Types Of Attack – CompTIA Security+ Lesson 25

Attackers have various reasons for initiating an attack. Your goal ist to keep the people in your network safe. No matter the motive of the attacker.

Possible reasons for an attack could be:

  • For fun aka. White(ish) Hat
  • To steal/damage aka. Black Hat
  • to make a political statement aka. Grey Hat

Now lets take a closer loot at the types of attack.


(Distributed) Denial-of-Service attacks prevent access to resources to users authorized to use them.

Imagine your servers are so busy responding to false requests, that they haven’t enough ressources to respond to the legitimate requests. May it be for bandwith or physical problems.

Usually the attack will result in one of the following:

  • Denying access to information
  • Bring down a host/website
  • Crash the OS
  • Use the full bandwith of an organisations communication
  • Open as many TCP- Sessions as possible

The most common DoS- Attacks are ping of death & buffer overflow.

Spoofing attacks

Spoofing attack is a term used for different attacks that all share a similar trait: Masquerade.

Spoofing attacks are typically IP Spoofing, Arp Spoofing and DNS Spoofing.

The goal of IP Spoofing is to make it look like the data came from a trusted host, or to “hide the location” of an attacker.

With ARP Spoofing an attacker makes it look like the data came from a network/machine that it did not.

To route traffic, mail or any other data that uses a DNS to resolve a hostname, an attacker may use DNS Spoofing.

Pharming attacks

Using DNS Spoofing/ DNS Poisoning an attacker could reroute users to a maliscious copy of a banking website, wait untill users typed in the credentials and submitted them and collect them.

Password attacks

To crack hashed password, an attacker might use a password cracker with one of the following methods:

  • Brute Force
  • Dictionary
  • Hybrid
  • Birthday
  • Rainbow Table

An explanation of all the different methods can be found here.