.0 – Released in 1999.

TLS 1.1 – Released in 2006.

TLS 1.2 – Released in 2008.

TLS 1.3 – Released in 2018.

SSL (Secure Sockets Layer) certificate is a digital certificate used to secure and
verify the identity of a website or an online service. The certificate is issued by a
trusted third-party called a Certificate Authority (CA), who verifies the identity of
the website or service before issuing the certificate.

The SSL certificate has several important characteristics that make it a reliable
solution for securing online transactions:

1. Encryption: The SSL certificate uses encryption algorithms to secure the

communication between the website or service and its users. This ensures that
the sensitive information, such as login credentials and credit card information,
is protected from being intercepted and read by unauthorized parties.

2. Authentication: The SSL certificate verifies the identity of the website or

service, ensuring that users are communicating with the intended party and not
with an impostor. This provides assurance to users that their information is being
transmitted to a trusted entity.

3. Integrity: The SSL certificate uses message authentication codes (MACs)

to detect any tampering with the data during transmission. This ensures that the
data being transmitted is not modified in any way, preserving its integrity.

4. Non-repudiation: SSL certificates provide non-repudiation of data, meaning

that the recipient of the data cannot deny having received it. This is important in
situations where the authenticity of the information needs to be established, such
as in e-commerce transactions.

5. Public-key cryptography: SSL certificates use public-key cryptography for

secure key exchange between the client and server. This allows the client and
server to securely exchange encryption keys, ensuring that the encrypted
information can only be decrypted by the intended recipient.

6. Session management: SSL certificates allow for the management of secure

sessions, allowing for the resumption of secure sessions after interruption. This
helps to reduce the overhead of establishing a new secure connection each time
a user accesses a website or service.

7. Certificates issued by trusted CAs: SSL certificates are issued by trusted

CAs, who are responsible for verifying the identity of the website or service
before issuing the certificate. This provides a high level of trust and assurance to
users that the website or service they are communicating with is authentic and
trustworthy.

In addition to these key characteristics, SSL certificates also come in various

levels of validation, including Domain Validation (DV), Organization Validation
(OV), and Extended Validation (EV). The level of validation determines the amount
of information that is verified by the CA before issuing the certificate, with EV
certificates providing the highest level of assurance and trust to users.For more
information about SSL certificates for each Validation level type, please refer to
Namecheap.

Overall, the SSL certificate is an important component of online security,

providing encryption, authentication, integrity, non-repudiation, and other key
feature

that ensure the secure and reliable transmission of sensitive information over the
internet.

Refer to the difference between Secure Socket Layer (SSL) and Transport Layer
Security (TLS)

FTP details
File transfer protocol (FTP) is an Internet tool provided by TCP/IP. The first
feature of FTP is developed by Abhay Bhushan in 1971. It helps to transfer files
from one computer to another by providing access to directories or folders on
remote computers and allows software, data, text file to be transferred between
different kinds of computers. The end-user in the connection is known as
localhost and the server which provides data is known as the remote host.

The goals of FTP are:

• It encourages the direct use of remote computers.

• It shields users from system variations (operating system, directory

structures, file structures, etc.)

• It promotes sharing of files and other types of data.

Why FTP?

FTP is a standard communication protocol. There are various other protocols like
HTTP which are used to transfer files between computers, but they lack clarity
and focus as compared to FTP. Moreover, the systems involved in connection are
heterogeneous systems, i.e. they differ in operating systems, directory,
structures, character sets, etc the FTP shields the user from these differences
and transfer data efficiently and reliably. FTP can transfer ASCII, EBCDIC, or
image files. The ASCII is the default file share format, in this, each character is
encoded by NVT ASCII. In ASCII or EBCDIC the destination must be ready to
accept files in this mode. The image file format is the default format for
transforming binary files.

FTP Clients

FTP works on a client-server model. The FTP client is a program that runs on the
user’s computer to enable the user to talk to and get files from remote
computers. It is a set of commands that establishes the connection between two
hosts, helps to transfer the files, and then closes the connection. Some of the
commands are: get filename(retrieve the file from server), mget filename(retrieve
multiple files from the server ), ls(lists files available in the current directory of
the server). There are also built-in FTP programs, which makes it easier to
transfer files and it does not require remembering the commands.

Type of FTP Connections

FTP connections are of two types:

Active FTP connection: In an Active FTP connection, the client establishes the
command channel and the server establishes the data channel. When the client
requests the data over the connection the server initiates the transfer of the data
to the client. It is not the default connection because it may cause problems if
there is a firewall in between the client and the server.

