Submitted by :

Nitin Kumar & Sonali Goyal

MCA, SEM-II
• In computers and computer networks, an attack is any attempt
to expose, alter, disable, destroy, steal or gain unauthorized
access to or make unauthorized use of an asset.
• A cyberattack/networkattack is any type of offensive
maneuver that targets computer information systems,
infrastructures, computer networks, or personal computer
devices. A cyberattack may originate from an anonymous
source.
• A cyberattack may steal, alter, or destroy a specified target
by hacking into a susceptible system. Cyberattacks can range
from installing spyware on a personal computer to attempting
to destroy the infrastructure of entire nations. These
cyberattacks have become increasingly sophisticated and
dangerous.
Without security measures and controls in place, your data might be subjected to an
attack. Some attacks are
• Passive, meaning information is monitored; others are
• Active, meaning the information is altered with intent to corrupt or destroy the
data or the network itself.
Some of the common network attacks known are as follows :

1. DOS ( Denial Of Service Attack) / DDOS (Distributed Denial Of Service

Attack)
2. SQL Injection Attack
3. Cross-site scripting (XSS) Attack
4. Eavesdropping attack
5. Man-in-the-middle (MitM) attack
6. Password attack
7. Drive-by attack
 <DDoS or DoS Attack/>
• A denial-of-service attack overwhelms a system’s resources so that it cannot
respond to service requests. A DDoS attack is also an attack on system’s
resources, but it is launched from a large number of other host machines that are
infected by malicious software controlled by the attacker.
• Unlike attacks that are designed to enable the attacker to gain or increase
access, denial-of-service doesn’t provide direct benefits for attackers. For some
of them, it’s enough to have the satisfaction of service denial.
TYPES OF DOS ATTACKS :

TCP SYN flood attack

o In this, an attacker exploits the use of the buffer space during a TCP session initialization
handshake. The attacker’s device floods the target system’s small in-process queue with
connection requests, but it does not respond when the target system replies to those
requests.
o This causes the target system to time out while waiting for the response from the attacker’s
device, which makes the system crash or become unusable when the connection queue fills
up.
 <DDoS contd./>
Teardrop Attack
o This attack causes the length and fragmentation offset
fields in sequential Internet Protocol (IP) packets to overlap
one another on the attacked host; the attacked system
attempts to reconstruct packets during the process but fails.
The target system then becomes confused and crashes.

Ping Of Death Attack

o This type of attack uses IP packets to ‘ping a target system
with an IP size over the maximum of 65,535 bytes. IP
packets of this size are not allowed, so attacker fragments
the IP packet. Once the target system reassembles the
packet, it can experience buffer overflows and other
crashes.
o Ping of death attacks can be blocked by using a firewall
that will check fragmented IP packets for maximum size.
 <DDoS contd./>
Botnets
o Botnets are the millions of systems infected with malware under hacker control in order to
carry out DDoS attacks. These bots or zombie systems are used to carry out attacks against
the target systems, often overwhelming the target system’s bandwidth and processing
capabilities. These DDoS attacks are difficult to trace because botnets are located in
differing geographic locations.

• On Feb. 28, 2018, GitHub—a popular developer platform—was hit with a sudden
onslaught of traffic that clocked in at 1.35 terabits per second. If that sounds like a lot,
that’s because it is—that amount of traffic is not only massive, it’s record-breaking.
• In 2012, not one, not two, but a whopping six U.S. banks were targeted by a string of
DDoS attacks. The victims were no small-town banks either: They included Bank of America,
JP Morgan Chase, U.S. Bancorp, Citigroup and PNC Bank. The attack was carried out by
hundreds of hijacked servers, which each created peak floods of more than 60 gigabits of
traffic per second.
 SQL Injection
• SQL injection has become a common issue with database-driven websites. It occurs
when a malefactor executes a SQL query to the database via the input data from the
client to server. SQL commands are inserted into data-plane input (for example,
instead of the login or password) in order to run predefined SQL commands.

• A successful SQL injection exploit can read sensitive data from the database, modify
(insert, update or delete) database data, execute administration operations (such as
shutdown) on the database, recover the content of a given file, and, in some cases,
issue commands to the operating system.

• SQL injections work mostly if a website uses dynamic SQL. Additionally, SQL injection is
very common with PHP and ASP applications due to the prevalence of older functional
interfaces. J2EE and ASP.NET applications are less likely to have easily exploited SQL
injections because of the nature of the programmatic interfaces available.
 SQL Injection ctd.
• For example, a web form on a website might request a user’s account
name and then send it to the database in order to pull up the
associated account information using dynamic SQL like this:
“SELECT * FROM users WHERE account = ‘“ +
userProvidedAccountNumber +”’;”

While this works for users who are properly entering their account
number, it leaves a hole for attackers. For example, if someone decided
to provide an account number of “‘ or ‘1’ = ‘1’”, that would result in a
query string of:

“SELECT * FROM users WHERE account = ‘’ or ‘1’ = ‘1’;”

Because ‘1’ = ‘1’ always evaluates to TRUE, the database will return the
data for all users instead of just a single user.
 Cross-Site Scripting(XSS)
• XSS attacks use third-party web resources to run scripts in the victim’s web
browser or scriptable application. Specifically, the attacker injects a payload
with malicious JavaScript into a website’s database. When the victim requests a
page from the website, the website transmits the page, with the attacker’s
payload as part of the HTML body, to the victim’s browser, which executes the
malicious script.

