[ TIL ] Network Attacks

charco·2021년 10월 3일
0

나도TIL

목록 보기
43/55

Network Attacks

DNS Cache Poisning Attack

A DNS Cache Poisoning attack works by tricking a DNS server into accepting a fake DNS record that will point you to a compromised DNS server.

Man-in-the-middle Attack

A man-in-the-middle attack, is an attack that places the attacker in the middle of two hosts that think they're communicating directly with each other.

  • Rogue AP
    A rogue AP is an access point that is installed on the network without the network administrator's knowledge.

  • Evil Twin
    The premise of an evil twin attack is for you to connect to a network that is identical to yours. This identical network is our networks evil twin and is controlled by our attacker.

Denial Of Service (DoS)

A Denial-of-Service, or DoS attack, is an attack that tries to prevent access to a service for legitimate users by overwhelming the network or server.

Ping Of Death (POD)

It works by sending a malformed ping to a computer.
The ping would be larger in size than what the internet protocol was made to handle. So it results in a buffer overflow.

Ping Flood

Sends tons of ping packets to a system.
More specifically, it sends ICMP echo requests, since a ping expects an equal number of ICMP echo replies.

SYN Flood

The server is being bombarded with the SYN packets. The server is sending back SYN-ACK packets but the attacker is not sending ack messages.'

Distributed Denial Of Service (DDoS)

DDoS attacks need a large volume of systems to carry out an attack and they're usually helped by botnet attackers.

Other Attacks

Injection Attacks

A common security exploit that can occur in software development and runs rampant on the web is the possibility for an attacker to inject malicious code.

  • Cross-site Scripting (XXS)
    A type of injection attack where the attacker can insert malicious code and target the user of the service.
  • SQL Injection Attack
    Unlike an XSS that targets a user, a SQL injection attack targets the entire website if the website is using a SQL database.

Password Attacks

  • Brute force Attack
    Just continuously tries different combinations of characters and letters until it gets access.

Deceptive Attacks

  • Social Enginnering
    Social engineering is an attack method that relies heavily on interactions with humans instead of computers.

  • Phishing Attack
    Phishing usually occurs when a malicious email is sent to a victim disguised as something legitimate.

  • Spearfishing
    spearfishing specifically targets individual or group.

  • E-mail Spoofing

  • Baiting

  • Tailgating

profile
charco
아직 배우는 중입니다
이전 포스트

[ TIL ] Malicious Software

다음 포스트

[ TIL ] Symmetric Encryption

0개의 댓글