Question | Answer |
Eavesdropping Attack (Release of Message Contents) | A hacker captures ("listens" to) network traffic. a.k.a sniffing or snooping Category: Reconnaissance Attacks |
Data Modification Attack (Modification of Messages) | A hacker alters data captured from network traffic without the sender or receiver knowing about it |
IP, MAC, DHCP Spoofing Attack (Masquerade) | A hacker constructs an IP packet that appears to come from a valid address in the company intranet. Category: Access Attacks |
Password-Based Attacks | A hacker discovers a valid user account and uses it to... - obtain lists of other users - get information about the network - change server/network configurations - modify, reroute, or delete data |
Denial-of-Service Attacks | Prevents normal use of a computer or network by valid users. This is done by blocking traffic, crashing applications/services, or flooding a computer or network until it shuts down from overload. |
Man-in-the-Middle Attack | Hackers position themselves between a source and destination in order to invisibly monitor, capture, and control the communication. Category: Access Attacks |
Compromised-Key Attack | A compromised key is a secret key obtained by a hacker in order to gain access to a secured communication without the sender or receiver knowing about it. |
Sniffer Attack | A sniffer is an application or device that can monitor and capture network traffic, and read any unencrypted packets. Category: Reconnaissance Attacks |
Password Attack | A hacker attempts to discover critical system passwords using various methods, including: - social engineering - dictionary attacks - brute force attacks Category: Access Attacks |
Trust Exploitation | A hacker uses unauthorized privileges to gain access to a system. |
Port Redirection | A hacker uses a compromised system as a base for attacks against other targets. Category: Access Attacks |
Buffer Overflow | A hacker exploits the buffer memory and overwhelms it with unexpected values. This usually renders the system inoperable, creating a DoS attack. Category: Access Attacks |
Pretexting | A hacker calls an individual and lies to them in an attempt to gain access to privileged data. Example: claiming to need personal/financial data to confirm someone's identity Category: Social Engineering Attacks |
Phishing | A malicious party disguises a fraudulent email as a message from a legitimate, trusted source. Category: Social Engineering Attacks |
Spear Phishing | A targeted phishing attack tailored for a specific individual or organization. Category: Social Engineering Attacks |
Tailgating | When an authorized person enters a secure location and a hacker slips in immediately behind them. Category: Social Engineering Attacks |
Something for Something (Quid pro quo) | A hacker requests personal information from someone in exchange for something (like a free product). Category: Social Engineering Attacks |
Baiting | A hacker leaves a malware-infected device such as a flash drive in a public location. When someone finds it and plugs it into their computer, they are installing the malware. Category: Social Engineering Attacks |
Maliciously Formatted Packets | A maliciously formatted packet is forwarded to a host or application, causing some condition the receiving device is unable to handle, causing it to crash. Example: errors the application can't identify Category: DoS Attacks |
Overwhelming Quantity of Traffic | A network, host, or application is flooded with an enormous amount of data, causing the system to crash or run extremely slow. Category: DoS Attacks |
Ping of Death (legacy) | An echo request in an IP packet larger than the maximum size (65,535 bytes). Category: DoS Attacks |
Smurf Attack (legacy) | A large number of ICMP requests sent to various recipients with the spoofed IP of the target as the source address, causing all the recipients to send echo replies to the target's IP at the same time. Category: DoS Attacks |
TCP SYN Flood Attack | Attacker sends many TCP SYN session requests with a spoofed source IP to the target. Target replies with a SYN-ACK packet, and waits for a responding ACK packet that never comes. Category: DoS Attacks |
Distributed DoS Attack (DDoS) | A DoS attack originating from multiple coordinated sources (zombies in a botnet, controlled by a handler system). Category: DoS Attacks |
Want to create your own Flashcards for free with GoConqr? Learn more.