Passive FTP connection: In a Passive FTP connection, the client establishes both
the data channel as well as the command channel. When the client requests the
data over the connection, the server sends a random port number to the client, as
soon as the client receives this port number it establishes the data channel. It is
the default connection, as it works better even if the client is protected by the
firewall.

Anonymous FTP

Some sites can enable anonymous FTP whose files are available for public
access. So, the user can access those files without any username or password.
Instead, the username is set to anonymous and the password to the guest by
default. Here, the access of the user is very limited. For example, the user can
copy the files but not allowed to navigate through directories.

How FTP works?

The FTP connection is established between two systems and they communicate
with each other using a network. So, for the connection, the user can get
permission by providing the credentials to the FTP server or can use anonymous
FTP.

When an FTP connection is established, there are two types of communication

channels are also established and they are known as command channel and data
channel. The command channel is used to transfer the commands and responses
from client to server and server to client. FTP uses the same approach as
TELNET or SMTP to communicate across the control connection. It uses the NVT
ASCII character set for communication. It uses port number 21. Whereas the data
channel is used to actually transfer the data between client and server. It uses
port number 20.

The FTP client using the URL gives the FTP command along with the FTP server
address. As soon as the server and the client get connected to the network, the
user logins using User ID and password. If the user is not registered with the
server, then also he/she can access the files by using the anonymous login
where the password is the client’s email address. The server verifies the user
login and allows the client to access the files. The client transfers the desired
files and exits the connection. The figure below shows the working of FTP.
Detail steps of FTP

• FTP client contacts FTP server at port 21 specifying TCP as transport

protocol.

• Client obtain authorization over control connection.

• Client browse remote directory by sending commands over control

connection.

• When server receives a command for a file transfer, the server open a TCP
data connection to client.

• after transferring one file, server closes connection.

• server opens a second TCP data connection to transfer another file.

• FTP server maintains state i.e. current directory, earlier authentication.

Transmission mode

FTP transfer files using any of the following modes:

• Stream Mode: It is the default mode. In stream mode, the data is transferred
from FTP to TCP in stream bytes. Here TCP is the cause for fragmenting data into
small segments. The connection is automatically closed if the transforming data
is in the stream bytes. Otherwise, the sender will close the connection.

• Block Mode: In block mode, the data is transferred from FTP to TCP in the
form of blocks, and each block followed by a 3-byte header. The first byte of the
block contains the information about the block so it is known as the description
block and the other two bytes contain the size of the block.

• Compressed Mode: This mode is used to transfer big files. As we know

that, due to the size limit we can not transfer big files on the internet, so the
compressed mode is used to decrease the size of the file into small and send it
on the internet.

FTP Commands
Sr. no. Command Meaning

1. cd Changes the working directory on the remote host

2. close Closes the FTP connection

3. quit Quits FTP

4. pwd displays the current working Directory on the remote host

5. dis or ls Provides a Directory Listing of the current working directory

6. help Displays a list of all client FTP commands

7. remotehelp Displays a list of all server FTP commands

8. type Allows the user to specify the file type

9. struct specifies the files structure

Applications of FTP

The following are the applications of FTP:

• FTP connection is used by different big business organizations for

transferring files in between them, like sharing files to other employees working
at different locations or different branches of the organization.

• FTP connection is used by IT companies to provide backup files at disaster

recovery sites.

• Financial services use FTP connections to securely transfer financial

documents to the respective company, organization, or government.

• Employees use FTP connections to share any data with their co-workers.

Advantages

• Multiple transfers: FTP helps to transfer multiple large files in between the
systems.

• Efficiency: FTP helps to organize files in an efficient manner and transfer

them efficiently over the network.
• Security: FTP provides access to any user only through user ID and
password. Moreover, the server can create multiple levels of access.

• Continuous transfer: If the transfer of the file is interrupted by any means,

then the user can resume the file transfer whenever the connection is
established.

• Simple: FTP is very simple to implement and use, thus it is a widely used
connection.

• Speed: It is the fastest way to transfer files from one computer to another.

Disadvantages

• Less security: FTP does not provide an encryption facility when

transferring files. Moreover, the username and passwords are in plain text and
not a combination of symbols, digits, and alphabets, which makes it easier to be
attacked by hackers.

• Old technology: FTP is one of the oldest protocols and thus it uses
multiple TCP/IP connections to transfer files. These connections are hindered by
firewalls.

