Term
|
Definition
| Cryptographic attack that exploits the mathematics behind the birthday problem in the probability theory forces collisions within hashing functions. |
|
|
Term
|
Definition
| continually tries different inputs to achieve a predefined goal. Brute force is defined as “trying every possible combination until the correct one is identified". |
|
|
Term
|
Definition
| Too much data is put into the buffers that make up a stack. Common attack vector used by hackers to run malicious code on a target system. |
|
|
Term
|
Definition
| refers to an attack where a vulnerability is found on a web site that allows an attacker to inject malicious code into a web application |
|
|
Term
|
Definition
| Files of thousands of words are compared to the user’s password until a match is found. |
|
|
Term
|
Definition
| Attacker makes a DNS server resolve a host name into an incorrect IP address |
|
|
Term
|
Definition
| A DDoS attack type on a computer that floods the target system with a large amount of UDP echo traffic to IP broadcast addresses. |
|
|
Term
|
Definition
| redirects a victim to a seemingly legitimate, yet fake, web site |
|
|
Term
|
Definition
| type of social engineering with the goal of obtaining personal information, credentials, credit card number, or financial data. The attackers lure, or fish, for sensitive data through various different methods |
|
|
Term
|
Definition
| A DoS attack type on a computer that involves sending malformed or oversized ICMP packets to a target. |
|
|
Term
|
Definition
| a form of network attack in which a valid data transmission is maliciously or fraudulently repeated with the goal of obtaining unauthorized access. |
|
|
Term
|
Definition
| an attacker capturing the traffic from a legitimate session and replaying it to authenticate his session |
|
|
Term
|
Definition
| If an attacker can correctly predict the TCP sequence numbers that two systems will use, then she can create packets containing those numbers and fool the receiving system into thinking that the packets are coming from the authorized sending system. She can then take over the TCP connection between the two systems. |
|
|
Term
|
Definition
| Nonintrusive and are used to uncover sensitive information about how a component works, without trying to compromise any type of flaw or Weakness. A noninvasive attack is one in which the attacker watches how something works and how it reacts in different situations instead of trying to “invade” it with more intrusive measures. |
|
|
Term
|
Definition
| A DDoS attack type on a computer that floods the target system with spoofed broadcast ICMP packets. |
|
|
Term
|
Definition
| An attacker falsely convinces an individual that she has the necessary authorization to access specific resources. |
|
|
Term
|
Definition
| attacker can use a program that presents to the user a fake logon screen, which often tricks the user into attempting to log on |
|
|
Term
|
Definition
| instead of valid input, the attacker puts actual database commands into the input fields, which are then parsed and run by the application |
|
|
Term
|
Definition
| DoS attack where an attacker sends a succession of SYN packets with the goal of overwhelming the victim system so that it is unresponsive to legitimate traffic. |
|
|
Term
| Time-of-check/time-of-use (TOC/TOU) attack |
|
Definition
| Attacker manipulates the “condition check” step and the “use” step within software to allow for unauthorized activity. |
|
|
Term
|
Definition
| the war dialer inserts a long list of phone numbers into a war dialing program in hopes of finding a modem that can be exploited to gain unauthorized access. |
|
|
Term
|
Definition
| This takes place when an attacker captures packets at one location in the network and tunnels them to another location in the network for a second attacker to use against a target system. |
|
|
Term
| Denial-Of-Service (Dos) Attack |
|
Definition
| An attacker sends multiple service requests to the victim’s computer until they eventually overwhelm the system, causing it to freeze, reboot, and ultimately not be able to carry out regular tasks. |
|
|
Term
|
Definition
| An intruder injects herself into an ongoing dialog between two computers so she can intercept and read messages being passed back and forth. These attacks can be countered with digital signatures and mutual authentication techniques. |
|
|
Term
|
Definition
| This is an attack used to overwhelm mail servers and clients with unrequested e-mails. Using e-mail filtering and properly configuring e-mail relay functionality on mail servers can be used to protect against this type of DoS attack. |
|
|
Term
|
Definition
| This attack sends malformed fragmented packets to a victim. The victim’s system usually cannot reassemble the packets correctly and freezes as a result. Countermeasures to this attack are to patch the system and use ingress filtering to detect these packet types. |
|
|
