Attack Types Flashcards
ARP Poisoning, Spoofing, and Man-in-the-Middle
Redirects your traffic, then passes it on to the destination
You never know your traffic was redirected
ARP has no security, relies on security in the switch
Denial of service
Force a service to fail
Overload the service
Replay Attack
Useful information is transmitted over the network
Network Tap is used to access to the raw network data
Data is replayed to appear as someone else
Spoofing
Pretend to be something you aren’t
Fake web server, fake DNS server, etc.
DNS Poisoning
Modify the DNS server
Modify the client host file
Pharming
Redirection to a bogus site
Combines farming with phishing
Farming - Harvest large groups of people
Phishing - Collect access credentials
Spam
Unsolicited email, traditionally for advertising
Spim
Spam over IM
Spit
Spam over internet telephony
Stopping Spam
White list to only allow known senders
Black list to remove the bad senders
Bayesian filtering can filter based on certain words/phrases
Phishing
Social engineering with a touch of spoofing
Often delivered by spam, IM, etc.
Spear Phishing
More believable phishing with inside information
Spear phishing the CEO is “whaling”
Xmas Tree Attack
Send a carefully crafted packet to a host
URG, PUSH, and FIN are set - 00101001
Transitive attacks
A trusts B, B trusts C, therefore A trusts C
Client-side attacks
Attack the client - Bad programming makes it easier
Browsers, media players, office applications, email clients
Password Attacks
Brute force
Dictionary attack
Hybrid attack
Birthday attack
Rainbow tables
Guess the password, calculate the hash
Use common words as passwords
Combine brute force and dictionary attacks
The same hash value for two plaintexts
An optimized, pre-built set of hashes
Watering Hole Attack
Determine which website the victim group uses
Infect one of these third-party sites
URL Hijacking
Typosquatting / brandjacking
