Network Security Attack Types

Glossary

Description

ARP spoofing 

is the process of linking an attacker’s MAC address with the IP address of a legitimate user on a local area network using fake ARP messages Tools – ArpSpoof, Cain & Abel

ARP poisoning

ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends Address Resolution Protocol messages onto a local area networ

DNS spoofing

also known as DNS cache poisoning, involves infiltrating a DNS server and altering a website’s address record. security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer. This technique can also be used for phishing attacks, where a fake version of a genuine website is created to gather personal details such as bank and credit/debit card details. VARAINTS

1.     Redirect the target domain's name server  

2.     Redirect the NS record to another target domain

Phishing

is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication.[1][2] Typically carried out by email spoofing[3] or instant messaging,[4] it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site

1.     Phishing attempts directed at specific individuals or companies have been termed spear phishing

2.     Clone phishing is a type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned emai

3.     The term whaling has been coined for spear phishing attacks directed specifically at senior executives and other high-profile targets

IP Spoofing

When an IP spoofing attack occurs, this source details that IP address which specifies the sender of the packet is not actual, but a bogus IP address which is permitted to access the website. Blind Spoofing - attacker transmits multiple packets to his intended target to receive a series of numbers, o that he can analyze the sequence number, now he can inject stream Non- Blind Spoofing - cracker resides on the same subnet as his intended target so that he is aware of the sequence of the packets. 

Prevention -HTTPS, IPv6, Monitoring Framework Unicast Reverse Path Forwarding (This security feature works by enabling a router to verify the reachability of the source address in packets being forwarded). Antispoofing with Access Lists

MAC Flooding

Method of attacking the network switches. However, the victim of the attack is a host computer in the network. to takedown this MAC Table. The MAC addresses of legitimate users will be pushed out of the MAC Table.

Prevention – Port Security, (Authentication with AAA/Implement IEEE 802.1X), Prevent ARP Spoofing or IP Spoofing

Bruteforce attack

Dictionary attack

Hybrid attack

Rainbow table attacks

A rainbow table attack is a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in a database system. A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database.

Role based attacks

Wiretapping(P)

is the monitoring of telephone and Internet conversations by a third party

Idle Scan(P)

s a TCP port scan method that consists of sending spoofed packets to a computer[1] to find out what services are available. This is accomplished by impersonating another computer called a "zombie" (that is not transmitting or receiving information) and observing the behavior of the ''zombie'' system.

VLAN Hopping

a method of attacking networked resources on a virtual LAN (VLAN). switch spoofing - attacking host imitates a trunking switch and double tagging - an attacker connected to an 802.1Q-enabled port prepends two VLAN tags to a frame that it transmits.

Prevention – Ensure that ports are not set to negotiate trunks automatically by disabling DTP: Double Tagging can only be exploited on switch ports configured to use native VLANs.[2]:162 Trunk ports configured with a native VLAN don't apply a VLAN tag when sending these frames

Smurf Attack

is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address. Victim is flooded with ICMP echo response

1.   Prevention – Configure individual hosts and routers to not respond to ICMP requests or broadcasts; or

2.   Configure routers to not forward packets directed to broadcast addresses

MAN IN THE MIDDLE (MITM) ATTACK

-Attackers wishing to take a more active approach to interception may launch one of the following attacks:

IP spoofing, ARP spoofing, DNS spoofing

heuristic

How anti virus works – Signature based method & Heuristic method (Behaviour of a program)

Replay Attack

is a form of network attack in which a valid data transmission is maliciously or .... Active wiretapping