Click-jacking: tricking a web user into clicking a spoofed button or graphic.
Session hijacking (Cookie hijacking): exploiting a valid computer session, or session key, to gain unauthorized access to information or services.
URL hijacking / Typo squatting: the act of registering domains that are similar to those for a known entity but based on a misspelling or typo graphical error. (examples: g00gle.com, gooogle.com)
MAC spoofing: The Media Access Control (MAC) address is a hard-coded on a network interface controller (NlC) number. Many drivers allow the MAC address to be changed. A technique for changing a factory-assigned MAC address of a network interface on a networked device.
IP spoofing: A technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonates another machine by manipulating IP packets. IP Spoofing involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value.
ARP spoofing: when an attacker sends a fake ARP (Address Resolution Protocol – Layer 2 – Datalink Layer of OSI model) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network.
Man in the Middle Attack : An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. The attacker may either observe (confidentiality attack) or alter (integrity attack)
Denial of Service Attack (DOS) :
- Preventing access to resources by users authorized to use those resources. Attacking systems availability.
- May accomplish:
- Deny access to information, applications, systems, or communications.
- Bring down a website while the communications and systems continue to operate.
- Crash the operating system (a simple reboot may restore the server to normal operation).
- Fill the communications channel of a network and prevent access by authorized users.
Distributed Denial Of Service (DDOS) : A DoS attack utilizing multiple compromised computer systems as sources of attack traffic Amplifies the concepts of a DoS attack by using multiple computer systems (often through botnets) to conduct the attack against a single organization.
DoS & DDoS – Prevention
- Work with your ISP / network provider
- Border protection / Intrusion Detection & Protection System
- Update Network Appliances, Operating Systems and Applications
- End users’ systems are up-to-date and deploy anti-virus bot prevention
The goal of the attacker is to get a response to their request in a greater than 1:1 ratio so that the additional bandwidth traffic works to congest and slow the responding server down. The ratio achieved is known as the amplification factor, and high numbers are possible with UDP based protocols such as NTP, CharGen, and DNS. Usually employed as a part of a DDoS attack
Domain Hi-Jacking / DNS poisoning / DNS Spoofing AKA Resolution Attacks
Poisoning: When an attacker alters the domain-name-to-lP-address mappings in a DNS system to redirect traffic to a rogue system or perform a DoS attack.
Spoofing: When an attacker sends false replies to a requesting system in place of a valid DNS response.
Protect any internal DNS servers
Use authoritative DNS sources
Evil twin: A rogue wireless access point pose as a legitimate wireless service provider to intercept information that users transmit
Rogue AP: Any wireless access point added to your network that has not been authorized
Initialization Vector (IV): an arbitrary number that can be used along with a secret key for data encryption. This number, also called a nonce, is employed only one time in any session. If the IV is weak, as in WEP, it may be reused.
Jamming– Causing interference with a wireless signal.
Bluejacking: the sending of unsolicited messages (think spam) over a Bluetooth connection
Bluesnarfing: The gaining of unauthorized access through a Bluetooth connection. lntercepting data through a Bluetooth connection