Documente Academic
Documente Profesional
Documente Cultură
➢ Email Spoofing:-
➢ Among the most widely-used attacks, email spoofing often involves things like requests for
personal data or financial transactions. The emails appear to be from trusted senders — such as
customers, co-workers, or managers — but they are actually from cybercriminals who deliberately
disguise themselves to gain your trust and your help with the action they want you to take. The
request could be for a money transfer or permission to access a system.
➢ Additionally, spoof emails sometimes contain attachments that install malware — such as Trojans
or viruses — when opened. In many cases, the malware is designed to go beyond infecting your
computer and spread to your entire network.
➢ This aspect of spoofing relies heavily on social engineering — the ability to convince a human user
to believe that what they're seeing is legitimate, prompting them to take action and open an
attachment, transfer money, et cetera.
➢ Smurf Attack:-
➢ A smurf attack is a type of denial of service attack in which a system is flooded with spoofed ping
messages. This creates high computer network traffic on the victim’s network, which often renders
it unresponsive.
➢ Smurfing takes certain well-known facts about Internet Protocol and Internet Control Message
Protocol (ICMP) into account. ICMP is used by network administrators to exchange information
about network state, and can also be used to ping other nodes to determine their operational status.
The smurf program sends a spoofed network packet that contains an ICMP ping. The resulting echo
responses to the ping message are directed toward the victim’s IP address. Large number of pings
and the resulting echoes can make the network unusable for real traffic.
Man-In-Middle attacks: -
➢ A man-in-the-middle (MITM) attack is a form of eavesdropping where communication between
two users is monitored and modified by an unauthorized party. Generally, the attacker actively
eavesdrops by intercepting a public key message exchange and retransmits the message while
replacing the requested key with his own.
➢ In the process, the two original parties appear to communicate normally. The message sender does
not recognize that the receiver is an unknown attacker trying to access or modify the message before
retransmitting to the receiver. Thus, the attacker controls the entire communication.
➢ This term is also known as a Janus attack or a fire brigade attack.
➢ The MITM intercepts communications between two systems and is performed when the attacker is
in control of a router along normal point of traffic. The attacker in almost all cases is located on the
same broadcast domain as the victim. For instance, in an HTTP transaction, a TCP connection exists
between client and server. The attacker splits the TCP connection into two connections – one
between the victim and the attacker and the other between attacker and the server. On intercepting
the TCP connection, the attacker acts as a proxy reading, altering and inserting data in intercepted
communication. The session cookie reading the HTTP header can easily be captured by the intruder.
Replay Attack: -
➢ A replay attack is a category of network attack in which an attacker detects a data transmission and
fraudulently has it delayed or repeated.
➢ The delay or repeat of the data transmission is carried out by the sender or by the malicious entity,
who intercepts the data and retransmits it.
➢ In other words, a replay attack is an attack on the security protocol using replays of data
transmission from a different sender into the intended into receiving system, thereby fooling the
participants into believing they have successfully completed the data transmission.
➢ Replay attacks help attackers to gain access to a network, gain information which would not have
been easily accessible or complete a duplicate transaction.
➢ A replay attack is also known as a playback attack.
How It Works:-
Consider this real-world example of an attack. A staff member at a company asks for a financial transfer
by sending an encrypted message to the company's financial administrator. An attacker eavesdrops on
this message, captures it, and is now in a position to resend it. Because it's an authentic message that
has simply been resent, the message is already correctly encrypted and looks legitimate to the financial
administrator.
In this scenario, the financial administrator is likely to respond to this new request unless he or she has
a good reason to be suspicious. That response could include sending a large sum of money to the
attacker's bank account.
Stopping a Replay Attack :-
Preventing such an attack is all about having the right method of encryption. Encrypted messages carry
"keys" within them, and when they're decoded at the end of the transmission, they open the message.
In a replay attack, it doesn't matter if the attacker who intercepted the original message can read or
decipher the key. All he or she has to do is capture and resend the entire thing — message and key —
together.
To counter this possibility, both sender and receiver should establish a completely random session key,
which is a type of code that is only valid for one transaction and can't be used again.
Another preventative measure for this type of attack is using timestamps on all messages. This prevents
hackers from resending messages sent longer ago than a certain length of time, thus reducing the
window of opportunity for an attacker to eavesdrop, siphon off the message, and resend it.
Another method to avoid becoming a victim is to have a password for each transaction that's only used
once and discarded. That ensures that even if the message is recorded and resent by an attacker, the
encryption code has expired and no longer works.