• Virus: The FTP connection is difficult to be scanned for viruses, which

again increases the risk of vulnerability.

• Limited: The FTP provides very limited user permission and mobile device
access.

• Memory and programming: FTP requires more memory and programming

efforts, as it is very difficult to find errors without the commands.

What is Google Dorking or Google ethical hacking?

•
Google Dorking is a technique used by hackers and security researchers to find
sensitive information on websites using Google’s search engine. It is also known
as Google hacking or Google Dorking.

Search Filters

Google Dorking involves using advanced search operations in Google to search

for specific keywords, file types, or website parameters. These operators can be
combined to create more powerful search queries that can reveal information that
would not be easily accessible otherwise.

Some examples of advanced search operators used in Google Dorking include:

Dork Description Example

allintext Searches for occurrences of all the keywords given.

allintext:”keyword”

intext Searches for the occurrences of keywords all at once or one at a time.
intext:”keyword”

inurl Searches for a URL matching one of the keywords. inurl:”keyword”

intitle Searches for occurrences of keywords in title all or one. intitle:”keyword”

site Specifically searches that particular site and lists all the results for that
site. site:”www.geeksforgeeks.org”

filetype Searches for a particular filetype mentioned in the query.

filetype:”pdf”

link Searches for external links to pages link:”keyword”

related List web pages that are “similar” to a specified web page.
related:www.geeksforgeeks.org

cache Shows the version of the web page that Google has in its cache.
cache:www.geeksforgeeks.org

These are some of the dorks who generally used more as compared to other
dorks. Dorks are just not limited to this list, you can also make your own custom
dork by innovating already existing dorks. For reference, you can visit Google
Hacking Database.
Examples

Let’s have an example of using a dork intitle:”GeeksForGeeks” which will filter

the sites containing GeeksForGeeks in their title :

intitle:”GeeksForGeeks” (There are a lot more results, explore it by doing)

And one more inurl:”GeeksForGeeks”, it will filter all those sites which are having
GeeksForGeeks in their URL.

inurl:”GeeksForGeeks” (Try it yourself to learn more)

Other Operators

Apart from the above-mentioned operator, there are also some logical operators
which can be used to filter the search engine results according to the need. You
will definitely get the stuff on seeing these operators. Here are these:

• OR: This self-explanatory operator searches for a given search term OR an

equivalent term.

site:geeksforgeeks.org | site:www.geeksforgeeks.org

• AND: Similarly, this operator searches for a given search term AND an
equivalent term.

site:geeksforgeeks.com & site:www.geeksforgeeks.org

• Search Term: This operator only looks for the precise phrase within speech
marks.

"GeeksForGeeks POTD"

• Glob Pattern (*): This works best when you don’t know what goes on in the
place of the asterisk(*).

site: *.geeksforgeeks.org

• Including Results: Will include the results.

site:linkedin.com +site:linkedin.*

• Exclude Results: Will exclude the results.

site:linkedin.* -site:linkedin.com

This is all about the operators which can be used apart from the dorks which
doing a google search.

While Google Dorking can be used for legitimate purposes such as researching a
website’s security vulnerabilities, hackers use this technique maliciously to find
sensitive information such as usernames, passwords, and other potential
information. As a result, it is important for website owners to secure their
websites and avoid exposing sensitive information in publicly accessible
directories.

In addition, internet users should also be careful about the information they share
online and use strong, unique passwords for each of their online accounts to
avoid falling victim to a cyber attack.

Overall, Google Dorking is a powerful technique that can be used for both good
and bad purposes. Website owners and internet users should be aware of its
potential risks and take steps to protect themselves from any potential security
breaches.

Prevention From Google Dorking

As an owner/developer, you will wish your website to be secure from google

dorking. You can do so by following the below-mentioned stuff:

• Use Robots.txt: You may tell search engines not to index particular web
pages or directories on your website using a robots.txt file. By doing this, you
may be able to stop attackers from discovering weak points on your website.
There are a lot of modifications that can be done to robots.txt. For ex:

<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">

// This meta tag will prevent all

robots from scanning your website

To get more insights about robots.txt, follow this GFG Article.

• Disable Directory Indexing: Web servers frequently permit directory
crawling by default, allowing anybody to see a directory’s contents. You can stop
it from happening by turning off directory indexing in your web server settings.

• Use a Firewall: You can use a WAF (Web Application Firewall) to enhance
the security of your website. It will provide you with an extra layer of security.

• Use Access Control: You can use authentication or MFA (Multi-Factor

Authentication) on the pages if you don’t want let anyone to have access. It will
prevent unauthorized access to the website.

