Site home page
(news and notices)

Get alerts when Linktionary is updated

Book updates and addendums

Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)

Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!

Contribute to this site

Electronic licensing info



Attacks and Attackers

Related Entries    Web Links    New/Updated Information

Search Linktionary (powered by FreeFind)

Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

An attack is an attempt by an attacker (also commonly called a hacker) to access a system or take control of a system (a computer, network server, Web site, and so on) using a variety of methods. The intent of an attack is assumed to be malicious. The attacker may wish to view sensitive information, change information, shut down the system, or overload it to prevent other users from accessing it (a denial of service attack). Encrypted information may be attacked, meaning that the attacker is attempting to break the encryption and discover the secured information. Attackers are more commonly referred to as "hackers."

There are two primary types of attacks:

  • Passive attack Monitoring and collecting information about a system to be used in a later attack. An eavesdropper listens for information being transmitted that can be used in a later attack.

  • Active attack An active attack is one in which the attacker actually attempts to gain access to a system through unauthorized or illegal means.

An attacker may monitor the sessions of other users (a passive attack) and then take over the sessions (an active attack). In a replay attack, the attacker uses previously gathered information to gain access to a system by replaying it to the system, which thinks that it is dealing with a valid session.

Two important Internet RFCs provide information about attacks and attackers. RFC 2196 (Site Security Handbook, September 1997) provides extensive information on security policies, firewalls, authentication, and access. Most important, it described procedures for detecting and handling security incidents. RFC 2504 (User's Security Handbook, February 1999) decribes useful information for users that can help in preventing attacks.

Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.