Snooping Attacks

• Purpose: Intercepting data between devices.
• Types:
  • Eavesdropping (packet sniffing)
  • Man-in-the-middle
  • Replay

Man-in-the-Middle (MITM) Attacks

• Purpose: Intercepting and altering communication between two parties.
• Types:
  • Physical: Attacker physically intercepts traffic (e.g., on a public Wi-Fi network).
  • Logical: Attacker redirects victims to malicious websites (e.g., through phishing emails).

Replay Attacks

• Purpose: Reusing intercepted data to gain unauthorized access.
• Requirements: Trusted entities and access tokens.

Cross-Site Scripting (XSS) Attacks

• Purpose: Injecting malicious code into a trusted website.
• Types:
  • Reflected: Malicious code added to the end of a URL.
  • Persistent: Malicious code embedded in comments sections or forums.

SQL Injection Attacks

• Purpose: Gaining unauthorized access to a database using malicious SQL code.
• Vulnerability: Sites vulnerable to SQL injection often return a "Syntax Error" when a quotation mark is added to the login field.

Denial of Service (DoS) Attacks

• Purpose: Overwhelming a network or system with traffic to make it unavailable.
• Types:
  • Buffer overflow
  • ICMP flood
  • SYN flood

Distributed Denial of Service (DDoS) Attacks

• Purpose: DoS attack launched from a botnet.