By following these methods, you can protect your website over the internet from
google hackers, or better to say, google dorking.

Note: This article is only for educational purposes.

Sniffing attacks

A sniffing attack in system hacking is a form of denial-of-service attack which is

carried out by sniffing or capturing packets on the network, and then either
sending them repeatedly to a victim machine or replaying them back to the
sender with modifications. Sniffers are often used in system hacking as a tool for
analyzing traffic patterns in a scenario where performing more intrusive and
damaging attacks would not be desirable.

Sniffing Attack:

A sniffing attack can also be used in an attempt to recover a passphrase, such as

when an SSH private key has been compromised. The sniffer captures SSH
packets containing encrypted versions of the password being typed by the user
at their terminal, which can then be cracked offline using brute force methods.
• The term “sniffing” is defined in RFC 2301 as: “Any act of capturing
network traffic and replaying it, usually for the purpose of espionage or
sabotage.”

• This definition is not accurate for UNIX-based systems, since any traffic
can be sniffed as long as either the attacker has access to network interfaces
(NIC) or modifies packets that could not be altered in transit. Sniffing can be
performed using a special program like tcpdump, tcpflow, or LanMon that is
connected to a port over which the packets can be inspected remotely.

• Another sniffing attack called ARP spoofing involves sending forged

Address Resolution Protocol (ARP) messages to the Ethernet data link layer.
These messages are used to associate a victim machine’s IP address with a
different MAC address, leading the targeted machine to send all its traffic
intended for the victim through an attacker-controlled host.

• This is used to both hijack sessions and also cause flooding of the network
via a denial-of-service attack (see Smurf attack).

Every IP packet contains, in addition to its payload, two fields: an IP header, and
an Ethernet header encapsulating it.

• The combination of these two headers is often referred to as a “packet” by

those who work with internet communications. An attacker can, therefore, view
and modify an IP packet’s IP header without having to see its payload.

• The Ethernet header contains information about the destination MAC

address (the hardware address of the recipient machine) and the Ether Type field
contains a value indicating what type of service is requested (e.g., precedence or
flow control).

• The Ether type could be “0xFFFF”, indicating that no service fields were
included for the Ethernet frame. This was used in Cisco’s implementation prior to
version 8.0.

Key Points:
There are a number of different methods that an attacker can use to perform ARP
spoofing. They include:

• The attacker has access to the “ARP cache” on their infected machine,
which also contains other machines’ MAC addresses, but who do not have or are
not using the same IP addresses as other machines with the same MAC
addresses in their ARP caches.

• The attacker does not know what method the other machines use for
keeping a table of MAC addresses, and so simply sets up a network with many
duplicate entries.

• The attacker sends out forged ARP messages, trying to associate their
infected machine with another machine’s MAC address.

Countermeasures:

There are a number of ways that the attacker can be prevented from using these
methods, including:

• ARP spoofing is not a very effective attack, except in networks that are
poorly secured.

• In order for an attacker to use this method as a form of masquerading, they

must be able to send packets directly to the network (either through access to
Wi-Fi or by finding a security flaw). Because of this, the attacker’s IP address is
likely to become known very quickly.

• A sniffing attack is a form of attack where the attacker tries to access

certain data over the network and sniffing is used as an essential task in
capturing data. The term “sniffing” comes from the action of sniffing or smelling.
The attacker gets hold of this information by using special software called
“network analyzer”.

• Sniffing in Hacking: it is considered to be an intrusion on your computer

system without permission, without your knowledge, and without legal
authorization. It’s called hacking, which can be performed by several methods.

Conclusion:

In conclusion, it can be said that sniffing is a method used to extract information

from the network in order to get access to a system or to deny access.
Wireless Ethical Hacking

In the realm of ethical hacking, wireless networks pose unique security challenges due
to their susceptibility to attacks such as sniffing and DoS attacks. Wireless
networks are interconnected devices that communicate via radio waves, offering
flexibility and cost-effectiveness compared to wired networks. However, this
convenience comes with security risks that hackers can exploit.

Sniffing is a common technique used by hackers to intercept network packets without

physical proximity to the network. By leveraging tools like Kismet and NetStumbler,
attackers can capture data transmitted over wireless networks. Kismet, available in Kali
Linux, is a powerful tool for wireless sniffing, while NetStumbler is designed for
Windows systems.

