Shared Flashcard Set

Details

CISSP Attack Types
CISSP Attack Types - from AIO
26
Computer Networking
Professional
01/23/2014

Additional Computer Networking Flashcards

 


 

Cards

Term
Birthday attack
Definition
Cryptographic attack that exploits the mathematics behind the birthday problem in the probability theory forces collisions within hashing functions.
Term
Brute force attacks
Definition
continually tries different inputs to achieve a predefined goal. Brute force is defined as “trying every possible combination until the correct one is identified".
Term
Buffer overflow
Definition
Too much data is put into the buffers that make up a stack. Common attack vector used by hackers to run malicious code on a target system.
Term
cross-site scripting
Definition
refers to an attack where a vulnerability is found on a web site that allows an attacker to inject malicious code into a web application
Term
Dictionary attacks
Definition
Files of thousands of words are compared to the user’s password until a match is found.
Term
DNS poisoning
Definition
Attacker makes a DNS server resolve a host name into an incorrect IP address
Term
Fraggle attack
Definition
A DDoS attack type on a computer that floods the target system with a large amount of UDP echo traffic to IP broadcast addresses.
Term
pharming
Definition
redirects a victim to a seemingly legitimate, yet fake, web site
Term
Phishing
Definition
type of social engineering with the goal of obtaining personal information, credentials, credit card number, or financial data. The attackers lure, or fish, for sensitive data through various different methods
Term
Ping of Death
Definition
A DoS attack type on a computer that involves sending malformed or oversized ICMP packets to a target.
Term
replay attack
Definition
a form of network attack in which a valid data transmission is maliciously or fraudulently repeated with the goal of obtaining unauthorized access.
Term
Replay Attack
Definition
an attacker capturing the traffic from a legitimate session and replaying it to authenticate his session
Term
session hijacking
Definition
If an attacker can correctly predict the TCP sequence numbers that two systems will use, then she can create packets containing those numbers and fool the receiving system into thinking that the packets are coming from the authorized sending system. She can then take over the TCP connection between the two systems.
Term
Side-channel attacks
Definition
Nonintrusive and are used to uncover sensitive information about how a component works, without trying to compromise any type of flaw or Weakness. A noninvasive attack is one in which the attacker watches how something works and how it reacts in different situations instead of trying to “invade” it with more intrusive measures.
Term
Smurf attack
Definition
A DDoS attack type on a computer that floods the target system with spoofed broadcast ICMP packets.
Term
Social engineering
Definition
An attacker falsely convinces an individual that she has the necessary authorization to access specific resources.
Term
Spoofing at Logon
Definition
attacker can use a program that presents to the user a fake logon screen, which often tricks the user into attempting to log on
Term
SQL injection
Definition
instead of valid input, the attacker puts actual database commands into the input fields, which are then parsed and run by the application
Term
SYN flood
Definition
DoS attack where an attacker sends a succession of SYN packets with the goal of overwhelming the victim system so that it is unresponsive to legitimate traffic.
Term
Time-of-check/time-of-use (TOC/TOU) attack
Definition
Attacker manipulates the “condition check” step and the “use” step within software to allow for unauthorized activity.
Term
war dialing
Definition
the war dialer inserts a long list of phone numbers into a war dialing program in hopes of finding a modem that can be exploited to gain unauthorized access.
Term
Wormhole attack
Definition
This takes place when an attacker captures packets at one location in the network and tunnels them to another location in the network for a second attacker to use against a target system.
Term
Denial-Of-Service (Dos) Attack
Definition
An attacker sends multiple service requests to the victim’s computer until they eventually overwhelm the system, causing it to freeze, reboot, and ultimately not be able to carry out regular tasks.
Term
Man-In-The-Middle Attack
Definition
An intruder injects herself into an ongoing dialog between two computers so she can intercept and read messages being passed back and forth. These attacks can be countered with digital signatures and mutual authentication techniques.
Term
Mail Bombing
Definition
This is an attack used to overwhelm mail servers and clients with unrequested e-mails. Using e-mail filtering and properly configuring e-mail relay functionality on mail servers can be used to protect against this type of DoS attack.
Term
Teardrop
Definition
This attack sends malformed fragmented packets to a victim. The victim’s system usually cannot reassemble the packets correctly and freezes as a result. Countermeasures to this attack are to patch the system and use ingress filtering to detect these packet types.
Supporting users have an ad free experience!