User`s guide

ManualsBrandsZyXEL Communications ManualsComputer equipmentZyWALL 10/10

111

112

113

114

115

116

117

118

119

120

ZyWALL IDP 10 User’s Guide

Appendix A Introduction to Intrusions 112

A TCP connect() call is used to open a connection to every interesting port on the machine. If

the port is listening, connect() will succeed, otherwise the port isn't reachable.

SYN scanning (half-open scanning) does not open a full TCP connection. A SYN packet is

sent, pretending to open a genuine connection and waits for a response. A SYN/ACK will

indicate that the port is listening. If a SYN/ACK is received, a RST is sent to tear down the

connection.

The Port Scanner Nmap uses raw IP packets to determine what hosts are available on the

network, what services (ports) they are available, what operating system (and OS version) they

are running, what type of packet filters/firewalls are in use, and other characteristics.

After a target has been found, a layer-7 scanner such as Nikto (web vulnerability scanner) can

be used to exploit vulnerabilities.

Malicious Programs

A computer virus is a small program designed to corrupt and/or alter the operation of other

legitimate programs. The effect of a virus attack varies from doing so little damage that you

are unaware your computer is infected to wiping out the entire contents of a hard drive to

rendering your computer inoperable.

Types of Malicious Programs

The following table describes some of the common malicious programs.

Table 33 Common Malicious Programs

TYPE DESCRIPTION

File Infector This is a small program that embeds itself in a legitimate program. A file infector is able

to copy and attach itself to other programs that are executed on an infected computer.

Boot Sector

Virus

This type of virus infects the area of a hard drive that a computer reads and executes

during startup. The virus causes computer crashes and to some extend renders the

infected computer inoperable.

Macro Virus Macros are small programs that are created to perform repetitive actions. Macros run

automatically when a file to which they are attached is opened. Macro viruses spread

more rapidly than other types of viruses as data files are often shared on a network.

Trojan Horse A Trojan horse is a harmful program that s hidden inside apparently harmless programs

or data.

Worm A worm is a program that is designed to copy itself from one computer to another on a

network. A worm’s uncontrolled replication consumes system resources thus slowing or

stopping other tasks.

E-mail virus E-mail viruses are malicious programs that spread through e-mail. These can infect

your computer even if you do not read the e-mail messages.