RatSec Blog

osi attacks

- Posted in Uncategorized by

Application Layer

Functions Attack Vectors
User interface & applevel service malware injection
Web browsing, email, file transfer Phishing attacks
HTTP, SMTP, DNS protocols App-level DDoS attacks

Presentation Layer

Functions Attack Vectors
Data encryption & decryption Attack for weak encryption
Data compression & expansion File format exploits
Data format conversion Malicious code injection

Session layer

Functions Attack Vectors
Create & terminate app sessions Session hijacking & replay
Manage session state Session fixation attack
Video conferencing session Cross-site request forgery

Transport Layer

Functions Attack Vectors
End-to-end data delivery TCP/SYN & UDP flood attack
TCP and UDP protocols TCP hijacking & MiTM attack
Error correction & congestion ctrl Port scan for vulnerability

Network Layer

Functions Attack Vectors
Routing and IP addressing IP spoofing & fragmentation
IPv4, IPv6 & routing protocols Ping of death & ICMP flood
IP network configuration Route poisoning attacks

Data Link Layer

Functions Attack Vectors
Frames & physical addressing ARP spoofing & poisoning
Error detection and correction STP attack & MAC spoofing
Switching & Vlan configuration Wireless vulnerability attacks

Physical Layer

Functions Attack Vectors
Electrical/optical signaling Wire tapping & tampering
Ethernet cables and fibre optics Signal jamming
Physical layer configuration Unauthorised device install