Common Possible Attacks

Omokehinde DEJI-AKINPELU, PhD

Cybersecurity Program
Module One
Common Possible Attacks Ctd...
• There are different attacks on the networks. The possible attacks shall be
discussed in the following four categories:

i. Passive and Active Attacks

ii. External and Internal Attacks
iii. Attacks based on Network Protocol stacks
iv. Cryptographic Primitive Attacks

Passive and Active Attacks

• This category of attack is very common in MANET. They are classified based
on how they operate and the effect of their attacks on MANET.
a. Passive Attacks
Wireless is more susceptible to passive attacks. The transmitted data is not
changed by this kind of attacks. It rather includes the illegal or unauthorised
“listening” to the network traffic to or to obtain data from it.

Passive attacker does not disturb or distort the operation of a routing protocol
but tries to discover the important information from routed traffic that can be
used for future harmful attacks.

Discovery of such attacks could be challenging since the operation of network

itself does not get affected.

Examples of passive attacks are:

Monitoring Attack: Eavesdropping Attack:
It is a passive attack in which the This attack is also known as
attacker can see the confidential data, disclosure attack. The attacker can
but cannot alter the data or modify it. analyse broadcast messages to reveal
some useful information about the
network.
It can be developed to identify the
communication parties and
functionality which could provide The term eavesdrops implies
information to launch further attacks. overhearing without expending any
extra effort.
It is not specific to mobile ad-hoc
network, other wireless networks such It involves intercepting and reading of
as cellular, satellite and WLAN also conversations or messages by
suffer from these potential unintended receiver. Mobile host in
vulnerabilities. mobile ad-hoc network shares a
wireless medium.
Most wireless communication use RF Attackers may employ techniques
spectrum and broadcast by nature. such as RF direction findings, traffic
Transmitted messages can be rate analysis, and time-correlation
eavesdropped and injecting of fake monitoring.
messages into network is quite
possible. Traffic analysis in ad hoc networks
may can reveal:
Traffic Analysis: - the existence and location of nodes
Traffic analysis is not necessarily an - the communications network
entirely passive activity. It is perfectly topology
feasible to engage in protocols, or - the roles played by nodes
seek to provoke communication - the current sources and destination
between nodes. of communications
- the current location of specific
individuals or functions
Active Attacks Out-dated routing information may be
This type of attack is achieved by replayed back to the nodes in the
replicating, altering and deleting of network. Active attack can be detected
data being transmitted. It attempts to sometimes and this makes it attack
alter how the protocol behaves. These less used by an attacker.
attacks are meant to hinder the flow of
message from the nodes. Active Attacks into four groups:
dropping, modification, fabrication,
They are collectively known as Denial and timing attacks. It should be
of Service (DOS) attacks. They noted that an attack can be classified
degrade or completely block the into more than one group.
communication between the nodes.
Dropping Attacks: This attack occurs
Another type of attack involves when compromised nodes drop all
injecting of unnecessary packets into packets that are not destined for
the network; causing congestion. them.
Active Attacks ctd....

– Dropping attacks can prevent end-to-end communications between

nodes, if the dropping node is at a critical point. Most of the routing
protocols have no mechanism to detect whether data packets have been
forwarded or not.

• Modification Attacks: An example of modification attacks is sinkhole attack.

These attacks modify packets and disrupt the overall communication
between network nodes. In sinkhole attack, the compromised node
advertises itself in such a way that it ii.has shortest path to the destination.
Malicious node than capture important routing information and uses it for
further attacks such as dropping and selective forwarding attacks.
Active Attacks ctd....
• Fabrication Attacks: It is so called because the selfish node
fabricates and send unreal route message to the nearby nodes. It
could be in response to a legitimate route request or and it could
also be done without receiving any related message.

• Timing Attacks: The compromised or attacking node attracts

other nodes by advertising itself as a node closer to the actual
node. Rushing attacks and hello flood attacks uses this technique.
2. External and Internal Attacks

In external attack, the attacker’s node is not a member of

the network while attacker’s node is a member of the
network in internal attacks.

Internal attacks are worse than external attacks since the

attacker has privileged access to secret information.
3. Attacks based on Network Protocol stacks
• It presented a survey of security attacks in MANET following the
order of the protocol stacks. They are as discussed below:

1. Physical Layer Attack

Eavesdropping is the intercepting and reading of messages and
conversations by unintended receivers. The mobile hosts in mobile
ad hoc networks share a wireless medium.

The majorities of wireless communications use the RF spectrum and

broadcast by nature. Signals broadcast over airwaves can be easily
intercepted with receivers tuned to the proper frequency. Thus,
messages transmitted can be eavesdropped, and fake messages
can be injected into network.
Physical Layer Attack ctd...

Moreover, a radio signal can be jammed or interfered, which

causes the message to be corrupted or lost If the attacker
has a powerful transmitter, a signal can be generated that
will be strong enough to overwhelm the targeted signals
and disrupt communications.

The most common types of this form of signal jamming are

random noise and pulse. Jamming equipment is readily
available. In addition, jamming attacks can be mounted
from a location remote to the target networks.
2. Link Layer Attack
A mobil as-hoc network is an open multi-point peer-to-peer network
architecture.

Specifically, one-hop connectivity among neighbours is maintained

by the link layer protocols, and the network layer protocols extend
the connectivity to other nodes in the network.

Attacks may target the link layer by disrupting the cooperation of the
layer’s protocols.
3. Network Layer Attack
• Network layer protocols extend connectivity from neighbouring 1-hops nodes
to all other nodes in the network. The connectivity between mobile hosts over
a potentially multi-hop wireless link strongly relies on cooperative reactions
among all network nodes.

• The traffic packets could be forwarded to a non-optimal path, which could

introduce significant delay. In addition, the packets could be forwarded to a
non-existent path and get lost.

The attackers can create routing loops, introduce severe network congestion,
and channel contention into certain areas. Multiple colluding attackers may
even prevent a source node from finding any route to the destination, causing
the network to partition, which triggers excessive network control traffic, and
further intensifies network congestion and performance degradation.
4.Transport Layer Attack
• The objectives of TCP-like Transport layer protocols
include setting up of end-to-end connection, end-to-end
reliable delivery of packets, flow control, congestion
control, clearing of end-to-end connection.

• Similar to TCP protocols in the Internet, the mobile node

is vulnerable to the classic flooding attack or session
hijacking attacks.
• However, the network has a higher channel error rate
when compared with wired networks. Because TCP does
not have any mechanism to distinguish between whether
a loss was caused by congestion, random error, or
malicious attacks, TCP multiplicatively decreases its
congestion window upon experiencing losses, which
degrades network performance significantly.
• 5.Application Layer Attack
• Application layer attacks can be worm attacks, mobile
viruses, and repudiation attacks.

• 6.Multi-layer Attack
• Some security attacks can be launched from multiple
layers instead of a particular layer. Examples of multi-
layer attacks are Denial of Service (DoS), man-in-the-
middle and impersonation attacks.