Attacks summary¶

Tap Attack: Unauthorized physical access to network cables or ports to intercept data, exploiting unsecured physical network infrastructure.
RF Jamming: Deliberately sending radio frequency signals to disrupt wireless network communications, exploiting the nature of shared wireless medium.
Physical Destruction: Damaging or destroying physical components of a network (e.g., routers, switches, cabling), exploiting the physical vulnerability of network hardware.

ARP Spoofing: Attacker sends fake ARP (Address Resolution Protocol) messages to link their MAC address with the IP address of another host, exploiting the lack of authentication in ARP protocols.
MAC Flooding: Overwhelming the switch's MAC table by flooding the network with frames with unique MAC addresses, exploiting limited size of MAC address tables in switches.
VLAN Hopping: Exploiting switch misconfigurations to send traffic from one VLAN to another unauthorized VLAN.

IP Spoofing: Creating IP packets with a forged source IP address to conceal the sender's identity or impersonate another computing system, exploiting the lack of authentication in the IP protocol.
Routing Attack: Compromising network routers to disrupt or reroute network traffic, exploiting vulnerabilities in routing protocols.
Ping of Death: Sending malformed or oversized packets to crash, freeze, or reboot the target machine, exploiting the handling of fragmented packets.

SYN Flood: Overloading a server by initiating a large number of TCP connections but not completing the handshake, exploiting the TCP three-way handshake.
Session Hijacking: Taking over a web user's session by stealing or predicting a valid session token, exploiting the stateful nature of TCP connections.
UDP Flood: Flooding the target with UDP packets, leading to denial of service, exploiting the stateless nature of UDP.

Man-in-the-Middle Attack: Intercepting communication between two parties and possibly altering the communication, exploiting non-encrypted session establishment.
Session Fixation: An attacker fixes a user's session ID before the user logs in, then hijacks the user's authenticated session, exploiting the vulnerable session management.
Cross-Site Request Forgery (CSRF): Tricking a victim's browser into sending unauthorized commands to a website, exploiting the website's trust in the user's browser.

SSL Stripping: Downgrading a secure HTTPS connection to an unsecured HTTP connection, exploiting the client's ability to handle multiple types of connections.
Compression Ratio Info-leak Made Easy (CRIME): Exploiting the compression mechanism of SSL to extract secure data, particularly cookies.
Character Encoding Attacks: Manipulating character encoding to bypass input validation checks, exploiting weaknesses in data representation and encoding.

SQL Injection: Inserting or "injecting" a SQL query via input data from the client to the application, exploiting poor input validation.
Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users, exploiting the trust a user has for a particular site.
DNS Hijacking: Redirecting queries to a fraudulent domain name server, leading users to malicious websites, exploiting vulnerabilities in DNS services.