Network Attacks
  • Clickjacking - tricking a web user into clicking a spoofed button or graphic.
  • Session Hijacking (Cookie Hijacking) - exploiting a valid computer session, or session key, to gain unauthorized access to information or services.
  • URL Hijacking / Typo Squatting - the act of registering domains that are similar to those for a known entity but based on a misspelling or typographical error.
  • MAC Spoofing - The MAC address is hard-coded onto a NIC number. Many drivers allow the MAC address to be changed. A technique for changing a factory-assigned MAC address of a network interface on a networked device.
  • IP Spoofing - A technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonates another machine by manipulating IP packets. IP Spoofing involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value.
  • ARP Spoofing - When an attacker sends fake ARP messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network.
  • Man-in-the-Middle Attack
    • The attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
    • The attacker may either observe (confidentially attack) or alter (integrity attack).
  • Denial of Service Attacks (DoS)
    • Preventing access to resources by users authorized to use those resources. Attacking systems availability.
    • May accomplish:
      • Deny access to information, applications, systems, or communications.
      • Bring down a website while the communications and systems continue to operate.
      • Crash the operating system (a simple reboot may restore the server to normal operation).
      • Fill the communications channel of a network and prevent access by authorized users.
  • Distributed Denial of Service (DDoS) Attacks
    • A DoS attack utilizing multiple compromised computer systems as sources of attack traffic.
    • Amplifies the concepts of a DoS attack by using multiple computer systems (often through botnets) to conduct the attack against a single organization.
  • DoS & DDoS Prevention
    • Work with your ISP / network provider.
    • Border protections / IDS / IPS.
    • Update network appliances, OS, and applications.
    • End users' systems are UTD and deploy AV - bot protection.
  • Amplification Attacks
    • The goal of the attacker is to get a response to their request in a greater than 1:1 ratio so that the additional bandwidth traffic works to congest and slow the responding server down.
    • The ratio achieved is known as the amplification factor, and high numbers are possible with UDP based protocols such as NTP, CharGen, and DNS.
    • Usually employed as part of a DDoS attack.
  • Domain Hijacking / DNS Poisoning / DNS Spoofing
    • AKA Resolution Attacks
    • Poisoning: When an attacker alters the domain-name-to-IP-address mappings in a DNS system to redirect traffic to a rogue system or perform a DoS attack.
    • Spoofing: When an attacker sends false replies to a requesting system in place of a valid DNS response.
    • Prevention
      • Protect any internal DNS servers.
      • Use authoritative DNS sources.
  • Wireless Attacks
    • Evil Twin - A Rogue wireless access point poses as a legitimate wireless service provider to intercept information that users transmit.
    • Rogue AP - Any wireless access point added to your network that has not been authorized.
    • Initialization Vector (IV) - An arbitrary number than can be used along with a secret key for data encryption. This number, also called a nonce, is employed only one time in any session. If the IV is weak, as in WEP, it may be reused.
    • Jamming- Causing interference with a wireless signal.
  • PAN Wireless Attacks
    • Bluejacking - The sending of unsolicited messages, such as spam, over a Bluetooth connection.
    • Bluesnarfing
      • The gaining of unauthorized access through a Bluetooth connection.
      • Intercepting data through a Bluetooth connection.
Copy link