Network Attacks

CompTIA+ Network Learning

Network Attacks

Unauthorized actions or activities that target and exploit vulnerabilities in a network to gain unauthorized access, disrupt services, or steal information.

Denial of Service (DoS) Attack

A network-based attack where a machine floods a victim with requests for services, overwhelming the victim's system and causing it to crash.

TCP SYN Flood

A type of DoS attack where the attacker initiates multiple TCP sessions but never completes them, resulting in a server being overwhelmed with half-open connections and potential resource exhaustion.

ICMP Flood (Smurf Attack)

A type of DoS attack where the attacker sends a ping to a subnet broadcast address with a spoofed source IP, causing all devices on the subnet to respond to the victim's server and potentially leading to resource exhaustion and server crash.

Distributed Denial of Service (DDoS) Attack

A type of DoS attack where the attacker uses multiple computers, forming a botnet, to simultaneously overwhelm a single server with requests, leading to server exhaustion and crash.

Botnet

A collection of compromised computers controlled by a single master node, used by attackers to carry out coordinated attacks, such as DDoS attacks.

Man in the Middle (MITM) Attack

A network attack where an attacker intercepts and alters communication between two parties without their knowledge, allowing the attacker to eavesdrop, modify, or inject malicious content.

Session Hijacking

An attack where an attacker intercepts and takes control of an ongoing session between a client and a server, allowing the attacker to impersonate the client and gain unauthorized access.

DNS Poisoning

An attack where an attacker corrupts or alters the DNS cache or records, redirecting users to malicious websites or intercepting their communication.

Rogue DHCP Server

An attack where an attacker sets up a DHCP server on a network, providing false IP configuration information to clients, allowing the attacker to monitor or manipulate their network traffic.

On-Path Attack

An attack where the attacker positions themselves between the victim and the intended destination to monitor or manipulate the communication.

MITM (Man in the Middle) Attack

Another name for an on-path attack, where the attacker intercepts the communication between the victim and the intended destination.

Session Hijacking

An attack where the attacker guesses the session ID used between a client and a server to take over the authenticated session.

DNS Poisoning

An attack where the attacker manipulates vulnerabilities in the domain name system (DNS) to redirect traffic from one site to a fake version of that site.

Rogue DHCP Server

A DHCP server that is connected to a network without the authorization or control of the network administrator, which can assign IP addresses, subnet masks, gateways, and DNS server assignments to network clients.

IP Spoofing

A spoofing attack where an attacker modifies the source address of an IP packet to hide their identity or impersonate another client.

MAC Spoofing

A spoofing attack where an attacker changes their MAC address to pretend they are using a different network interface card or device.

ARP Spoofing

A spoofing attack where an attacker modifies the ARP table of a network to associate their MAC address with the IP address of another device, allowing them to intercept or manipulate network traffic.

VLAN Hopping

A spoofing attack where an attacker gains unauthorized access to a different VLAN (Virtual Local Area Network) by exploiting VLAN configuration vulnerabilities.

MAC filtering

A security measure that allows or denies network access based on the MAC address of a device.

ARP spoofing

An attack where an attacker sends falsified ARP messages to manipulate the IP address and MAC address binding in an ARP table.

VLAN hopping

An attack where an attacker bypasses VLAN segmentation by sending traffic from one VLAN to another using double tagging or switch spoofing.

Malware

Malicious software designed to infiltrate and possibly damage a computer system without the user's knowledge or consent.

Viruses

Malicious code that infects a computer and replicates when the code is run, often disguised as legitimate programs or files.

Worms

Malicious software that can self-replicate and spread throughout a network without user interaction, taking advantage of security vulnerabilities.

Trojan horse

Malicious code disguised as harmless or desirable software, performing desired functions while also carrying out malicious actions.

Remote Access Trojan (RAT)

A type of Trojan that provides an attacker with remote control over an infected system, allowing them to steal information or destroy data.

Malware

Malicious software that is designed to harm or exploit a computer system or network.

Ransomware

A type of malware that restricts access to a victim's computer system or files until a ransom or payment is received.

Spyware

Malicious software that is installed on a system to gather information about the user without their consent.

Rootkit

A specific type of software that is designed to gain administrative level control over a computer system or network device without being detected.

Rogue Access Point

A wireless access point that has been installed on a secure network without authorization from a network administrator.

Evil Twin

An attacker sets up a wireless access point with the same name as a legitimate network to intercept and monitor user activity.

Deauthentication Attack

A type of denial of service attack that interrupts communication between a user's client and a wireless access point.

Password Attack

An attacker attempts to crack a password using either a dictionary attack (checking every word in a list) or a brute force attack (trying every possible combination).

Dictionary Attack

An attacker tries to guess a password by checking every word or phrase contained within a word list.

Brute Force Attack

An attacker tries every possible combination until they figure out a password.

Brute force attack

A method of hacking where an attacker systematically tries all possible combinations until they find the correct one.

Hybrid attack

A type of brute force attack where the attacker uses a combination of known information and a word list to speed up the process.

Wireless interception

An attack that involves capturing wireless data packets as they travel through the air, allowing the attacker to potentially crack encrypted information.

Stingray device

Also known as an IMSI catcher, it is a device used to mimic a cellular tower and intercept and capture data from cellular devices in range.

Social engineering

Any attempt to manipulate users into revealing confidential information or performing actions that are detrimental to their security or the security of a system.

Phishing

A type of social engineering attack where an attacker sends an email pretending to be from a legitimate source in order to trick the recipient into revealing sensitive information.

Spear phishing

A targeted form of phishing where the attacker tailors their email to a specific individual or group, increasing the likelihood of success.

Whaling

A form of phishing that specifically targets high-level executives and key personnel within an organization.

Tailgating

When an attacker gains unauthorized access to a secure area by following an authorized person through a door or gate without their knowledge.

Piggybacking

Similar to tailgating, but with the employee's knowledge or consent, where an attacker gains access to a secure area by entering alongside an authorized person.

Shoulder surfing

An attack where an attacker observes someone entering authentication information, such as a password, by directly looking over their shoulder.

Eavesdropping

A form of social engineering attack where an attacker listens in on conversations to gain unauthorized access to information.

Dumpster diving

The act of searching through garbage or recycling containers to find personal or confidential information.

Insider threat

An employee or trusted insider who uses their authorized network access in unauthorized ways to cause harm to a company.

Cross-cut shredder

A type of shredder that cuts paper into small, confetti-like pieces, making it difficult to reassemble.

Lock trashcan

A trashcan that can only be accessed by the organization and waste management company, preventing unauthorized individuals from retrieving sensitive information.

Logic bomb

A specific type of malware that is tied to a logical event or specific time, designed to cause harm or disruption to a system when triggered.

Observation

The act of monitoring employees while they are logged into the network to detect any suspicious or unauthorized activities.

Culture of questioning

Encouraging employees to ask their fellow colleagues about any unusual or suspicious behavior to identify potential insider threats.

Authorized credentials

Valid username and password that allows an employee to access the network and use various servers and applications.

Disgruntled IT administrator

An IT administrator who is dissatisfied or unhappy with the organization and may pose a threat to the network's security.

Countdown clock

A timer that resets when a specific action is performed, and if it reaches zero, triggers a specific event or action, such as unlocking cages or causing harm to a system.