Which of the following is not a type of attack used against access controls?

The Teardrop attack is characterized as a network-level attack that targets vulnerabilities in the TCP/IP protocol stack, particularly affecting how systems handle fragmented packets. This type of attack can cause systems to crash or behave unpredictably but does not specifically target access controls.

In contrast, phishing is a social engineering tactic designed to trick individuals into revealing sensitive information, such as usernames and passwords, thereby compromising access controls. SQL Injection involves inserting malicious SQL queries via input fields to exploit database vulnerabilities, which can lead to unauthorized access to data and manipulation of access controls. Denial of Service (DoS) attacks aim to make services unavailable to legitimate users, indirectly impacting access controls by overwhelming servers and preventing users from gaining legitimate access.

Since the Teardrop attack does not engage with access control mechanisms but rather focuses on exploiting network stack vulnerabilities, it is correctly identified as not being a type of attack specifically aimed at access controls.