92     Chapter 2 • General Security Concepts: Attacks

                   Network-based attacks include DDoS attacks (which utilize many different
                      computers to attack a single host), session hijacking (where attackers steal
                      users’ sessions), MITM attacks (where attackers sandwich themselves
                      between the user and server in an attempt to steal information), SYN
                      Attacks (where the three-way handshake is not completed so that the target
                      stops accepting connections), and Replay attacks (where a packet is resent
                      in hopes of repeating a transactions several times).

                   Spoofing attacks are very dangerous, because it’s easy for attackers to
                      appear that which they are not. IP spoofing changes the packets to appear
                      as if the packet’s source is a trusted network. E-mail spoofing changes the
                      senders address to masquerade as someone else.Web site spoofing creates a
                      site copy to fool victims into revealing their credentials. Phishing mixes e-
                      mail and Web site spoofing into a powerful and dangerous attack.
                   Application-based attacks are any attacks against the applications
                      themselves.The most common forms of these are buffer overflow attacks,
                      where the attacker sends too much data to the application, causing it to
                      fail and execute “attacker-supplied” malicious code.
                   Mixed-threat attacks are those that are comprised of both network- and
                      application-based attacks. Many worms fall into this category, as they have
                      the ability to compromise hosts by using buffer overflows, and generate
                      enormous amounts of network traffic by scanning for new vulnerable hosts.
                   Social engineering is a potentially devastating technique based on lying in
                      order to trick employees into disclosing confidential information.
                   Using a technique known as dumpster diving, attackers can learn a lot
                      about a company; this knowledge can then be used to lend an air of
                      credibility to their claims to be someone they’re not, as they quiz
                      employees for such information as system usernames and passwords.
                   Vulnerability scanning is the act of checking a host or a network for
                      potential services that can be attacked. Scanning tools like Nessus can give
                      a full picture of vulnerable applications, while others like Nmap can be
                      used stealthily to gain a more general picture of the security of the host.











          www.syngress.com