Denial of Service Attack

These flashcards cover key terminology and concepts related to Denial of Service attacks as presented in the lecture by Prof. Brian Zuel.

Denial of Service (DoS)

A type of cyber attack aimed at making a system unavailable to its intended users by overwhelming it with traffic or exploiting system vulnerabilities.

Volumetric Attacks

A category of DoS attacks that involve overwhelming a target with a high volume of traffic to consume bandwidth.

SYN Flood

A DoS attack that exploits the TCP three-way handshake by sending SYN packets to a target without completing the handshake.

Smurf Attack

A DoS attack where the attacker sends ICMP packets with a spoofed source address to a broadcast address, causing all hosts to reply to the victim.

Ping Flood Attack

An attack where an attacker overwhelms a target with ICMP Echo Request (ping) packets.

Teardrop Attack

A type of DoS attack that sends fragmented packets to a target that cannot properly reassemble them.

DNS Spoofing

The act of corrupting the DNS cache to direct users to malicious sites instead of legitimate ones.

Session Hijacking

An attack where the hacker takes over a user session to gain unauthorized access to information or services.

Distributed Denial of Service (DDoS)

An attack that uses multiple compromised systems to launch a coordinated attack on a target, amplifying the attack's impact.

Botnet

A network of compromised devices controlled by an attacker, often used to perform DDoS attacks.

Intrusion Detection Systems (IDS)

Security solutions designed to detect unauthorized access or attacks on a network.

Encryption

A method of securing data by encoding it so that only authorized parties can access it.

Network threats

Potential dangers that can compromise the integrity, confidentiality, or availability of networked systems.

Man in the middle attack

An attack where the attacker secretly relays and possibly alters the communication between two parties.

Firewall

A network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies.

Malware

Malicious software designed to disrupt, damage, or gain unauthorized access to a computer system.

Phishing

A social engineering technique where attackers send deceptive communications, such as emails, to trick individuals into revealing sensitive information or installing malware.

SQL Injection

A code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g., to dump database contents to the attacker).

Cross-Site Scripting (XSS)

A type of security vulnerability typically found in web applications that enables attackers to inject client-side scripts into web pages viewed by other users.