Security attacks

Categories of attacks
Active attacks
Passive attacks

Trojan Horse Malicious code hidden in harmless program which

can cause damage to the resources
Phishing A duplicate website created as legitimate site would trap
information from the user.
Sniffing Program that captures data addressed to other machines
or from the network to make use of the information over
communication.
Hacking A hacker would have the control over a machine
remotely.
DOS attack
DC++ is a file sharing software which has created an attack
emanating from hundreds of thousands of Internet protocol
addresses (IPs), with many of the attacks producing more than a
gigabit of junk data every second. The sheer number of Internet
addresses has caused problems for routers and firewalls.

Zero-Day Exploit

A zero-day exploit is one that takes advantage of a security vulnerability on the

same day that the vulnerability becomes generally known. There are zero days
between the time the vulnerability is discovered and the first attack.
Data Diddling

Data diddling is the changing of data before or during entry into the computer
system. Examples include forging or counterfeiting documents used for data
entry and exchanging valid disks and tapes with modified replacements.
Smurf Attack

The Smurf Attack is a denial-of-service attack in which large numbers of ICMP

packets with the intended victim's spoofed source IP are broadcast to a
computer network using an IP Broadcast address. Most devices on a network
will, in their default settings, respond to this by sending a reply to the source IP
address. If the number of machines on the network that receive and respond to
these packets is very large, the victim's computer will be flooding with traffic.

Eavesdropping - Eavesdropping is the act of secretly listening to the

private conversation of others without their consent.
Teardrop attack - A DoS attack where fragmented packets are forged to
overlap each other when the receiving host tries to reassemble them.
Man-in-middle attack - The man-in-the-middle attack (often
abbreviated MITM, MitM, MIM, MiM, MITMA) is a form of active
eavesdropping in which the attacker makes independent connections
with the victims and relays messages between them, making them
believe that they are talking directly to each other over a private
connection, when in fact the entire conversation is controlled by the
attacker.

Brute force attack- Brute-force attack, or exhaustive key search, is a

cryptanalytic attack that can, in theory, be used against any encrypted data.
Such an attack might be utilized when it is not possible to take advantage
of other weaknesses in an encryption system (if any exist) that would make
the task easier.
ARP poisoning attack - When two hosts want to communicate to each
other through an Ethernet link, the source host must know the MAC
address of the destination host. In this way, the source host looks at its
ARP table to see if there is a MAC address corresponding to the
destination host IP address. If not, it broadcasts an ARP Request to the
entire network. ARP does not verify replies, so bad guys can force an ARP
poisoning.
Ping of death - A ping of death (abbreviated "PoD") is a type of attack on a
computer that involves sending a malicious ping to a computer. A ping is
normally 56 bytes in size. Many computer systems could not handle a ping
packet larger than the maximum IPv4 packet size, which is 65,535 bytes.
Sending a ping of this size could crash the target computer

Identity Spoofing - Spoofing occurs when the attacker determines and

uses an IP address of a network, computer, or network component
without being authorized to do so.
Sybil attack - A Sybil attack is one in which an attacker subverts the
reputation system of network by creating a large number of
pseudonymous entities, using them to gain a disproportionately large
influence.
Unsolicited messaging - The risks associated with unsolicited
messaging, the speed with which they spread and the extent of
potential damages are staggering, and increasing exponentially.
Spammers, who can only survive if their messages get to the maximum
number of people.
Eclipse attack - In an Eclipse attack, a set of malicious nodes to
isolate one or more honest nodes. Before an attacker can launch an
eclipse attack, control must be gained over a certain amount of nodes
along strategic routing paths.

Logic Bomb - A logic bomb is a piece of code intentionally inserted

into a software system that will set off a malicious function when
specified conditions are met. For example, a programmer may hide a
piece of code that starts deleting files (such as a salary database
trigger), should they ever be terminated from the company.
Time Bomb - Some viruses attack their host systems on specific
dates, such as Friday the 13th or April Fool's Day. Trojans that activate
on certain dates are often called "time bombs".
Zip Bomb A Zip bomb is a file containing multiple nested
compressed files that expand exponentially when unzipped. A zip
bomb, also known as decompression bomb, is a malicious archive file
designed to crash the program or system reading it.