 Welcome back to this course. This week will be an introduction to some types of network attacks. It will not be an exhaustive list of attacks, but it will focus on a few attacks that are clearly visible when we monitor networks. We will therefore focus on network scans, worms, and botnets. For botnets and worms, we will use some external material. Finally, note that there are other relevant network attacks that would not appear in this list, like denial of service attacks. This is because we will have dedicated lectures about it. A network scan is a mechanism for gathering information about the hosts on a network. The basic mechanism is to engage the target such that it will answer to a crafted packet called a probe. Once a scanner has received an answer, it will keep a list of hosts for further use. And of course, the lack of an answer can also be valuable information. If this is then done at scale, for example for an entire network, scans can give you valuable information about how a network or a service is managed. We will talk about worms as an example of how malware spreads. A network worm is a self-replicating and self-spreading malware. Once active, a worm will start looking for its nest infection. Most likely, it will do that by scanning the network for hosts that run a specific, vulnerable service. After that, the worm will try to infect the target host by installing itself on the host, and once there, it will try to spread again. A botnet is a network of interconnected hosts infected with malware that makes them to perform coordinated malicious activity, like sending spam or conducting a denial of service attack. Infected hosts are also called zombies or bots. Zombies can communicate and receive commands in a client server-centralized fashion in which a command-and-control server instructs the bots on which activities they need to carry on. Alternatively, botnets can be structured in a peer-to-peer fashion, in which each bot can communicate with any other bot. Botnets are not per se an attack, but they provide the infrastructure for large distributed attacks. In summary, you can see here the outline of the topic of this week. After this introduction, we will look into scams, worms and botnets. Finally, we will conclude.