Vulnerabilities by layer
Posted August 29, 2008 at 7:04 pm in VulnerabilitiesThis is a short list of network layers and their possible vulnerabilities/attack vectors.
| Human | Social engineering, phishing, dumpster diving, shoulder surfing, scams, caller ID spoofing, poor policies |
| Application | Buffer overflows, XSS, malware, virii, worms, trojans, code exploits, application attacks |
| Presentation | Cleartext extraction/sniffing, NetBIOS enumeration, protocol attacks |
| Session | Session hijacking, SYN flooding, password attacks |
| Transport | Port scans, DoS attacks, service manipulation, flag manipulation |
| Network | IP attacks, ARP poisoning, MAC flooding, ICMP attacks, routing attacks |
| Data Link | Sniffing, MAC spoofing, WEP attacks |
| Physical | Wiretapping, interception, hardware hacks, lock picking, physical access attacks |
Commentary