Knowledge Base
Getting Started
This will help you along your journey towards IT Success
Network Threats and Attacks
Methods that hackers can gain access to networks
Terms and Definitions
-
Malware - Malware is software designed to take over or damage a computer without the user's knowledge or approval.
-
DoS and DDoS - Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks impact system availability by flooding the target system with traffic or requests or exploiting a system or software flaw.
-
Permanent denial of service (PDoS) - A permanent denial of service (PDoS) is an attack that damages a system so badly that it requires the replacement or re-installation of hardware.
-
Virus - A virus is a program that attempts to damage a computer system and replicate itself in other computer systems.
-
Worm - A worm is a self-replicating program.
-
​Trojan horse - A Trojan horse is a malicious program disguised as legitimate or desirable software.
-
Zombie - A zombie is a computer infected with malware that allows remote software updates and control through a command-and-control center called a zombie master.
-
Botnet - A botnet refers to a group of zombie computers commanded by a central control infrastructure.
-
Rootkit - A rootkit is a program that allows attackers to maintain permanent and hidden administrator-level access to a computer.
-
Logic bomb - A logic bomb is designed to execute only under predefined conditions and lies dormant until the predefined condition is met.
-
Spyware - Spyware is software that is installed without the user's consent or knowledge. Spyware is designed to intercept or partially control the user's interaction with the computer.
-
Adware - monitors actions that denote personal preferences and then sends pop-ups and ads that match those preferences.
-
Ransomware - denies access to a computer system until the user pays a ransom.
-
Scareware - is a scam that fools users into thinking they have some form of malware on their system. The scam intends to sell the user fake antivirus software to remove malware they don't have.
-
Crimeware - is designed to facilitate identity theft by gaining access to users' online financial accounts, such as banks and online retailers.
-
Ping flood - A ping flood is a simple DoS attack where the attacker overwhelms the victim with ICMP Echo Request (ping)
-
packets.
-
Ping of death - The ping of death is a DoS attack that uses the ping utility to send oversized ICMP packets.
-
Smurf - A smurf attack is a DDoS attack that spoofs the source address in ICMP packets. A smurf attack requires an attacker system, an amplification network, and a victim computer or network.
-
SYN flood - The SYN flood exploits the TCP three-way handshake. So many resources are allocated that the victim cannot process a legitimate inbound request for a TCP/IP session.
-
LAND - A LAND attack is when an attacker floods the victim's system with packets that have forged headers.
-
Christmas (Xmas) tree - A Christmas (Xmas) tree attack - (also known as Christmas tree scan, nastygram, kamikaze, or lamp test segment) uses an IP packet with every option turned on for the protocol being used. Christmas tree packets can be used to conduct reconnaissance by scanning for open ports and a DoS attack if sent in large numbers.
-
On-path attack - An on-path attack is used to intercept information between two communication partners.
-
TCP/IP (session) hijacking - TCP/IP hijacking is an extension of an on-path attack where the attacker steals an open and active communication session from a legitimate user.
-
HTTP (session) hijacking - HTTP (session) hijacking is a real-time attack in which the attacker hijacks a legitimate user's cookies and uses the cookies to take over the HTTP session.
-
Replay attack - In a replay attack, the attacker uses a protocol analyzer or sniffer to capture authentication information from the client to the server. The attacker then uses this information to connect at a later time and pretend to be the client.
-
IP spoofing - IP spoofing changes the IP address information within a packet. It can be used to hide the origin of the attack by spoofing the source address. It can also amplify attacks by sending a message to a broadcast address and then redirecting responses to a victim who is overwhelmed with responses.
-
MAC spoofing - MAC spoofing is when an attacking device spoofs the MAC address of a valid host in the MAC address table of the switch. The switch then forwards frames destined for that valid host to the attacking device.
-
ARP - spoofing ARP spoofing (also known as ARP poisoning) uses spoofed ARP messages to associate a different MAC address with an IP address. ARP spoofing can also perform denial-of-service (DoS) attacks by redirecting communications to fake or nonexistent MAC addresses.
-
DNS spoofing - DNS spoofing (also known as DNS poisoning or pharming) takes advantage of the DNS server's ability to resolve a domain into its respective IP address. This attack exploits DNS vulnerabilities, resolving a domain typed on a browser into a fake IP address. It also redirects connections to a potentially malicious server.