Cmmon TCP/IP Attacks

Question 1

Man-in-the-Middle Attack

Answer 1

• Attacker inserts themselves in the middle of a conversation between two systems and exploits the real-time traffic
• eg: ICMP Redirect, DNS Spoofing, DHCP spoofing.

Question 2

Session Hijacking

Answer 2

• also known as sidejacking.
• attacker gains physical access to the network and hijacks the session.
• stealing session cookies is an example
• sniffing

Question 3

IP Address spoofing

Answer 3

• Attacker impersonates another device to excite an attack.

* pretend to be something that you’re not.

Question 4

DoS

Answer 4

• Denial of Service Attack
• Attacker attempt to prevent legitimate users from accessing information or services by flooding the network with traffic.

Question 5

DDoS

Answer 5

• A simultaneous, coordinated attack from multiple source machines.

Question 6

Smurf Attack

Answer 6

• Attacker uses large number of ICMP packets via a broadcast.

Question 7

Attack Surface

Answer 7

• All of the different points, the “attack vectors” in a given computing device or network that are accessible to an unauthorized user or attacker
• Attack Surface can be broken down into 4 different areas: Network, Software, Physical, social engineering

Question 8

Attack Vector

Answer 8

• Methods used by a hacker to exploit the systems, software, network.
• eg: Malware - viruses, email spams, ads, and spyware
• SQL Injection, DDoS Attack’s, Phishing, Eaves dropping, Malware injection.