Network Attacks Flashcards
Flood Attack
A specialized type of DoS which attempts to send more packets to a single server or host than they can handle
Ping Flood
An attacker attempts to flood the server by sending too many ICMP echo request packets (which are known as pings)
Smurf Attack
First, the malware creates a network packet attached to a false IP address — a technique known as “spoofing.”
Inside the packet is a ping message, asking network nodes that receive the packet to send back a reply
These replies, or “echoes,” are then sent back to network IP addresses again, setting up an infinite loop.
Fraggle Attack
Attacker sends a UDP echo packet to flood a server with UDP packets. Similar to smurf (which uses ping echos)
SYN Flood
Variant on a Denial of Service (DOS) attack where attacker initiates multiple TCP sessions but never completes the 3-way handshake
XMAS Attack
send a very specifically crafted TCP packet to a device on the network. This crafting of the packet is one that turns on a bunch of flags. There is some space set up in the TCP header, called flags. And these flags all are turned on or turned off, depending on what the packet is doing.
Xmas turns on 3 flags which are very unusual, so device is confused, could cause DoS
Ping of Death
Ping of Death (a.k.a. PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command
older one, ping flood is newer
Teardrop Attack
type of DoS
the client sends an intentionally fragmented information packet to a target device. Since the packets overlap, an error occurs when the device tries to reassemble the packet. The attack takes advantage of that error to cause a fatal crash in the operating system or application that handles the packet.
Permanent DoS
Attack which exploits a security flaw to permanently break a networking device by reflashing its firmware
Fork Bomb
Attack that creates a large number of processes to use up the available processing power of a computer
DNS Amplification
A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS), in which attackers use publically accessible open DNS servers to flood a target system with DNS response traffic. The primary technique consists of an attacker sending a DNS name lookup request to an open DNS server with the source address spoofed to be the target’s address. When the DNS server sends the DNS record response, it is sent instead to the target. Attackers will typically submit a request for as much zone information as possible to maximize the amplification effect.
Stopping DDoS
Blackholing: Identifies any attacking IP addresses and routes all their traffic to a nonexistent server
Session Theft
Attacker guesses the session ID for a web session, enabling them to take over the already authorized session of the client
TCP/IP Hijacking
Occurs when an attacker takes over a TCP session between two computers without the need of a cookie or other host access
Blind Hijacking
Occurs when an attacker blindly injects data into the communication stream without being able to see if it is successful or not
Clickjacking
is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages
Man-in-the-Browser: MITB
Man-in-the-browser is a form of man-in-the-middle attack where an attacker is able to insert himself into the communications channel between two trusting parties by compromising a Web browser used by one of the parties, for the purpose of eavesdropping, data theft and/or session tampering.
Watering Hole
Occurs when malware is placed on a website that the attacker knows his potential victims will access
Replay Attack
Network-based attack where a valid data transmission is fraudulently or malicious rebroadcast, repeated, or delayed
Multi-factor authentication can help prevent successful replay attacks
Transitive Attacks
Transitive Attacks aren’t really an attack but more of a conceptual method
When security is sacrificed in favor of more efficient operations, additional risk exists
DNS Poisoning
Occurs when the name resolution information is modified in the DNS server’s cache
If the cache is poisoned, then the user can be redirected to a malicious website
Unauthorized Zone Transfer
Occurs when an attacker requests replication of the DNS information to their systems for use in planning future attacks
DNS Zone transfer is the process where a DNS server passes a copy of part of it’s database (which is called a “zone”) to another DNS server.
basic DNS Zone Transfer Attack isn’t very fancy: you just pretend you are a secondary and ask the primary for a copy of the zone records. And it sends you them
Altered Hosts File
host files
Occurs when an attacker modifies the host file to have the client bypass the DNS server and redirects them to an incorrect or malicious website
The computer file hosts is an operating system file that maps hostnames to IP addresses. It is a plain text file.
Pharming
Occurs when an attacker redirects one website’s traffic to another website that is malicious
Domain Name Kiting
Attack that exploits a process in the registration process for a domain name that keeps the domain name in limbo and cannot be registered by an authenticated buyer
ARP Poisoning
Attack that exploits the IP address to MAC resolution in a network to steal, modify, or redirect frames within the local area network
Allows an attacker to essentially take over any sessions within the LAN
ARP Poisoning is prevented by VLAN segmentation and DHCP snooping