To secure wireless networks, encryption protocols like Wired Equivalent Privacy

(WEP) were introduced. WEP aimed to protect wireless networks through encryption at
the data link layer. However, WEP has significant vulnerabilities, including susceptibility
to dictionary attacks and Denial of Service (DoS) attacks.

Tools like WEPcrack and Aircrack-ng have been developed to exploit weaknesses in
WEP encryption and crack passwords. These tools enable ethical hackers to test the
security of wireless networks by decrypting encrypted data captured during network
sniffing.

In addition to sniffing attacks, wireless networks are also vulnerable to DoS attacks,
which can disrupt network services and hinder connectivity. Attackers can launch
Physical Attacks or Network DoS Attacks using tools like Pyloris and Low Orbit Ion
Cannon (LOIC) to overwhelm Wireless Access Points with excessive traffic.

To enhance the security of wireless networks, it is essential to follow best practices

such as regularly changing SSIDs and network passwords, avoiding WEP encryption,
updating firmware, and disabling guest networking features.

Overall, ethical hacking in the context of wireless networks involves understanding

vulnerabilities inherent in wireless communication protocols, employing specialized tools
for network reconnaissance and exploitation, and implementing robust security
measures to safeguard against potential threats.

Types of wireless ethical hacking:

Wireless networks are vulnerable to various types of ethical hacking techniques that can
be used for security testing and strengthening network defenses. Here are some
common types of wireless ethical hacking:
1. Password Cracking: Attackers attempt to guess or crack the WiFi password using
tools like brute-force attacks or leaked credential lists to gain unauthorized access to the
network.

2. Rogue Access Point: Hackers set up a rogue access point, which is a fake wireless
access point connected to a legitimate network, allowing them to intercept data
transmitted over the network.

3. Man-in-the-Middle (MITM) Attack: Malicious actors position themselves between

communicating devices on the network, intercepting and potentially altering the
exchanged information without the users’ knowledge.

4. Evil Twin Attack: Similar to a rogue access point, an evil twin attack involves creating a
fake access point that mimics a legitimate network to deceive users into connecting and
sharing sensitive information.

5. Packet Sniffing: Hackers use tools like Wireshark to capture and analyze data packets
traveling over the WiFi network, potentially exposing confidential information for
exploitation.

6. Wireless Jamming: Attackers disrupt WiFi operations by transmitting signals on the

same frequency as the network, causing interference that can slow down or disable
network connectivity.

7. MAC Spoofing: By changing their device’s MAC address to match a legitimate device
on the network, hackers can bypass authentication measures and gain unauthorized
access.

8. Denial of Service (DoS) Attack: In a DoS attack, hackers flood the network with
excessive traffic or requests, overwhelming it and causing disruptions in service
availability for legitimate users.

These types of wireless ethical hacking methods highlight the importance of securing
WiFi networks against potential threats and vulnerabilities.

Wireless Network Security Protocols or wireless encryption

types
WEP (Wired Equivalent Privacy):

 Description: WEP was the first security protocol introduced in 1997. It uses a
combination of user- and system-generated key values for data encryption. However,
 WEP is considered the least secure option due to vulnerabilities that allow hackers to
crack its encryption.

WPA (Wi-Fi Protected Access):

 Description: Developed to address WEP’s weaknesses, WPA introduced features like

TKIP (Temporal Key Integrity Protocol) and Message Integrity Check for enhanced
security. It provided a dynamic 128-bit key compared to WEP’s static key.

WPA2 (Wi-Fi Protected Access 2):

 Description: Introduced in 2004, WPA2 replaced TKIP with CCMP (Counter Mode
Cipher Block Chaining Message Authentication Code Protocol), offering superior
encryption. It became the industry standard, mandating all Wi-Fi devices to use WPA2
for security.

WPA3 (Wi-Fi Protected Access 3):

 Description: The latest advancement in wireless security, WPA3 brings significant

changes after 14 years. It offers greater protection for passwords, individualized
encryption for networks, and enhanced security for enterprise environments.

These protocols represent the evolution of wireless network security, with each iteration
addressing vulnerabilities and enhancing encryption methods to safeguard data and
prevent unauthorized access.

WPA3 Security:
What are the main forms of security provided by WPA3?

WPA3 offers three primary forms of security for both personal and enterprise use:

1. WPA3-Personal (WPA3-SAE): This mode focuses on enhancing protection for individual

users by utilizing Simultaneous Authentication of Equals (SAE) to provide improved
security even with simple passwords. It allows users to select easy-to-remember
passwords while still ensuring enhanced security through perfect forward secrecy.

