background preloader

Attacks

Facebook Twitter

Security. Denial-of-service attack. DDoS Stacheldraht Attack diagram.

Denial-of-service attack

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. DoS threats are also common in business,[1] and are sometimes responsible for website attacks.[2] This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games, such as server owners' popular Minecraft servers. Ping flood. A flood ping can also be used as a diagnostic for network packet loss and throughput issues.[1] References[edit] Jump up ^ See also[edit]

Ping flood

SYN flood. A normal connection between a user (Alice) and a server.

SYN flood

The three-way handshake is correctly performed. SYN Flood. The attacker (Mallory) sends several packets but does not send the "ACK" back to the server. The connections are hence half-opened and consuming server resources. UDP flood attack. Check for the application listening at that port;See that no application listens at that port;Reply with an ICMP Destination Unreachable packet.

UDP flood attack

Thus, for a large number of UDP packets, the victimized system will be forced into sending many ICMP packets, eventually leading it to be unreachable by other clients. The attacker(s) may also spoof the IP address of the UDP packets, ensuring that the excessive ICMP return packets do not reach them, and anonymizing their network location(s). Most operating systems mitigate this part of the attack by limiting the rate at which ICMP responses are sent. Smurf attack.

The Smurf Attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address.

Smurf attack

Most devices on a network will, by default, respond to this by sending a reply to the source IP address. If the number of machines on the network that receive and respond to these packets is very large, the victim's computer will be flooded with traffic. This can slow down the victim's computer to the point where it becomes impossible to work on. Anonymous (group) Low Orbit Ion Cannon. The software has inspired the creation of an independent JavaScript version called JS LOIC, as well as LOIC-derived web version called Low Orbit Web Cannon.

Low Orbit Ion Cannon

LOIC. mIRC: Internet Relay Chat client. Internet Relay Chat. Internet Relay Chat (IRC) is an application layer protocol that facilitates transfer of messages in the form of text.

Internet Relay Chat

The chat process works on a client/server model of networking. IRC clients are computer programs that a user can install on their system. Heartbleed. Logo representing the Heartbleed bug, created by Finland's Codenomicon company.

Heartbleed

The logo and the name "Heartbleed", which also originates from the company, have contributed to public awareness of the issue.[1][2] Heartbleed is a software bug in the open-source cryptography library OpenSSL. At its public disclosure, on April 7, 2014, some 17 percent (around half a million) of the Internet's secure web servers certified by trusted authorities were believed to have been vulnerable to the attack, allowing theft of the servers' private keys and users' session cookies and passwords.[3][4][5][6][7] The issue is registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160.[8] History[edit] The Heartbeat Extension for the Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) protocols is a proposed standard specified by RFC 6520, published in February 2012.

Heartbleed Explanation. Shellshock (software bug) "Bash bug" redirects here.

Shellshock (software bug)

For the related bug reporting tool, see bashbug. Stuxnet. Stuxnet is a computer worm[1] that was discovered in June 2010.

Stuxnet

It was designed to attack industrial programmable logic controllers (PLCs). PLCs allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. Exploiting four zero-day flaws,[2] Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software. Piggybacking (security) In security, piggybacking refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint.[1] The act may be legal or illegal, authorized or unauthorized, depending on the circumstances. However, the term more often has the connotation of being an illegal or unauthorized act.

To describe the act of an unauthorized person who follows someone to a restricted area without the consent of the authorized person, the term tailgating is also used. "Tailgating" implies without consent (similar to a car tailgating another vehicle on the freeway), while "piggybacking" usually implies consent of the authorized person. Shoulder surfing (computer security) In computer security, shoulder surfing refers to using direct observation techniques, such as looking over someone's shoulder, to get information.[1] It is commonly used to obtain passwords, PINs, security codes, and similar data. How do I recover from Hosts file hijacking? Security. If you are unable to access some Internet sites, or requests to one Internet site are redirected elsewhere, but you can access other Internet sites, your problem may be "Hosts File Hijacking. " What the Hosts file is: On the Internet, people usually talk about Internet sites using domain names, like microsoft.com, dshield.org, whitehouse.gov or gc.ca, ut computer networks function using IP addresses.

SQL injection. A Classification of SQL injection attacking vector until 2010. In a 2012 study, security company Imperva observed that the average web application received 4 attack campaigns per month, and retailers received twice as many attacks as other industries.[2] History[edit] The first public discussions of SQL injection started appearing around 1998.[3] For example, a 1998 article in Phrack Magazine.[4] Forms[edit]

Exploits of a Mom. DNS spoofing. Overview of the Domain Name System[edit] When a DNS server has received a false translation and caches it for performance optimization, it is considered poisoned, and it supplies the false data to clients. IP address spoofing. Example scenario of IP address spoofing. MAC spoofing. ARP spoofing. Cross-site scripting. Privilege escalation. Background[edit] Buffer overflow. How Cybercrime Exploits Digital Certificates. Serious Security: Google finds fake but trusted SSL certificates for its domains, made in France. Google announced over the weekend that it recently came across a bunch of fake SSL certificates for some of its own domains. DigiNotar. DigiNotar was a Dutch certificate authority owned by VASCO Data Security International.[1] On September 3, 2011, after it had become clear that a security breach had resulted in the fraudulent issuing of certificates, the Dutch government took over operational management of DigiNotar's systems.[2] That same month, the company was declared bankrupt.[3]

Side channel attack. Why are we still vulnerable to side-channel attacks? (and why should I care?) How the NSA cheated cryptography. File Slack Vs RAM Slack Vs Drive Slack - Checkmate. Hiding Data, Forensics and Anti-Forensics. Cold boot attack. DMA attack.