1.4 Flashcards
Rogue access points
Unauthorized wireless access point added by employer or attacker, may not be malicious but potentially a back door
Wireless evil twin
Looks like existing access point for malicious reasons. Getting users to input ssid and sec settings. Can overpower access point and WiFi hotspots
Install vpn. And encrypt!
Blue jacking
Attacker sending unsolicited Bluetooth message (radius of ten meters) can send other types of message like media
Blue snarfing
Can access data using Bluetooth like
Calendar email pics etc.
Wireless jamming / rf jamming
The amount of noise is above the good noise for WiFi. Noise is created with sending constant random info or legitimate Frames. Reactive jamming when others send info attacker sends too
Needs to be close
Fox hunting with antenna to triangulate
RFID
It’s everywhere. Radar technology, powered by receiving signal. It’s wireless
Comms. Can capture transmissions or
Spoof reader. DDos jamming also.
NFC near feild Comms
Blue tooth for example . Used
For payments and access tokens. Can be a key to unlock door. It’s wireless and any interference is DDos. Perhaps can be replayed and relayed
Cryptography without randomization
A dog color inverted, can still see outline of dog it’s just inverted cause not random
Add a nonce, for the time being a one time use
Cryptographic nonce
Adding nonce to any outgoing or incoming g message for like WEP or SSL. Including password hashes so they are ransomed
For all users in system
On path attack (man in the middle attack)
Attacker who sits in middle of message and intercepts, can also modify as transmits
ARP poisoning
ARP has no security, local ip network subnet
Defines who is and gets Max address and IP address revealing all iP and max addresses. It’s saved In arp cache.
Attacker sends unprompted arp message and changes info in arp cache so that any info gets sent to hacker not regularly
Cached com
Need to be on local network
On path browser attack
Malware on victim machine, capture data being displayed
Mac address
48 bits/6 bytes long hexidecimal addy of physical network adapter address
12 values, first six is manufacture last six is serial number
Lan switching
Forward or drop frames based on MAC addy
Gather constantly updating list of mac addy expire in 5 mins
Maintain loop free environment using spanning tree protocol stp
Has limited MAC addresses
Mac flooding.
Attackers sending the above limit of a switches ability to handle MAC addresses , as the max table fills, the switch can’t direct individual frames but sends all frames
Max cloning or spoofing
Match exist allow list to access info, or DDos for switching back and forth to determine where the max addy came from
DNS attacks
Poison server by modifying host file
By sit in middle with on path attack and modifying query
By modifying dns request by sending fake response to a valid dns request
Domain hijacking
Brute force, social engineering. Or malware for authentication info on a domain
URL hijack
Sending to badly named but similar legitimate name for phishing
Typosquatting (incorrect typed)
Denial of service
Causing a service to stop responding from vulnerability exploitation
Includes botnets but also pulling to power plug. Creating a layer 2 loop that pauses services and no enough resources as well
DDos is when multiple devices cause a site to become unavailable
Application dos
Zip bomb 42 kilo bytes expanding to 4.5 petabytes
Malicious scripts
Automatically operated in a quick manner. Automated attack function.
Through Python, powershell, or shellscript in Linux
Macros
Automated file execution after a file is clicked
