Layer 5
Session Hijacking: When users browse the internet, the web server sends a token to each user’s browser to identify the connection from each user. In a session hijacking attack, an attacker steals a valid session token to gain unauthorised access to a web server. Methods used by attackers to achieve this include a Cross-site Scripting (XSS), Man-in-the-middle (MiTM) attack etc.
Layer 4
TCP Session hijack: This is slightly different from layer 5 session hijacking. This refers to taking over an existing session and it falls under layer4 because it takes advantage of the Transmission Control Protocol (TCP) which operates on Layer 4 of the OSI- The transport layer.
Fraggle: this uses the User Datagram Protocol (UDP). A Fraggle attack is when an attacker sends large amounts of UDP traffic to the broadcast address of a target network. This is a type of Denial-of-Service (DoS) attack and sometimes referred to as a variation of the Smurf attack.
SYN Flood: This is also a type of Denial of Service attack. Multiple SYN packets are sent to ports on the target server. The server then responds to the SYN with a SYN-ACK packet. Normally there should be an ACK packet sent back by the initiator to complete the ‘3-way handshake’ or finalise the connection but this never happens. This is repeated multiple times without ever finalising the connection. Think of it as stretching out your hand to shake someone and withdrawing them once the other person also stretches out their hand to shake. Think of it as repeatedly stretching out your hand to shake someone and withdrawing them once the other person also stretches out their hand to shake you back.
Land Attack: This attack could fall under Layer3 as well because it also makes use of the Internet Protocol (IP). In a Land attack, the attacker sends TCP packets with the same source and destination IP (and port) address. This sends the target machine (if vulnerable) to a spin where the TCP stack repeatedly processes the packet until the target machine crashes.
Layer 3
Smurf attack: This is a type of Distributed Denial of Service (DDoS). It falls under layer3 because it exploits vulnerabilities in the Internet Protocol (IP) and ICMP-Internet Control Message Protocol. A smurf attack is when attackers send ping traffic in large amounts to the broadcast address of a network, router, or sometimes access point.
Ping of Death: this is when an attacker sends oversized packets to a target machine using the ping command. When pinging a host, you can specify size of packets, the count or number of times to repeat the ping, you can set the interval and many other options. This makes it possible to specify really large size of packets to ping a target with. This also takes advantage of the Internet Control Message Protocol.
Teardrop: is a denial-of-service attack that messes with IP fragments usually with a goal of crashing the target machine. It achieves this by a causing a kernel panic on the target machine when the machine cannot reassemble the fragmented packets forged by the attacker, and these packets begin to overlap until the machine cannot handle them anymore and it crashes.
Layer 2
MAC Flooding: This is an attack against the switch. An attacker sends large amount of layer 2 frames to the target switch. Think of MAC flooding as a DoS on Layer 2. A MAC flood attack is usually used by attackers to send the switch to a fail open state. This then makes it possible to perform other attacks against the switch e.g. MAC Spoofing. MAC Flooding is not usually the end goal but a means to achieve the end goal.
MAC Spoofing: an attacker tries to pose as one of the legitimate MAC addresses allowed on a network. The attacker would usually sniff the network prior to spoofing the MAC, to gain knowledge of the network and gather some inside information.
VLAN Hopping: This is when a perpetrator illegitimately moves from one VLAN to another VLAN usually with the goal of accessing network traffic or information on the other VLAN. The perpetrator should normally not have access to the other VLAN.
Ive read several just right stuff here Certainly price bookmarking for revisiting I wonder how a lot effort you place to create this kind of great informative website
Unleash AI’s power and turn it into your income stream.
YouTube AdWords izlenme satın alma ve dislike gibi hizmetler, takiple.com.tr üzerinden kullanıcılara sunulan seçenekler arasındadır. Bu hizmetler, içerik üreticilerinin videolarının etkileşimini artırmasına yardımcı olabilir.
I was recommended this website by my cousin. I am not sure whether this post is written by him as nobody else know such detailed about my trouble. You are amazing! Thanks!
vous êtes en réalité un bon webmaster la vitesse de chargement du site est incroyable il semble que vous fassiez un travail unique de plus le contenu est magistral vous avez fait un travail formidable sur ce sujet
I do not even know how I ended up here, but I thought this post was great. I don’t know who you are but definitely you’re going to a famous blogger if you aren’t already 😉 Cheers!
Your article helped me a lot, is there any more related content? Thanks!