Upgrade to remove ads
Only $35.99/year

Types of Attacks - Threats and Vulnerabilities

Terms in this set (77)

5 Elements of a Header in a Packet
Sequence Number
Source IP
Destination IP
Packet Length
Synchronization
Virus
A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected".
Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time, accessing private information, corrupting data, displaying political or humorous messages on the user's screen, spamming their contacts, logging their keystrokes, or even rendering the computer useless.

However, not all viruses carry a destructive payload or attempt to hide themselves—the defining characteristic of viruses is that they are self-replicating computer programs which install themselves without user consent.
Worm
Self Contained - Stand Alone, Self Activated, Self Replicating Program (Code). Spread through Folders, Macros, and Documents, NOT Files.

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers.
Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program.
Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
Types of DoS Attacks
DoS Attack
DDoS Attack
Zombie|Bot|BotNet
Smurf Attack
Fraggle Attack
ICMP (ping) Attack
SYN Flood Attack
DoS
Denial of Service (Individual Client)
Denial of Service - SYN..SYN/ACK... No ACK, identified by nestat -aon CMD.

In computing, a denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
Smurf Attack
The Smurf Attack is a distributed denial-of-service (DoS) attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address.
Most devices on a network will, by default, respond to this by sending a reply to the source IP address. If the number of machines on the network that receive and respond to these packets is very large, the victim's computer will be flooded with traffic. This can slow down the victim's computer to the point where it becomes impossible to work on.
Fraggle Attack
A Fraggle Attack is a denial-of-service (DoS) attack that involves sending a large amount of spoofed UDP traffic to a router's broadcast address within a network. It is very similar to a Smurf Attack, which uses spoofed ICMP traffic rather than UDP traffic to achieve the same goal.

A Fraggle Attack is a DoS attack that sends large amounts of UDP traffic to ports 7 and 19.
DDoS
Distributed Denial of Service (Network Level)
A distributed denial-of-service (DDoS) is where the attack source is more than one-and often thousands of-unique IP addresses. From commandeered Endpoints like Zombies/Bots.
Zombie|Bot|BotNet
In computer science, a zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction.
Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks. Most owners of zombie computers are unaware that their system is being used in this way.
Because the owner tends to be unaware, these computers are metaphorically compared to zombies. A coordinated DDoS attack by multiple botnet machines also resembles a zombie horde attack.

A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. A Bot has had a portion of the HD Partition commandeered to perform malicious activity from a controlling system.
Ping (ICMP) Flood
A type of DoS Attack, Ping flood is based on sending the victim an overwhelming number of ping packets, usually using the "ping" command from Unix-like hosts (the -t flag on Windows systems is much less capable of overwhelming a target, also the -l (size) flag does not allow sent packet size greater than 65500 in Windows). It is very simple to launch, the primary requirement being access to greater bandwidth than the victim.

Ping of death is based on sending the victim a malformed ping packet, which will lead to a system crash on a vulnerable system.
ICMP Attack
An ICMP Flood (a type of DoS attack)- the sending of an abnormally large number of ICMP packets of any type (especially network latency testing "ping" packets) - can overwhelm a target server that attempts to process every incoming ICMP request, and this can result in a denial-of-service condition for the target server.
SYN Flood
A type of DoS Attack, A SYN flood occurs when a host sends a flood of TCP/SYN packets, often with a forged sender address.
Each of these packets are handled like a connection request, causing the server to spawn a half-open connection, by sending back a TCP/SYN-ACK packet (Acknowledge), and waiting for a packet in response from the sender address (response to the ACK Packet).

However, because the sender address is forged, the response never comes. These half-open connections saturate the number of available connections the server can make, keeping it from responding to legitimate requests until after the attack ends.
SYN Flood Attack
A SYN flood is a form of denial-of-service (DoS) attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic in a 3 way TCP handshake.

SYN> SYNACK> ACK

to

SYN> SYNACK....(no ACK).....SYN...
Logic Bomb
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Logic Bomb - is activated via conditions, (ie turn on functionality) - does not rely on, but uses Date and Time.

Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fools' Day. Trojans that activate on certain dates are often called "time bombs".

To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs.
Trojan Horse
A friendly program that is wrapped around a virus, used for malicious activity against a company.

A Trojan horse, or Trojan, in computing is any malicious computer program which misrepresents itself as useful, routine, or interesting in order to persuade a victim to install it.

Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to be unsuspicious, (e.g., a routine form to be filled in), or by drive-by download and do not spread|propagate themselves.
Sets with similar terms