1.4 Flashcards
Given a scenario, analyze potential indicators associated with network attacks
Rouge Access Point
Unauthorized wireless access point, not necessarily malicious as it may be added by an employee. It is a significant potential backdoor to the network.
Wireless Evil Twin
A rouge access point that looks legitimate but is actually malicious. Attackers configure an access point to look like an existing network and may even try to overpower the existing access points.
Bluejacking
Sending of unsolicited messages to another device via Bluetooth. Attacker needs to be close to the machine, about 10 meters. Low priority attack, only sending messages to a user’s device.
Bluesnarfing
Access a Bluetooth-enabled device and transfer data. This was the first major security weakness in Bluetooth and was patched in 2003. Modern Bluetooth devices are not prone to this attack.
Wireless Deauthenication
A Denial of Service (DoS) attack that is difficult to combat as there is not much you can do. Attackers target the way 802.11 communicates by taking advantage of disassociation frames. 802.11w (2014) encrypts these frames to help alleviate this issue.
Radio Frequency (RF) Jamming
DoS attack that prevents wireless communication. Attackers decrease the signal-to-noise ratio at the receiving device, making it so the receiving device can’t hear the good signal.
Wireless Jamming
Attacker can attack in a few ways, like sending random bits of data, or sending constant legitimate frames to take all the bandwidth. Attacker may also utilize Reactive jamming or jamming only when someone else tries to communicate. Attackers need to be somewhere close.
RFID Attacks
Attackers may try to capture data between the tag and the reader. They may also try to spoof the reader and write their own data to the tag. DoS may also be used by signal jamming the Radio Frequency.
Cryptographic nonce
A nonce is arbitrary number, some random or pseudo-random number. In cryptography a nonce is used to help add some randomization to the encrypted data, protecting against attacks like replay attacks.
Salt
A nonce most commonly associated with password randomization. Password storages should always be salted.
On Path Attacks
Formerly known as man-in-the-middle attack, where the attacker sits between two ends of a conversation, having the data pass through the attacker.
On-Path Browser Attack
Formerly known as main-in-the-browser, the malware/trojan runs on the victims machine to proxy the traffic. Everything will look normal to the victim, but the attacker can see all the data in its raw unencrypted form.
MAC Flooding
Attackers take advantage of the limitation of the size of MAC tables. They will send traffic with different source MAC addresses, and the switch will try to keep up. When the switch cannot add more to the MAC table, the switch will start acting as a hub and sends all frames to all interfaces on the switch. The attacker can then easily capture network traffic.
MAC Cloning/MAC Spoofing
Attacker changes their MAC address to match the MAC address of an existing device.
DNS Poisoning
Advanced attacker can modify the DNS server. This can be done by targeting the client host file, as it takes precents over DNS queries. Attacker can also utilize on-path attacks to change the ip while the traffic is in motion.
