{"id":1264,"date":"2010-06-04T22:29:03","date_gmt":"2010-06-04T16:59:03","guid":{"rendered":"https:\/\/www.qadit.com\/blog\/?p=1264"},"modified":"2010-07-04T22:30:40","modified_gmt":"2010-07-04T17:00:40","slug":"types-of-hacker-attacks","status":"publish","type":"post","link":"https:\/\/qadit.com\/blog\/types-of-hacker-attacks\/","title":{"rendered":"Types of Hacker Attacks"},"content":{"rendered":"<p style=\"text-align: justify\">I use the term &#8220;hacker attacks&#8221; to indicate hacker attacks that are not automated by programs such as viruses, worms, or trojan horse programs. There are various forms that exploit weakneses in security. Many of these may cause loss of service or system crashes.<\/p>\n<p style=\"text-align: justify\">\n<p><!--more--><\/p>\n<ul>\n<li>IP      spoofing &#8211; An attacker may fake their IP address so the receiver thinks it      is sent from a location that it is not actually from. There are various      forms and results to this attack. The attack may be directed to a specific      computer addressed as though it is from that same computer. This may make      the computer think that it is talking to itself. This may cause some      operating systems such as Windows to crash or lock up.<\/li>\n<li>Gaining      access through source routing &#8211; \u00a0Hackers may be able to break through      other friendly but less secure networks and get access to your network      using this method.<\/li>\n<li>Man in the      middle attack &#8211; An attacker may watch a session open on a network. Once      authentication is complete, they may attack the client computer to disable      it, and use IP spoofing to claim to be the client who was just      authenticated and steal the session. This attack can be prevented if the      two legitimate systems share a secret which is checked periodically during      the session.<\/li>\n<li>Server      spoofing &#8211; A C2MYAZZ utility can be run on Windows 95 stations to request      LANMAN (in the clear) authentication from the client. The attacker will      run this utility while acting like the server while the user attempts to      login. If the client is tricked into sending LANMAN authentication, the      attacker can read their username and password from the network packets      sent.<\/li>\n<li>DNS      poisoning &#8211; This is an attack where DNS information is falsified. This      attack can succeed under the right conditions, but may not be real      practical as an attack form. The attacker will send incorrect DNS      information which can cause traffic to be diverted. The DNS information      can be falsified since name servers do not verify the source of a DNS      reply. When a DNS request is sent, an attacker can send a false DNS reply      with additional bogus information which the requesting DNS server may      cache. This attack can be used to divert users from a correct webserver      such as a bank and capture information from customers when they attempt to      logon.<\/li>\n<li>Password      cracking &#8211; Used to get the password of a user or administrator on a      network and gain unauthorized access.<\/li>\n<li>Ping broadcast &#8211; A ping request packet is sent to a      broadcast network address where there are many hosts. The source address      is shown in the packet to be the IP address of the computer to be      attacked. If the router to the network passes the ping broadcast, all      computers on the network will respond with a ping reply to the attacked      system. The attacked system will be flooded with ping responses which will      cause it to be unable to operate on the network for some time, and may      even cause it to lock up. The attacked computer may be on someone else&#8217;s      network. One countermeasure to this attack is to block incoming traffic      that is sent to a broadcast address.<\/li>\n<li>Ping of death &#8211; An oversized ICMP datagram can crash      IP devices that were made before 1996.<\/li>\n<li>Smurf &#8211; An      attack where a ping request is sent to a broadcast network address with      the sending address spoofed so many ping replies will come back to the      victim and overload the ability of the victim to process the replies.<\/li>\n<li>Teardrop &#8211;      a normal packet is sent. A second packet is sent which has a fragmentation      offset claiming to be inside the first fragment. This second fragment is      too small to even extend outside the first fragment. This may cause an      unexpected error condition to occur on the victim host which can cause a      buffer overflow and possible system crash on many operating systems.<\/li>\n<li>Sniffer Attack \u2013 A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key. Using a sniffer, an attacker can analyze your network and gain information to eventually cause your network to crash or to become corrupted and read your communications.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>I use the term &#8220;hacker attacks&#8221; to indicate hacker attacks that are not automated by programs such as viruses, worms, or trojan horse programs. There are various forms that exploit weakneses in security. Many of these may cause loss of service or system crashes.<\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[12],"tags":[159],"class_list":["post-1264","post","type-post","status-publish","format-standard","hentry","category-itsec","tag-hacker-attacks"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-ko","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/1264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=1264"}],"version-history":[{"count":0,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/1264\/revisions"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=1264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=1264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=1264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}