1.4 Given a scenario, analyze potential indicators associated with network attacks. Flashcards
What is an Evil Twin Attack?
It is where a hacker sets up a rogue AP that broadcasts the same SSID (Service Set Identifier), which appears as the wireless network’s name to ordinary users. This Evil Twin does not use the same security level as the legitimate AP so users will connect easier to that Evil twin. Once connected, the attacker can intercept the user’s traffic and game access to credentials or personal information.
What is a Rogue Access Point?
It is a WAP that is set up in a secure network that attracts people to connect to it. A malicious person can deliberately set up a rogue AP the collect network traffic.
What is Bluesnarfing?
A bluetooth attack in which an attacker steals data from the target device by connecting to an unsuspecting user’s device.
What is Bluejacking?
Bluejacking is where an attacker connects to an unsuspecting user’s device and involves sending data to a target device. such as a smartphone, usually in the form of unsolicited texts messages. It is mainly used to annoy and harass people, but DOES NOT steal data from the user.
What is a Disassociation attack?
A malicious user sends a deauthentication frame to the WAP with a spoof MAC address of a victim that is currently on the WAP. This WAP will then kick the victim off and the victim’s machine will try to reconnect or associate automatically. This malicious actor can then perform a bunch of attacks on the victim whether it is an evil twin, brute-force attack, DoS, Man-in-the-middle attack, etc.
What is wireless jamming?
Jamming is a form of intentional interference on wireless networks, designed as a DoS attack typically. This type of attack overpowers the signals of a legitimate wireless access point, typically using a rogue AP with its transmit power set to very high levels.
What is Radio Frequency Identification (RFID)?
It is a type of technology that uses a low power radio signal from the chip implanted in a card and a device that scans it in order to ID the person or give credentials. It needs to be close in order to read the RFID. Unfortunately, this is vulnerable to many types of attacks.
What is Near Field Communication?
This enables devices to send a very low-power radio signal to each other by a special chip implanted in a device/card/etc. It needs to be very close in order to read the device. Usually 4 inches or closer.
What is an Initialization Vector?
It is an arbitrary number that can be used along with a secret key for data encryption. This number, called a nonce, is employed only one time in any session. It helps prevent repetition in encryption, making it more difficult for a dictionary attack.
What is an on-path attack(Also referred to Man-in-the-middle Attack)?
It is an sophisticated attack where you insert something on the path between a legitimate system and a trusted resource.
What is Address Resolution Protocol (ARP) Poisoning?
When some system gives false ARP information to another system, this poisons the victim’s ARP Cache. ARP poisoning can allow an attacker to send ARP commands to the victim’s system to redirect traffic to the attacker’s system. ARP poisoning software can help to create MITM attacks and MAC flooding.
What is Media Access Control (MAC) flooding?
Attackers can send many new frames with “new” source MAC addresses, seeking to overwhelm the limited capacity of the CAM table(this holds MAC addresses in a switch). It will cause a Switch to broadcast all traffic and send ARPS to try to rebuild a CAM table and an attacker can implant their MAC addresses via ARP poisoning.
What is MAC Cloning?
It is when an attacker changes the MAC address of a device to match the MAC address of another device in order to gain illicit access to the network. In order for MAC Cloning to work, the attacker needs to disable the victim’s device MAC since there can’t be two of the same MAC addresses.
What is Domain Name System (DNS)?
DNS resolves internet names to IP addresses. DNS consists of clients(need name resolution services) and servers(provides name translation services).
What is Domain Hijacking?
Domain Hijacking means to take control of legitimate domain registration in some way that the actual owner does not desire.
