Reconnaissance Attack
It's an information gathering attack (vulnerabilities) that can be used later for more direct attacks.
In military Reconnaissance means observation of a region to locate enemy or mission inside enemy's territory to gather strategic information, in computer security it is usually a preliminary step toward a further attack, seeking information to exploit the target system.
Attacker can use Ping sweeps, Port Scans, OS Scans, nslookup, whois databases, there are plenty of tools out there which can be used for information gathering.
Eavesdropping
Generally speaking, eavesdropping is to secretly listen the private conversation between two or more people without their consent.
In digital communication most of the communication takes place in an insecure manner or clear-text format, eavesdropping is unauthorized real-time interception of network traffic usually known as sniffing or snooping.
This type of network attack enables attacker who have access to your communication path (Network) to listen and interpret your network traffic.
Denial-of-Service Attack
A type of attack in which attacker intends to make system or network resources unavailable to the legitimate users or clients, disrupting the services provided by the organization.
This type of attack is usually accomplished by flooding the network or system resources by superfluous requests which appears to be originating from legitimate source, hence depriving the system of its resources.
SYN Flood Attack
This is a type of denial of service attack, TCP connection is a three-way hand shake.
To establish a TCP connection a host computer sends a TCP SYN message to the remote server requesting a connection, remote server in return answers with a TCP SYN-ACK, confirming connection can be established, After TCP SYN-ACK is received host computer sends a TCP ACK packet to the remote server and at this stage a TCP socket (connection) is established.
An attacker exploit this 3 way hand shake, he sends TCP SYN message to request a connection on an open port to the server, server thinking of this request as a legitimate request sends TCP SYN-ACK message and at this stage connection is half open and server is waiting for TCP ACK message which attacker never sends and repeatedly send TCP SYN packets on all ports of a server using fake IP addresses until all the open ports of the server are depleted, because server reserve the port for the connection waiting for the TCP ACK packets from the attacker, when all the open ports are depleted server becomes unresponsive or unavailable to the legitimate clients.
ICMP Flood Attack
This is also type of Denial of service attack, which involves sending overwhelmingly huge number of echo request as fast as possible, with 100s or 1000s of spoofed IPs without waiting for the reply until and unless the bandwidth of the target system is totally congested with ICMP packets or CPU utilization goes very high making the target system unavailable for the legitimate users.
This attack is most effective if your bandwidth is higher than the bandwidth of the victim or you can make it effective by making it distributed denial of service attack and forcing botnets to send ICMP requests to single victim non-stop.
Please read the explanation of Distributed-Denial-of-Service-Attack and Botnet for better understanding of this attack type.
Ping of Death
Another example of denial of service attack in which an attacker sends a malformed, corrupted or oversize ping packets to the target machine, which causes buffer overflow on the victim and the system crashes making the resources unavailable to the legitimate users.
Teardrop Attack
This is also a type of denial of services attack which exploits the TCP/IP fragmentation assembly code.
In this attack large number of fragmented packets with bug in TCP/IP reassembly and huge payloads are sent to the intended target, the target tries to reassemble the fragmented packets, these fragmented packets with huge payload and bug in reassembly overlap each other so cannot be reassembled causing the system to crash.
This type of attack was more common in old obsolete operating systems.
Distributed-Denial-of-Service-Attack (DDoS)
In DDoS a perpetrator uses multiple sources to launch DoS attack, sometimes using thousands of spoofed IP's from same location or undermining or hacking into thousands of machines (Botnets) on internet around the world to launch the attack on the target system (servers, network resource or a website) by flooding the target with incoming messages, connection requests, or malformed packets.
This makes it very difficult to distinguish between interesting (legitimate) traffic and attack traffic, also making it almost impossible to stop the attack by using simple ingress filtering when attacking traffic have so many points of origin.
Botnet
A collection of infected or compromised machines controlled remotely by a remote attacker to perform various types of malicious activities, usually attacking networks or computers.
Smurf Attack
A type of distributed denial of service attack, in which a large number of ICMP packets with source address of the intended victim are sent to computer networks using their broadcast addresses, in return all the computer on the network will send ICMP reply packets to the single victim chewing up its bandwidth and resources slowing it down and a point comes where it stops working.
Identity Spoofing
Spoofing is to scam or to trick somebody by impersonating to be somebody else you're not.
Many protocols in TCP/IP protocol stack do not provide a mechanism to authenticate source or destination of a message hence are vulnerable to spoofing attacks.
In digital communication some sort of addressing scheme is a must like IP Address, MAC address, Apple Talk address depending upon the communication protocol you're using, an attacker may use a tool to construct IP packets which appear to be originating from a valid and trusted address inside the corporate network.
Attacker impersonates to be a legitimate and trusted user
from inside the organization and once he gained access to the network resources
he can launch a variety of attacks like modifying, re-routing the traffic,
stealing confidential information or deleting data,
IP Spoofing, MAC spoofing, ARP spoofing are some of the
examples of identity spoofing attacks, denial of service attacks usually uses
spoofing attacks to overload the network resources or system resources with
packets which appears to be originating from legitimate source.
Man-in-the-Middle Attack
An attack in which an attacker intercepts traffic between two communicating parties relays messages between them impersonating as the opposite party and possibly alters the traffic between them, both parties believe that they are communicating directly with each other over a secure or a private connection.