2. WPA3-Enterprise: Building upon WPA2 Enterprise mode, WPA3-Enterprise mandates

the use of Protected Management Frames on all WPA3 connections. It incorporates
multiple Extensible Authentication Protocol (EAP) methods for authentication, 128-bit
authenticated encryption, 256-bit key derivation and confirmation, as well as 128-bit
management frame protection.
 3. Wi-Fi Enhanced Open: This additional mode is designed to boost privacy in open
networks. Enhanced Open mode prevents passive eavesdropping by encrypting traffic
even in the absence of a password. It employs 256-bit authenticated encryption, 384-bit
key derivation and confirmation, along with 256-bit management frame protection.

These different modes cater to various network environments and usage scenarios, ensuring
robust security measures tailored to specific needs.

Securing Your Wi-Fi Router from Being Hacked

To secure your Wi-Fi router from being hacked, follow these expert-recommended tips:

1. Change Username and Password Frequently: Regularly change the default

username and password of your router to prevent unauthorized access. Use a strong
password with a combination of letters, numbers, and special characters.
2. Turn on Wireless Network Encryption: Enable encryption such as WPA or WPA2 on
your router to secure the data transmitted over your network. This will prevent hackers
from intercepting sensitive information.
3. Use a VPN (Virtual Private Network): Utilize a VPN service to add an extra layer of
security when connecting to public Wi-Fi networks. A VPN encrypts your internet traffic,
making it difficult for hackers to eavesdrop on your communications.
4. Hide Your Network SSID: Disable SSID broadcast to make your network invisible to
unauthorized users. This can prevent casual snoopers from detecting and accessing
your Wi-Fi network.
5. Turn Off Wi-Fi When Not in Use: Disable Wi-Fi when you are not using it, especially
when you are away from home. This reduces the risk of unauthorized access to your
network in your absence.
6. Enable Firewalls: Activate firewalls on your router and devices to block malicious
incoming traffic and protect against potential cyber threats. Firewalls act as a barrier
between your network and external threats.
7. Position Your Router Strategically: Place your router in the center of your home to
ensure optimal coverage while minimizing signal leakage outside your premises. This
can help prevent unauthorized users from accessing your network from a distance.
8. Update Router Firmware Regularly: Keep your router’s firmware up to date by
installing the latest security patches and updates provided by the manufacturer.
Outdated firmware may contain vulnerabilities that hackers can exploit.
9. Disable Remote Management: Turn off remote management features on your router
unless necessary. Remote management can be exploited by hackers if left enabled,
allowing them to control your router remotely.
10. Monitor Connected Devices: Regularly check the list of devices connected to your Wi-
Fi network to identify any unfamiliar or suspicious devices. Remove unknown devices
promptly to enhance security.
 Types of Wireless Devices
There are various types of wireless devices that utilize different wireless communication
technologies to enable connectivity. Some common types of wireless devices include:

1. Smartphones: Smartphones use a combination of cellular networks, Wi-Fi, and

Bluetooth technologies to provide voice calling, messaging, internet access, and a wide
range of applications.
2. Laptops and Tablets: Laptops and tablets often come equipped with Wi-Fi and
Bluetooth capabilities for wireless internet connectivity and peripheral device
connections.
3. Smartwatches and Fitness Trackers: These wearable devices use Bluetooth
technology to connect to smartphones for notifications, health tracking, and other
functionalities.
4. Smart Home Devices: Devices such as smart thermostats, security cameras, and
smart speakers utilize Wi-Fi or other protocols like Zigbee or Z-Wave for communication
with each other and with central hubs.
5. Wireless Printers: Printers can connect wirelessly to computers and mobile devices
through Wi-Fi networks for convenient printing from anywhere within the network range.
6. Wireless Headphones/Earbuds: Headphones and earbuds with Bluetooth connectivity
allow users to listen to audio wirelessly from their devices without the need for physical
cables.
7. Gaming Consoles: Modern gaming consoles often support Wi-Fi connections for online
gaming, software updates, and multimedia streaming services.
8. Wireless Security Cameras: These cameras use Wi-Fi or other wireless protocols to
transmit video footage to a central monitoring system or directly to users’ devices.
9. Wireless Keyboards and Mice: Input devices like keyboards and mice can connect
wirelessly to computers using Bluetooth or RF (radio frequency) technology for greater
flexibility in usage.
10. Wireless Speakers: Speakers equipped with Bluetooth or Wi-Fi connectivity allow
users to stream audio wirelessly from their devices for music playback or home
entertainment systems.

