Volumetric Attacks - Consumes the bandwidth of target network or service.
Fragmentation Attacks - Overwhelms targets ability of re-assembling the fragmented packets
,TCP State-Exhaustion Attacks - Consumes the connection state tables present in the network
infrastructure components such as load-balancers, firewalls, and application servers
Application Layer Attacks - Consumes the application resources or services therby making it unavailable
to other legitimate users.
DoS/DDos Attack Vectors - Volumetric Attacks
Fragmentation Attacks
TCP State Exhaustion Attacks
Application Layer attacks
SYN flood attack - attacker sends multiple SYN packets but never completes the connection with an ACK
-disrupts TCP 3-way handshake
protection:
1) using SYN cookies
2) reduce amount of time a server will wait for an ACK- half-open sessions are flushed from the system's
memory faster
ICMP flood attack - a type of DoS attack in which perpetrators send a large number of ICMP packets
directly or through reflection networks to victims causing it to be overwhelmed and subsequently stop
responding to legitimate TCP/IP requests
Peer-to-Peer Attack - exploits flaws found in the network using the DC++ (Direct Connect), that is used
for sharing between instant message clients.
Phlasing - Permanent DoS, causes irreversible damage to system hardware. It sabotages the system
hardware. Attacker sends fraudulent hardware updates (firmware).
Application-level flood attacks - result in loss of services of a particular network, such as emails, network
resources, the temporary ceasing of applications and services. Attackers exploit weakenesses in
programming source code.
, Session Hijacking - An attack in which the attacker attempts to impersonate the user by using his or her
session token.
cross-site request forgery (XSRF) - An attack that exploits the trust a website has in a user's browser in
an attempt to transmit unauthorized commands to the website.
directory traversal attack - an attack that involves navigating to other directories an gaining access to
files and directories that would otherwise be restricted using ../ to access restricted directories outside
of the webserver root directory.
website defacement - A type of cybervandalism that occurs when a computer hacker intrudes on
another person's website by inserting or substituting codes that expose visitors to the site to misleading
or provocative information. Defacement can range from installing humorous graffiti to sabotaging or
corrupting the site.
HTTP Response Splitting Attack - Involves adding header response data into the input field so the server
can split the responses into two responses
Web Cache Poisoning - attack against the integrity of an intermediate Web cache repository, in which
genuine content cached for an arbitrary URL is replaced with spoofed content.
Injection Flaws - Web app vulnerabilities that allow untrusted data to be interpreted and executed as
part of a command or query
SQL Injection - An attacker issues a SQL command to a web server as part of the URL or as input to a
form on a company's website; web server might pass the command onto the database which then
allows potentially anything to be done to the database
command injection - injection (where the attacker injects commands into the form fields instead of the
expected test entry),
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller oneclass. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £10.95. You're not tied to anything after your purchase.