Network Attacks
Clickjacking - tricking a web user into clicking a spoofed button or graphic.
Session Hijacking (Cookie Hijacking) - exploiting a valid computer session, or session key, to gain unauthorized access to information or services.
URL Hijacking / Typo Squatting - the act of registering domains that are similar to those for a known entity but based on a misspelling or typographical error.
MAC Spoofing - The MAC address is hard-coded onto a NIC number. Many drivers allow the MAC address to be changed. A technique for changing a factory-assigned MAC address of a network interface on a networked device.
IP Spoofing - A technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonates another machine by manipulating IP packets. IP Spoofing involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value.
ARP Spoofing - When an attacker sends fake ARP messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network.
Man-in-the-Middle Attack
The attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
The attacker may either observe (confidentially attack) or alter (integrity attack).
Denial of Service Attacks (DoS)
Preventing access to resources by users authorized to use those resources. Attacking systems availability.
May accomplish:
Deny access to information, applications, systems, or communications.
Bring down a website while the communications and systems continue to operate.
Crash the operating system (a simple reboot may restore the server to normal operation).
Fill the communications channel of a network and prevent access by authorized users.
Distributed Denial of Service (DDoS) Attacks
A DoS attack utilizing multiple compromised computer systems as sources of attack traffic.
Amplifies the concepts of a DoS attack by using multiple computer systems (often through botnets) to conduct the attack against a single organization.
DoS & DDoS Prevention
Work with your ISP / network provider.
Border protections / IDS / IPS.
Update network appliances, OS, and applications.
End users' systems are UTD and deploy AV - bot protection.
Amplification Attacks
The goal of the attacker is to get a response to their request in a greater than 1:1 ratio so that the additional bandwidth traffic works to congest and slow the responding server down.
The ratio achieved is known as the amplification factor, and high numbers are possible with UDP based protocols such as NTP, CharGen, and DNS.
Usually employed as part of a DDoS attack.
Domain Hijacking / DNS Poisoning / DNS Spoofing
AKA Resolution Attacks
Poisoning: When an attacker alters the domain-name-to-IP-address mappings in a DNS system to redirect traffic to a rogue system or perform a DoS attack.
Spoofing: When an attacker sends false replies to a requesting system in place of a valid DNS response.
Prevention
Protect any internal DNS servers.
Use authoritative DNS sources.
Wireless Attacks
Evil Twin - A Rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit.
Rogue AP - Any wireless access point added to your network that has not been authorized.
Initialization Vector (IV) - An arbitrary number than can be used along with a secret key for data encryption. This number, also called a nonce, is employed only one time in any session. If the IV is weak, as in WEP, it may be reused.
Jamming- Causing interference with a wireless signal.
PAN Wireless Attacks
Bluejacking - The sending of unsolicited messages, such as spam, over a Bluetooth connection.
Bluesnarfing
The gaining of unauthorized access through a Bluetooth connection.
Intercepting data through a Bluetooth connection.
