1.

4 Types of Attacks
Attack is an exploitation of computer systems and networks. It
uses malicious code to alter computer code, logic or data and lead
to cybercrimes, such as information and identity theft.

Types of Attacks

Passive Attacks Active Attacks

Passive Attacks
&
Active Attacks
Passive attack do not involve any modifications to the content of
an original message

Passive Attacks (Interception)

Release of
message Traffic
contents Analysis
In active attacks, the content of an original message are
modified in some ways

Active Attacks

Masquerade Denial of Service-DOS

Modification

Replay Attack Alteration

 Sniffing

∙ Sniffer is software or hardware that is used to observe traffic as it passes

through a network on shared broadcast media.

∙ It can be used to view all traffic or target specific protocol, service, or

string of characters like logins.

∙ Some network sniffers are not just designed to observe the all traffic but
also modify the traffic.

∙ Network administrators use sniffers for monitoring traffic.

∙ They can also use for network bandwidth analysis and to troubleshoot
certain problems such as duplicate MAC addresses.
 Replay Attack
A replay attack occurs when the attacker captures a portion of a
communication between two parties and retransmits it at a later time.
• Replay attacks are associated with attempts to circumvent authentication
mechanisms.
• The best way to prevent replay attacks is with encryption, cryptographic
authentication, and time stamps.

A want to transfer to C
A C

Bank
 Denial-of-Service Attack
A denial-of-service (DoS) attack is an attack designed to prevent a system or service
from functioning normally.
• Can exploit a known vulnerability in a specific application or operating system
• Can attack weaknesses in specific protocols or services
• Attempts to deny authorized users access either to specific information or to the
computer system or network itself

A SYN flood attack can be used to prevent service to a system temporarily in order
to take advantage of a trusted relationship that exists between that system and
another.
• Illustrates basic principles of most DoS attacks
• Exploits weakness inherent to the TCP/IP protocol
• Uses TCP three-way handshake to flood a system with faked connection
requests
 TCP three-way handshake System

• 1 sends SYN packet to System 2.

• System 2 responds with SYN/ACK packet.
• System 1 sends ACK packet to System 2 and communications
can then proceed.
 Steps of a SYN flood attack

• Communication request sent to target system.

• Target responds to faked IP address.
• Target waits for non-existent system response.
• Request eventually times out.
• If the attacks outpace the requests timing-out, then systems resources
will be exhausted.
 Distributed denial-of-service (DDoS)
attack
A DoS attack employing multiple attacking systems is known as a
distributed denial-of-service (DDoS) attack.
• Denies access or service to authorized users
• Uses resources of many systems combined into an attack network
• Overwhelms target system or network with enough attack agents,
even simple web traffic can quickly affect a large website
 Man-in-the-Middle Attacks
A man-in-the-middle attack generally occurs when attackers are able to place
themselves in the middle of two other hosts that are communicating

- Attack is typically accomplished by compromising a router to alter the path

of the traffic.
- A common method of instantiating a man-in-the-middle attack is via session
hijacking
- Session hijacking can occur when information such as a cookie is stolen,
allowing the attacker to impersonate the legitimate session.
- Can result from a cross-site scripting attack
The term “man-in-the-middle attack” is sometimes used to refer to a more specific type
of attack—one in which the encrypted traffic issue is addressed.
• An attacker can conduct a man-in-the-middle attack by intercepting a request for a
friend’s public key and the sending of your public key to him.
• Well-designed cryptographic products use techniques such as mutual authentication
to avoid this problem.
 Spoofing

∙ Spoofing is nothing more than making data look like it has come from a
different source.
∙ This is possible in TCP/ IP because of the friendly assumption behind the
protocol.
When the protocols were developed, it was assumed that individuals
who had access to the network layer would be privileged
users who could be trusted.
∙ When a packet is sent from one system to another, it includes not only the
destination IP address ant port but the source IP address as well which is one of
the forms of Spoofing.
∙ Example of spoofing: e-mail spoofing, URL spoofing,
IP address spoofing.
 Spoofing and trusted relationships
• If two systems are configured to accept the authentication accomplished by
each other, an individual logged onto one system might not be forced to go
through an authentication process again to access the other system.
• An attacker can take advantage of this arrangement by sending a packet to
one system that appears to have come from a trusted system.
• Since the trusted relationship is in place, the targeted system may perform
the requested task without authentication
 TCP/IP Hijack
∙ TCP/IP Hijacking is when an authorized user gains access to a genuine network
connection of another user.
∙ It is done in order to bypass the password authentication which is normally the
start of a session.
∙ To hijack this connection, there are two possibilities –
Find the seq which is a number that increases
by 1, but there is no chance to predict it.
The second possibility is to use the Man-in-the-Middle attack which, in simple
words, is a type of network sniffing.
For sniffing, we use tools like Wireshark
 Backdoor &
• Backdoor in a Trapdoor
system is a method of bypassing normal authentication and gain
access.
• A trap door is an entrance point in an information processing system which
circumvents the normal safety measures. Also called a manhole or trapdoor
• The backdoor access method is sometimes written
by the programmer who develops the program.
• It is found in multi network scenario.
• A network administrator may intentionally create or install a backdoor
program for troubleshooting or other official use.
• Hackers use backdoors to install malicious software files or programs, modify
code or detect files and gain system access