Types of Network Threats

There are many Network threats which we simply know as viruses. Here is a list of viruses and their behaviors.

TermDefinition
MalwareMalware is a type of software designed to take over or damage a computer without the user’s knowledge or approval.
DoS and DDoSDenial-of-service (DoS) and distributed denial-of-service (DDoS) attacks impact system availability by flooding the target system with traffic or requests or by exploiting a system or software flaw.
Permanent denial of service
(PDoS)
A permanent denial of service (PDoS) is an attack that damages a system so badly that it requires the replacement or re-installation of hardware.
VirusA virus is a program that attempts to damage a computer system and replicate itself to other computer systems.
WormA worm is a self-replicating program.
Trojan horse
A Trojan horse is a malicious program that is disguised as legitimate or desirable software.
ZombieA zombie is a computer that is infected with malware that allows remote software updates and control through a command-and-control center called a zombie master.
BotnetA botnet refers to a group of zombie computers that are commanded from a central control infrastructure.
RootkitA rootkit is a set of programs that allow attackers to maintain permanent and hidden administrator-level access to a computer.
Logic bombA logic bomb is designed to execute only under predefined conditions and lies dormant until the predefined condition is met.
SpywareSpyware is software that is installed without the user’s consent or knowledge. Spyware is designed to intercept or take partial control of the user’s interaction with the computer.
Adware
Adware monitors actions that denote personal preferences and then sends pop-ups and ads that match those preferences.
Ransomware
Ransomware denies access to a computer system until the user pays a ransom.
Scareware
Scareware is a scam that fools users into thinking they have some form of malware on their system. The intent of the scam is to sell the user fake antivirus software to remove malware they don’t have.
CrimewareCrimeware is designed to facilitate identity theft by gaining access to a user’s online financial accounts, such as banks and online retailers.
Ping floodA ping flood is a simple DoS attack where the attacker overwhelms the victim with ICMP Echo Request (ping) packets.
Ping of deathThe ping of death is a DoS attack that uses the ping utility to send oversized ICMP packets.
Smurf
A smurf attack is a form of DrDoS attack that spoofs the source address in ICMP packets. A smurf attack requires an attacker system, an amplification network, and a victim computer or network.
SYN floodThe SYN flood exploits the TCP three-way handshake. So many resources are allocated that the victim cannot process a legitimate inbound request for a TCP/IP session.
LANDA LAND attack is when an attacker floods the victim’s system with packets that have forged headers.
Christmas (Xmas) treeA Christmas (Xmas) tree attack (also known as Christmas tree scan, nastygram, kamikaze, or lamp test segment) uses an IP packet with every option turned on for the protocol being used. Christmas tree packets can be used to conduct reconnaissance by scanning for open ports and a DoS attack if sent in large numbers.
On-path attack
An on-path attack is used to intercept information between two communication partners.
TCP/IP (session) hijackingTCP/IP hijacking is an extension of an on-path attack where the attacker steals an open and active communication session from a legitimate user.
HTTP (session) hijackingHTTP (session) hijacking is a real-time attack in which the attacker hijacks a legitimate user’s cookies and uses the cookies to take over the HTTP session.
Replay attackIn a replay attack, the attacker uses a protocol analyzer or sniffer to capture authentication information going from the client to the server. The attacker then uses this information to connect at a later time and pretend to be the client.
IP spoofingIP spoofing changes the IP address information within a packet. It can be used to hide the origin of the attack by spoofing the source address. It can also amplify attacks by sending a message to a broadcast address and then redirecting responses to a victim who is overwhelmed with responses.
MAC spoofingMAC spoofing is when an attacking device spoofs the MAC address of a valid host in the MAC address table of the switch. The switch then forwards frames destined for that valid host to the attacking device.
ARP spoofingARP spoofing (also known as ARP poisoning) uses spoofed ARP messages to associate a different MAC address with an IP address. ARP spoofing can also be used to perform denial-of-service (DoS) attacks by redirecting communications to fake or nonexistent MAC addresses.
DNS spoofingDNS spoofing (also known as DNS poisoning or pharming) takes advantage of the DNS server’s ability to resolve a domain into its respective IP address. This attack exploits DNS vulnerabilities, resolving a domain typed on a browser into a fake IP address. It also redirects connections to a potentially malicious server.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s