Types of Attacks


Types of Security Attacks
River L.
Flashcards by River L., updated more than 1 year ago
River L.
Created by River L. over 6 years ago

Resource summary

Question Answer
Eavesdropping Attack (Release of Message Contents) A hacker captures ("listens" to) network traffic. a.k.a sniffing or snooping Category: Reconnaissance Attacks
Data Modification Attack (Modification of Messages) A hacker alters data captured from network traffic without the sender or receiver knowing about it
IP, MAC, DHCP Spoofing Attack (Masquerade) A hacker constructs an IP packet that appears to come from a valid address in the company intranet. Category: Access Attacks
Password-Based Attacks A hacker discovers a valid user account and uses it to... - obtain lists of other users - get information about the network - change server/network configurations - modify, reroute, or delete data
Denial-of-Service Attacks Prevents normal use of a computer or network by valid users. This is done by blocking traffic, crashing applications/services, or flooding a computer or network until it shuts down from overload.
Man-in-the-Middle Attack Hackers position themselves between a source and destination in order to invisibly monitor, capture, and control the communication. Category: Access Attacks
Compromised-Key Attack A compromised key is a secret key obtained by a hacker in order to gain access to a secured communication without the sender or receiver knowing about it.
Sniffer Attack A sniffer is an application or device that can monitor and capture network traffic, and read any unencrypted packets. Category: Reconnaissance Attacks
Password Attack A hacker attempts to discover critical system passwords using various methods, including: - social engineering - dictionary attacks - brute force attacks Category: Access Attacks
Trust Exploitation A hacker uses unauthorized privileges to gain access to a system.
Port Redirection A hacker uses a compromised system as a base for attacks against other targets. Category: Access Attacks
Buffer Overflow A hacker exploits the buffer memory and overwhelms it with unexpected values. This usually renders the system inoperable, creating a DoS attack. Category: Access Attacks
Pretexting A hacker calls an individual and lies to them in an attempt to gain access to privileged data. Example: claiming to need personal/financial data to confirm someone's identity Category: Social Engineering Attacks
Phishing A malicious party disguises a fraudulent email as a message from a legitimate, trusted source. Category: Social Engineering Attacks
Spear Phishing A targeted phishing attack tailored for a specific individual or organization. Category: Social Engineering Attacks
Tailgating When an authorized person enters a secure location and a hacker slips in immediately behind them. Category: Social Engineering Attacks
Something for Something (Quid pro quo) A hacker requests personal information from someone in exchange for something (like a free product). Category: Social Engineering Attacks
Baiting A hacker leaves a malware-infected device such as a flash drive in a public location. When someone finds it and plugs it into their computer, they are installing the malware. Category: Social Engineering Attacks
Maliciously Formatted Packets A maliciously formatted packet is forwarded to a host or application, causing some condition the receiving device is unable to handle, causing it to crash. Example: errors the application can't identify Category: DoS Attacks
Overwhelming Quantity of Traffic A network, host, or application is flooded with an enormous amount of data, causing the system to crash or run extremely slow. Category: DoS Attacks
Ping of Death (legacy) An echo request in an IP packet larger than the maximum size (65,535 bytes). Category: DoS Attacks
Smurf Attack (legacy) A large number of ICMP requests sent to various recipients with the spoofed IP of the target as the source address, causing all the recipients to send echo replies to the target's IP at the same time. Category: DoS Attacks
TCP SYN Flood Attack Attacker sends many TCP SYN session requests with a spoofed source IP to the target. Target replies with a SYN-ACK packet, and waits for a responding ACK packet that never comes. Category: DoS Attacks
Distributed DoS Attack (DDoS) A DoS attack originating from multiple coordinated sources (zombies in a botnet, controlled by a handler system). Category: DoS Attacks
Show full summary Hide full summary


Information Security: Chapter 2
CCNA Security 210-260 IINS - Exam 1
Mike M
CCNA Security 210-260 IINS - Exam 2
Mike M
SY0-401 Part 1 (50 questions)
CCNA Security 210-260 IINS - Exam 1
Ricardo Nuñez
CCNA Security 210-260 IINS - Exam 3
irvin pastora
Hacking quiz
Luigi3106 YT
1.3 Network and Security Components
DJ Perrone
Chapter 5: Keeping data safe and secure, keywords
Victoria Heppinstall
Business Studies - Globalization
Rawan Jurdi