These are just a few examples of the diverse range of wireless devices that have
become integral parts of modern life, offering convenience, flexibility, and enhanced
connectivity through various wireless communication technologies.

Denial of Service and Prevention

Denial of Service (DoS) is a cyber-attack on an individual Computer or Website with the intent to deny
services to intended users. Their purpose is to disrupt an organization’s network operations by denying
access to its users. Denial of service is typically accomplished by flooding the targeted machine or
resource with surplus requests in an attempt to overload systems and prevent some or all legitimate
requests from being fulfilled. For example, if a bank website can handle 10 people a second by clicking
the Login button, an attacker only has to send 10 fake requests per second to make it so no legitimate
users can log in. DoS attacks exploit various weaknesses in computer network technologies. They may
target servers, network routers, or network communication links. They can cause computers and routers to
crash and links to bog down. The most famous DoS technique is the Ping of Death. The Ping of Death
attack works by generating and sending special network messages (specifically, ICMP packets of non-
standard sizes) that cause problems for systems that receive them. In the early days of the Web, this attack
could cause unprotected Internet servers to crash quickly. It is strongly recommended to try all
described activities on virtual machines rather than in your working environment.
Following is the command for performing flooding of requests on an IP.
HERE,
 “ping” sends the data packets to the victim.
 “ip_address” is the IP address of the victim.
 “-t” means the data packets should be sent until the program is stopped.
 “-l(65500)” specifies the data load to be sent to the victim.
Other basic types of DoS attacks involve.
 Flooding a network with useless activity so that genuine traffic cannot get through. The TCP/IP SYN
and Smurf attacks are two common examples.
 Remotely overloading a system’s CPU so that valid requests cannot be processed.
 Changing permissions or breaking authorization logic to prevent users from logging into a system.
One common example involves triggering a rapid series of false login attempts that lockout accounts
from being able to log in.
 Deleting or interfering with specific critical applications or services to prevent their normal operation
(even if the system and network overall are functional).
Another variant of the DoS is the Smurf attack. This involves emails with automatic responses. If
someone emails hundreds of email messages with a fake return email address to hundreds of people in an
organization with an autoresponder on in their email, the initially sent messages can become thousands
sent to the fake email address. If that fake email address belongs to someone, this can overwhelm that
person’s account. DoS attacks can cause the following problems:
 Ineffective services
 Inaccessible services
 Interruption of network traffic
 Connection interference
Following is the Python script for performing a denial of service attack for a small website that didn’t
expect so much socket connection.
How Do DoS Attacks Work?
DoS attacks typically exploit vulnerabilities in a target’s network or computer systems. Attackers can use
a variety of methods to generate overwhelming traffic or requests, including:
1. Flooding the target with a massive amount of data
2. Sending repeated requests to a specific part of the system
3. Exploiting software vulnerabilities to crash the system
Prevention Given that Denial of Service (DoS) attacks are becoming more frequent, it is a good time to
review the basics and how we can fight back.
 Cloud Mitigation Provider – Cloud mitigation providers are experts at providing DDoS mitigation
from the cloud. This means they have built out massive amounts of network bandwidth and DDoS
mitigation capacity at multiple sites around the Internet that can take in any type of network traffic,
whether you use multiple ISP’s, your own data center, or any number of cloud providers. They can
scrub the traffic for you and only send “clean” traffic to your data center.
 Firewall – This is the simplest and least effective method. Python scripts are often written to filter out
malicious traffic, or existing firewalls can be utilized by enterprises to block such traffic.
 Internet Service Provider (ISP) – Some enterprises use their ISP to provide DDoS mitigation. These
ISPs have more bandwidth than an enterprise would, which can help with large volumetric attacks.

Features to help mitigate these attacks:

Network Segmentation: Segmenting the network can help prevent a DoS attack from spreading
throughout the entire network. This limits the impact of an attack and helps to isolate the affected
systems.
Implement Firewalls: Firewalls can help prevent DoS attacks by blocking traffic from known malicious
IP addresses or by limiting the amount of traffic allowed from a single source.
Use Intrusion Detection and Prevention Systems: Intrusion Detection and Prevention Systems
(IDS/IPS) can help to detect and block DoS attacks by analyzing network traffic and blocking malicious
traffic.
Limit Bandwidth: Implementing bandwidth limitations on incoming traffic can help prevent a DoS
attack from overwhelming the network or server.
Implement Content Delivery Network (CDN): A CDN can help to distribute traffic and reduce the
impact of a DoS attack by distributing the load across multiple servers.
Use Anti-Malware Software: Anti-malware software can help to detect and prevent malware from being
used in a DoS attack, such as botnets.
Perform Regular Network Scans: Regular network scans can help identify vulnerabilities and
misconfigurations that can be exploited in a DoS attack. Patching these vulnerabilities can prevent a DoS
attack from being successful.
Develop a Response Plan: Having a DoS response plan in place can help minimize the impact of an
attack. This plan should include steps for identifying the attack, isolating affected systems, and restoring
normal operations.
 Distributed denial of service




