#Detection-and-Mitigation of #Common-Attacks

#Ping-Flood: Overwhelms a target with excessive ping requests, overloading resources and preventing legitimate traffic.
#SYN-Flood: Exploits the three-way handshake by sending incomplete connection requests (SYN packets) without completing the handshake, leaving the server waiting for nonexistent responses.
#UDP-Flood: Bombards a target with User Datagram Protocol (UDP) packets, which are connectionless and don't require handshakes, further increasing resource consumption.
#Application-Layer-DoS: Targets specific vulnerabilities in web applications (e.g., slow database queries) to disrupt performance or crash them.

Ping Flood: An attacker floods a target server with a massive number of ICMP echo requests using a tool like "hping" or "ping-of-death," overwhelming its resources and causing it to become unresponsive.

SYN Flood: Attackers send a flood of TCP SYN packets, overwhelming the target's ability to complete the threeway handshake, and exhausting its connection resources.

HTTP GET Flood: An attacker uses automated tools to flood a web server with a large number of HTTP GET requests, consuming server resources and causing it to slow down or crash.

DNS Amplification: An attacker spoofs the source IP address and sends a small DNS query to an open DNS server, which, in turn, responds with a larger response to the forged source IP, amplifying the traffic directed at the target.

#Botnets: Networks of compromised devices remotely controlled by attackers to launch coordinated DoS attacks, creating a larger flood of traffic compared to single-source DoS.
#Amplification-Attacks: Leverage vulnerable servers like DNS resolvers to amplify response packets to the target, exponentially increasing their impact.
#Reflective-Attacks: Craft packets in a way that makes them appear to originate from the target itself, redirecting the attack's impact back to the victim server.

Mirai Botnet: Compromised IoT devices, such as cameras and routers, are used collectively as a botnet to flood a
target with traffic, disrupting its services.

#ARP-Spoofing: Deceives devices on a network by providing false ARP (Address Resolution Protocol) responses, diverting traffic to the attacker's machine, allowing them to eavesdrop and potentially modify it.
#DNS-Spoofing: Intercepts or redirects DNS requests, leading users to malicious websites instead of the legitimate ones they intended to visit.
#SSL-tripping: Downgrades encrypted HTTPS connections to unencrypted HTTP, exposing sensitive data transmitted between the user and the website.

ARP Spoofing: An attacker sends falsified Address Resolution Protocol (ARP) messages to associate their MAC
address with the IP address of a target, intercepting and manipulating the traffic.

DNS Spoofing: Manipulating DNS responses to redirect users from a legitimate website to a malicious one by
providing false IP address information.

SSL Stripping: Downgrading a secure HTTPS connection to an unencrypted HTTP connection, allowing the attacker
to intercept sensitive data.

#Passive-Sniffing: Captures network traffic without actively interacting with it, observing data exchanged between devices on the same network segment.
#Active-Sniffing: Employs techniques like ARP spoofing or packet injection to manipulate network traffic and capture data more deliberately.

Wireshark: An attacker uses Wireshark to capture and analyze packets on a network, gaining unauthorized access
to sensitive information, such as login credentials.

#Port-scanning is a process used to identify open ports on a computer or network device. These ports represent potential entry points for communication and attackers use port scans to discover weaknesses and vulnerabilities. Each type of scan reveals different information:

#SYN-Scan:

#ACK-Scan:

#XMAS-Scan:

Other Scanning Techniques:

Nmap SYN Scan: An attacker uses Nmap to perform a SYN scan, identifying open ports on a target system and
potential vulnerabilities.

#SQL-Injection: Inserts malicious SQL code into web application inputs to manipulate the database, potentially retrieving sensitive data, modifying information, or executing arbitrary commands.
#Blind-SQL-Injection: Detects the presence of a vulnerability without directly observing database responses, often relying on timing-based techniques or error messages.

Injecting Malicious SQL Code: Inputting SQL code into a web form to manipulate a database, potentially gaining unauthorized access or extracting sensitive information.

#Stored-XSS: Malicious scripts are permanently injected into a website's database, affecting all visitors who view the affected page.
#Reflected-XSS: Exploits user inputs like search queries or comments, reflecting the malicious script back to the user's browser for immediate execution.
#DOM-based-XSS: Modifies the Document Object Model ( #DOM) of a webpage on the client-side, often through JavaScript vulnerabilities, to inject malicious scripts.

Script Injection: Embedding malicious scripts in user-generated content on a website, which execute in other users'
browsers, stealing cookies or defacing pages.

Same-Site #CSRF: Targets actions within the same website, tricking a logged-in user into unintentionally performing unauthorized actions.
Cross-Site Request #Forgery with Token: Mitigates Same-Site CSRF by using anti-CSRF tokens that must be included in each request, preventing unauthorized actions without the correct token.

Unauthorized Form Submission: Forcing a logged-in user to submit a form that changes their email address or password without their knowledge.

#Phishing: Form of social engineering attack where attackers try to deceive you into revealing sensitive information, such as passwords, credit card details, or personal data.
#Spear-Phishing: Highly targeted email attacks tailored to specific individuals or organizations, often impersonating trusted entities.
#Vishing: Phishing attacks conducted over the phone, attempting to trick victims into revealing sensitive information.
#Smishing: Phishing attacks delivered via text messages (SMS), aiming to trick victims into clicking malicious links or divulging personal data.

Deceptive Email: Sending emails that appear to be from a trusted source, tricking users into clicking on malicious links,
or providing sensitive information.

#DNS-Spoofing: Redirects users to malicious websites by altering DNS responses, often using techniques like ARP spoofing.
#DNS-Cache-Poisoning: Exploits vulnerabilities in DNS servers to store incorrect information, directing users to unintended destinations.

Scenario 1: Direct Spoofing:

Scenario 2: DNS Cache Poisoning:

Key Takeaways:

#Passive-Eavesdropping: Intercepts data without interfering with the communication, typically targeting unencrypted channels.
Active #Eavesdropping: Injects devices or modified packets into the communication, potentially disrupting it while gathering information.

Unauthorized Wi-Fi Interception: Capturing unencrypted Wi-Fi traffic using tools like Wireshark to eavesdrop on sensitive data, such as login credentials.

Attacks that exploit #Zero-Day #vulnerabilities in software or systems before the vendor releases a patch, making them particularly dangerous as there's no immediate defense.

Exploiting Unknown Vulnerability: Leveraging a previously undisclosed vulnerability in a software application before a patch is released, allowing unauthorized access or system manipulation