1

This may be a stupid question, but I'm fairly new to cyber security and networking and I'm looking into different types of attacks. I was wondering if dictionary attacks only took place on the application layer, or if it is used for other layers as well.

Anders
  • 64,406
  • 24
  • 178
  • 215
Brad Lamitie
  • 13
  • 2

1 Answers1

1

Dictionary Attacks in Networking

Mostly the application layer if you are talking about the OSI model, one exception being SMTP on the OSI session layer. For TCP/IP it may just be the application layer for all intents/purposes today, though authentication does occur at the TCP/IP link layer in PPP. I can't give many examples here.

But anywhere you see password authentication in a network protocol, or outside of any network consideration, it might be vulnerable to dictionary attacks. OSI session layer has a few (e.g. SMTP). You also could think of any protocol with password-derived cryptography, but getting abstract now.

General Dictionary Attack Scenarios

I would say that dictionary attacks are best considered agnostic of layers as a concept. Instead, to effectively pursue, impede, or prevent an attack, one should consider the act in terms of context. The two contexts are:

  1. Password-based authentication using brute force. For example...
    • Spamming website login processes via HTTP POST appearing to come from a form.
    • Spamming the authentication of an OS login to a computer with no hardware TPM.
  2. Decryption of ciphertext via brute force of passphrase used in key derivation.

The first can be impeded to the extent that it's practically impossible to crack (too many failures means your account gets locked, x unavailable for y minutes, all data gets wiped, and so on).

The second one is impossible to prevent, since unfettered access to ciphertext means the attacker could use the best rainbow table in the world with millions of dollars worth of specialized hardware to spam everything it can think of for as long as it needs, and meanwhile you are none the wiser. Though the key derivation function can impede by demanding more resources to compute.

In terms of layers in the OSI model or TCP/IP, all that above was to make you think of situations in which an attack may apply to no layer in particular, even as a stretch, as the attacks could actually be bare metal (physical, but doesn't pertain to networking). Other times, maybe it's just local to the machine and does not involve networking.

AJAr
  • 1,682
  • 1
  • 9
  • 19