Imagine a scenario where you are visiting some websites and one of them seems to be a little slow. You
might blame their servers to improve their scalability as they might be experiencing a lot of user traffic on
their site. Most of the sites already take this issue into account beforehand. Chances are, they might be a
victim of what is known as a DDoS attack, Distributed Denial of Service Attack. Refer – Denial of
Service and Prevention
In a DDoS attack, the attacker tries to make a particular service unavailable by directing continuous and
huge traffic from multiple end systems. Due to this enormous traffic, the network resources get utilized in
serving requests of those false end systems such that, a legitimate user is unable to access the resources
for himself/herself.
Types of DDoS attacks –
DDoS attacks can be divided into three major categories:

1. Application layer attacks –

These attacks focus on attacking layer 7 of the OSI model where the webpages are generated in
response to the request initiated by the end-user. For a client, generating a request does not take any
heavy load and it can easily generate multiple requests to the server. On the other hand, responding to
a request takes the considerable load for the server as it has to build all the pages, compute any queries
and load the results from the database according to the request.
Examples: HTTP Flood attack and attack on DNS Services.

2. Protocol attacks –
They are also known as state-exhaustion attacks. These attacks focus on vulnerabilities in layer 3 and
layer 4 of the protocol stack. These types of attacks consume resources like servers, firewalls, and load
balancers.
Examples: SYN Flood attack and Ping of Death.

3. Volumetric attacks –
Volumetric attacks focus on consuming the network bandwidth and saturating it by amplification or
botnet to hinder its availability to the users. They are easy to generate by directing a massive amount
of traffic to the target server.
Examples: NTP Amplification, DNS Amplification, UDP Flood attack, and TCP Flood attack.
Common DDoS attacks –
 SYN Flood attack –
An SYN Flood attack works in a similar way a mischievous child keeps on ringing the doorbell
(request) and running away. The old person inside comes out, opens the door and does not see anyone
(no response). Ultimately, after frequent such scenarios, the old person gets exhausted and does not
answer even genuine people. An SYN attack exploits TCP Handshake by sending out SYN messages
with a spoofed IP address. The victim server keeps on responding but does not receive a final
acknowledgement.
 HTTP flood attack –
In an HTTP Flood attack, multiple HTTP requests are generated simultaneously against a target
server. This leads to exhaustion of network resources of that server and thus fails to serve actual users’
requests. The variations of HTTP Flood attacks are – HTTP GET attack and HTTP POST attack.
 DNS amplification –
Assume a scenario where you call pizza hut and ask them to call you back on a number and tell all the
combinations of pizzas they have along with the toppings and desserts. You generated a large output
with a very small input. But, the catch is the number you gave them is not yours. Similarly, DNS
Amplification works by requesting a DNS server from a spoofed IP address and structuring your
request so that the DNS server responds with a large amount of data to the target victim.

DDoS mitigation –
Preventing DDoS attacks is harder than DoS attacks because the traffic comes from multiple sources and
it becomes difficult to actually separate malicious hosts from the non-malicious hosts. Some of the
mitigation techniques that can be used are:
1. Blackhole routing –
In blackhole routing, the network traffic is directed to a ‘black hole’. In this, both the malicious traffic
and non-malicious traffic get lost in the black hole. This countermeasure is useful when the server is
experiencing a DDoS attack and all the traffic is diverted for the upkeep of the network.

2. Rate limiting
Rate limiting involves controlling the rate of traffic that is sent or received by a network interface. It is
efficient in reducing the pace of web scrapers as well as brute-force login efforts. But, just rate
limiting is unlikely to prevent compound DDoS attacks.

3. Blacklisting / whitelisting –
Blacklisting is the mechanism of blocking the IP addresses, URLs, domain names, etc. mentioned in
the list and allowing traffic from all other sources. On the other hand, whitelisting refers to a
mechanism of allowing all the IP addresses, URLs, domain names, etc. mentioned in the list and
denying all other sources accessible to the resources of the network.