4.1.20 - Network Security Attacks - 2

Smurf Attack

Form of DDoS attack where the attacker sends ICMP echo request packets with a spoofed source IP address to a large number of hosts (this amplifies the attack), the hosts send ICMP responses to the spoofed source address (the victim).

CH: Classic amplification attack leveraging broadcast networks and ICMP.

Fraggle Attack

Form of DDoS attack where the attacker sends UDP packets to a router's broadcast address with a spoofed source IP address (this amplifies the attack), the responses are sent to the spoofed source address (the victim).

CH: UDP-based amplification attack, conceptually similar to Smurf but less common today.

Overlapping Fragments (teardrop) Attack

Form of DDoS attack where the attacker sends fragments of packets of differing sizes out of order and in overlapping positions, the target system cannot reassemble the packets causing it to crash.

CH: Exploits flaws in IP fragmentation and reassembly logic.

Denial of Service (DoS) Attack

Any attack that negatively impacts the availability of the victim system such that authorized users cannot access the victim system for business purposes.

CH: Directly targets the Availability pillar of CIA.

Distributed Denial of Service (DDoS) Attack

A Denial of Service attack that originates from multiple attacking systems, possibly thousands, hundreds of thousands, or even millions of attacking systems focusing on making one target unavailable.

CH: Scale and distribution make mitigation significantly harder than single-source DoS.

Man-in-the-Middle Attack

Any attack where the attacker places themselves in the middle of computers which are communicating with each other such that the attacker can intercept / modify the communications.

CH: Often enabled by weak authentication, lack of encryption, or ARP/DNS manipulation.

Ping of Death

Specially formatted packet that violates standards by being larger than a normal packet which causes receiving systems to fail.

CH: Legacy attack demonstrating protocol implementation weaknesses.

ARP Poisoning

Attacker modifies an Address Resolution Protocol (ARP) table, often their own ARP table, such that the router reads the update and begins redirecting traffic to a new destination (e.g. to the attacker instead of the victim's system).

CH: Common technique used to enable man-in-the-middle attacks on local networks.

Spam

Unsolicited or undesired emails sent to a large number of recipients.

CH: Often serves as a delivery mechanism for phishing, malware, or social engineering.

Pharming attack

Victim is redirected to a fake site that looks very similar or exactly like the site they were intending to visit (e.g. victim's online banking site) and the fake site captures the data provided by the victim (e.g. username, password, personal information, etc.).

CH: Typically enabled through DNS manipulation rather than user action alone.

Masquerading attack

An attacker uses a valid user's or system's identity to gain unauthorized access (e.g. stealing an employee's company badge,). IP spoofing and session hijacking are types of masquerading attacks.

CH: Closely tied to failures in authentication and identity assurance.

Hyperlink Spoofing

Act of disguising a malicious hyperlink as a legitimate one to trick the user into clicking it and redirecting them to a fake website or download malware.

CH: Frequently tested as a phishing and social engineering technique.

Packet Sniffer

Tool or software that captures and analyzes network traffic packets, allowing the user to monitor and troubleshoot network issues or potentially intercept sensitive information.

CH: Can be legitimate or malicious depending on authorization and context.