4 main types of cyber attacks

The current network attack model is multi-faceted and multi-method, making it difficult to guard against. Generally speaking, they are divided into four categories: denial of service attacks, exploitation attacks, information collection attacks, and fake news attacks.

1. Denial of service attack (Recommended learning: PHP video tutorial)
Denial of service attack attempt Denial-of-service attacks are the easiest attack to carry out, preventing you from providing services by crashing or overwhelming your service computer: IP stack implementations trust the information contained in the headers of packets in IP fragments to implement their own attacks. IP fragments contain information indicating which part of the original packet the fragment contains. Some TCP/IP (including NT before servicepack 4) will crash when receiving forged fragments containing overlapping offsets.
Defense: The server applies the latest service pack, or reassembles segments when setting up a firewall instead of forwarding them.


2. Exploitation attack
Exploitation attack is a type of attack that attempts to directly control your machine: Trojan horse
Overview: Trojan horse is A program that is secretly installed on a target system either directly by a hacker or through an unsuspecting user. Once the installation is successful and administrator rights are obtained, the person who installed the program can directly control the target system remotely.
The most effective one is called a backdoor program. Malicious programs include: NetBus, BackOrifice and BO2k, and benign programs used to control the system such as: netcat, VNC, pcAnywhere. The ideal backdoor operates transparently.
Defense: Avoid downloading suspicious programs and refuse to execute them, and use network scanning software to regularly monitor the listening TCP service on the internal host.


3. Information collection attacks
Information collection attacks do not cause harm to the target itself. As the name suggests, this type of attack is used to provide useful information for further intrusions. Mainly include: scanning technology, architecture probing, use of information services
Address scanning

Overview: Use programs such as ping to detect target addresses, and responses to this indicate its existence.

Defense: Filter out ICMP reply messages on the firewall.

Architectural Detection
Overview: Hackers use automated tools with a database of known response types to examine responses from target hosts to bad packet transmissions. Since each operating system has its own unique response method (for example, the specific implementation of the TCP/IP stack is different between NT and Solaris), by comparing this unique response with known responses in the database, hackers can often determine The operating system that the target host is running.
Defense: Remove or modify various banners, including those of the operating system and various application services, and block the ports used for identification to disrupt the opponent's attack plan.

Exploiting Information Services
DNS Domain Transition
Overview: The DNS protocol does not authenticate transitions or informational updates, which allows the protocol to be exploited in a number of different ways. If you maintain a public DNS server, a hacker can obtain the names and internal IP addresses of all your hosts by performing a domain translation operation.
Defense: Filter out domain conversion requests at the firewall.


4. Fake message attack
is used to attack messages with incorrect target configuration, mainly including: DNS cache pollution and forged emails. DNS Cache Pollution
Overview: Because DNS servers exchange information with other name servers without authentication, this allows hackers to incorporate incorrect information and direct users to the hacker's own host. .
Defense: Filter inbound DNS updates on the firewall. External DNS servers should not be able to change what your internal servers know about internal machines.
Fake Email
Overview: Since SMTP does not authenticate the sender of the email, a hacker can forge an email to your internal customers, claiming to be from someone the customer knows and trusts, and with the A Trojan horse program that can be installed on the computer, or a link to a malicious website.
Defense: Use security tools such as PGP and install email certificates

For more PHP-related technical articles, please visit the

PHP Graphic Tutorial

column to learn!

The above is the detailed content of 4 main types of cyber attacks. For more information, please follow other related articles on the PHP Chinese website!