LANCOM Reference Manual LCOS 3.50 Chapter 8: Firewall
106
Firewall
protocol, the search for open ports is also called “port scanning”. On the occa-
sion, the attacker starts an inquiry for particular services with a certain pro-
gram, either generally from the Internet, or, only on certain networks and
unprotected workstations, which in turn will give the according answer.
A third possibility is to access an existing data connection and use it as a free-
rider. The attacker observes here the Internet connection of the victim and
analyses the connections. Then he uses e. g. an active FTP connection to
smuggle his own data packets into the protected LAN.
A variant of this method is the “man-in-the- middle” attack. The attacker
observes here first the communication of two workstations, and gets then in
between.
8.1.4 The victims
The question about the degree of exposure for an attack influences to a con-
siderable degree the expenditure one wants to or must meet for defending. In
order to assess whether your network would be particularly interesting for an
attacker as a potential victim, you can consult the following criteria:
Particulary endangered are networks of common known enterprises or
institutions, where valuable information is suspected. Such information
would be e.g. the results of research departments, which are gladly seen
by industrial spies. Or, on the other hand, bank servers, on which big
money is distributed.
Secondly, also networks of smaller organisations are endangered, which
perhaps are only interesting to special groups. On the workstations of tax
consultants, lawyers or doctors do slumber certainly some information
quite interesting for third persons.
Last but not least also workstations and networks are victims of attackers,
which obviously offers no use for the attackers. Just the “script kiddies”
testing out their possibilities by youthful ambition are sometimes just
searching for defenceless victims in order to practise for higher tasks.
The attack against an unprotected, apparently not interesting workstation
of a private person can also serve the purpose to prepare a basis for fur-
ther attacks against the real destination in a second step. The workstation
of “no interest” becomes source of attacks in a second step, and he
attacker can disguise his identity.
All things considered, we can resume that the statistical probability for an
attack to the network of a global player of the industry may be higher than to
a midget network of the home office. But probably it is only a matter of time