This type of attack gives ability to the attacker to receive sensitive data in real time which was meant for somebody else, it is a type of eavesdropping in which session is controlled by the attacker, hence this type of attack is also known as session hijacking.
Data Modification Attack
Sometimes this type of attack is correlated with eavesdropping attack and man-in-the-middle attack, after hijacking a session or getting access to the data being transmitted between two parties hacker attempts to make changes to data on the target machine or data en route to the target machine without the knowledge of sender or receiver.
These type of attacks involves insertion, deletion or
modification of data in an unauthorized manner, which is intended to appear
authentic and legitimate to the users, usually these attacks are hard to
detect.
Even if you don't want data confidentiality, while the data
is in transit even in that case you don't want your messages or data to be
modified during transit or when at rest on your machine.
Sniffer Attack
Sniffer is a device or a software like (Wireshark) capable of sniffing or capturing the data flowing in your network to steal the sensitive information specific to that particular network.
Sniffing is a type of data interception and sniffer gives full view of what's inside the packet even if the traffic is encapsulated, until and unless the traffic is encrypted and attacker do not have access to decryption key.
Password-Based Attacks
Usually in system or in networking equipment, your access level is defined by who you're and your username and password defines who you're.
Older applications usually did not have any mechanism to protect your information while on transit (encryption) and an eavesdropper can potentially take benefit of this weakness, a good example is telnet session sends all data un-encrypted and any eavesdropper can intercept the traffic and can steal the critical information like username and password and once he has access he can impersonate you, and if you have administrator rights he has the same rights on the network or on the system.
Password Guessing Attacks
Type of attack in which network or system resource or an account is repeatedly attacked in a symmetrical manner until successful, it is usually done by using commonly used passwords or default passwords.
There are two types of Password Guessing Attacks
Brute Force Attack:
In this type of attack every possible combination is tested, this type of attack might take too much time depending upon length and complexity of password.
Dictionary Attack:
In this type of attack common words are used from a dictionary to identify the password there are several tools in the public domain to automate this whole process.
Application-Layer Attacks
Application layer is also known as Layer 7 attack as Application layer is the 7th layer in OSI (Open System Interconnect) reference model.
In this type of attack, the attacker focuses on only the 7th layer of OSI or the application layer, when an attacker performs DDoS attack on application layer he needs a lot less bandwidth and resources as compared to launching an attack on network layer.
For Example: when launching a DDoS attack like "SYN flood" on network layer, attacker needs to produce huge number of packets to be effective, on the other hand HTTP request utilizes considerable amount of resources, so to launch a very prominent layer 7 attack "HTTP Flood" a limited number of packets can launch the attack on a much larger scale.
Back Door Attacks
In backdoor attack a bad guy tries to access the resources of system or network bypassing the conventional security mechanism.
There are two types of back doors.
- During the development of applications, developers creates back doors or maintenance hooks giving them access to observe how code works during the software operations.
- A program or utility which is inserted in a system or a network resource which create an entrance or backdoor for the attacker, usually remote access is granted to resources within a system or network resource.
Compromised key Attack
In computer networks for secure communication different kind of keys, codes or number are used to interpret (encrypt, decrypt & validate) information, these codes also correspond to the certificates associated with the server.
If attacker manages to get access to the network he can eavesdrop the network traffic and he can determine the encryption key, though it is a processor intensive (resource hungry) and time taking but still it is possible.
When an attacker somehow manages to determine or calculate the key, then we call it a compromised key, compromised key enables perpetrator to decrypt or modify the traffic without the knowledge of sender or a receiver, attacker can also try to use compromised key to calculate other keys to gain access to other secured communications.
Replay Attacks
In a distributed network, credentials are transmitted over network between clients, the attackers capture the traffic (password or hash) on the network, same thing can happen with the security certificates as well, attacker resubmits the certificate, password or hash to get validated through authentication system.
These kind of attacks are also known as playback attacks and are very much common these days.
Buffer Overflow Attacks
Buffer is a sequential section of memory; buffers are designed to hold data while moving it from one section of program to another or between different programs. the buffer has an infinite defined size.
If a programs while writing to buffer puts data more than buffer can hold (more than its capacity/size) data starts overflowing and is written on the adjacent memory, after the buffer allocated memory (outside buffers boundary), this situation is called buffer overrun or buffer overflow.
If the data which can be even executable code, is overwritten in the adjacent memory it may cause unpredictable application behavior, memory access error or even cause crashes.
Data designed to cause buffer overflow can enable attacker to overwrite data into specific locations inside the operating system containing executable code replacing it with malicious code which attacker wants to execute.
Social Engineering Attacks
This is not a traditional attack, it is a type of attack in which an attacker heavily relies on human interaction, the attacker psychologically manipulates a human, working on network or system resources to divulge confidential and critical information.
These types of attacks are usually designed to gather information, to fraud or trick a human to ask critical information or run a malicious program which can help to break the normal security procedures, helping attacker to gain access over your machine.
.
The attacker might contact you via phone, email or by any other means pretending to be your co-worker who is in trouble and needs your immediate help, from your bank and needs to verify you with your personal details like account number, date of birth, mother name, credit card number, credit card pin etc, from law enforcement or government asking confidential and personal information or from HR who wants to get some information from you to calculate payroll or you vacation, attacker can disguise anybody to trick you.
0 Comments