• For example, it might send the victim’s cookie to the attacker’s server, and the
attacker can extract it and use it for session hijacking. The most dangerous
consequences occur when XSS is used to exploit additional vulnerabilities. These
vulnerabilities can enable an attacker to not only steal cookies, but also log key
strokes, capture screenshots, discover and collect network information, and
remotely access and control the victim’s machine.
Cross-Site Scripting(XSS)
 Eavesdropping Attack
• Eavesdropping attacks occur through the interception of network
traffic. By eavesdropping, an attacker can obtain passwords,
credit card numbers and other confidential information that a
user might be sending over the network. Eavesdropping can be
passive or active:
• Passive eavesdropping — A hacker detects the information by
listening to the message transmission in the network.
• Active eavesdropping — A hacker actively grabs the
information by disguising himself as friendly unit and by sending
queries to transmitters. This is called probing, scanning or
tampering.

Data encryption is the best countermeasure for eavesdropping.

 Man-in-the-middle (MitM) attack
• As the name indicates, a man-in-the-middle attack occurs when
someone between you and the person with whom you are
communicating is actively monitoring, capturing, and controlling your
communication transparently.

• For example, the attacker can re-route a data exchange. When

computers are communicating at low levels of the network layer, the
computers might not be able to determine with whom they are
exchanging data.

• A MitM attack occurs when a hacker inserts itself between the

communications of a client and a server. Here are some common
types of man-in-the-middle attacks:
 Man-in-the-middle (MitM) attack
Session hijacking
In this type of MitM attack, an attacker hijacks a session
between a trusted client and network server. The attacking
computer substitutes its IP address for the trusted client while
the server continues the session, believing it is communicating
with the client. For instance, the attack might unfold like this:
A client connects to a server.
• The attacker’s computer gains control of the client.
• The attacker’s computer disconnects the client from the
server.
• The attacker’s computer replaces the client’s IP address with
its own IP address and spoofs the client’s sequence numbers.
• The attacker’s computer continues dialog with the server
and the server believes it is still communicating with the
client.
 Man-in-the-middle (MitM) attack
IP Spoofing

IP spoofing is used by an attacker to convince a system that it is

communicating with a known, trusted entity and provide the
attacker with access to the system. The attacker sends a packet
with the IP source address of a known, trusted host instead of
its own IP source address to a target host. The target host might
accept the packet and act upon it.
 Password Attack
Because passwords are the most commonly used mechanism to
authenticate users to an information system, obtaining passwords is a
common and effective attack approach. Access to a person’s password
can be obtained by looking around the person’s desk, ‘‘sniffing’’ the
connection to the network to acquire unencrypted passwords, using social
engineering, gaining access to a password database or outright
guessing. The last approach can be done in either a random or
systematic manner:

• Brute-force password guessing means using a random approach by

trying different passwords and hoping that one work Some logic can
be applied by trying passwords related to the person’s name, job
title, hobbies or similar items.
.
 Password Attack
• Key Logger Attack A hacker uses a program to track all of a user’s
keystrokes. So at the end of the day, everything the user has typed—
including their login IDs and passwords—have been recorded. A key
logger attack is different than a brute force or dictionary attack in
many ways. Not the least of which, the key logging program used is
malware (or a full-blown virus) that must first make it onto the user’s
device (often the user is tricked into downloading it by clicking on a
link in an email).

• In a dictionary attack, a dictionary of common passwords is used to

attempt to gain access to a user’s computer and network. One
approach is to copy an encrypted file that contains the passwords,
apply the same encryption to a dictionary of commonly used
passwords, and compare the results.
 Drive-by Attack
• Drive-by download attacks are a common method of spreading
malware. Hackers look for insecure websites and plant a malicious script
into HTTP or PHP code on one of the pages. This script might install
malware directly onto the computer of someone who visits the site, or it
might re-direct the victim to a site controlled by the hackers.

• Drive-by downloads can happen when visiting a website or viewing an

email message or a pop-up window. Unlike many other types of cyber
security attacks, a drive-by doesn’t rely on a user to do anything to
actively enable the attack — you don’t have to click a download button
or open a malicious email attachment to become infected.

• A drive-by download can take advantage of an app, operating system

or web browser that contains security flaws due to unsuccessful updates
or lack of updates.
Drive-by Attack