Known Attacks
The term "known attack" is frequently used to refer to attacks that target previously known vulnerabilities in commercial or open source application software such as IIS, Apache, Oracle, etc. Hundreds of vulnerabilities in such software are found and made public (http://www.cert.org, etc.) each year. Hackers use this information to construct attacks. Examples of such attacks include Code Red, Nimda, and Spida.
An attack often does not emerge for months or years after a particular vulnerability is made public. Given the lag between vulnerability and exploit, software developers almost always make software patches available well in advance of the exploit. Yet, each year, these attacks successfully victimize millions of organizations. The problem for organizations trying to patch software is two-fold. First, it is difficult to keep pace with vulnerabilities at the rate that that they become known. Second, many organizations do not have complete knowledge of all software that exists within the organization. In these situations, automated signature-based attack prevention products can effectively detect and block known attacks by scanning all traffic for patterns that match known vulnerabilities or exploits.
- Administrative Interface Access
- Access of Internal Components
- Anomaly Detection
- Brute Force
- Buffer Overflow
- Cookie Poisoning
- Cross-Site Request Forgery
- Cross-Site Scripting
- Denial of Service (DoS)
- Directory Traversal
- Distributed Denial of Service (DDoS)
- File/Parameter Enumeration
- Forceful Browsing
- Google Hacking
- Known Attacks
- LAND Attacks
- Malicious Encodings
- Parameter Tampering
- Server Takeover
- Session Hijacking
- Signature Detection
- Site Scanning/Probing
- Source Code Disclosure
- SQL Injection
- Stealth Commanding
- Unknown Attacks