1.4 Given a scenario, analyze potential indicators associated with network attacks. Flashcards

1
Q

What is a rogue access point and how to mitigate its affect.

A

Unauthroized WAP.
Maybe added by employee or an Attacker
Not malicious all the time
Very easy to plug in a WAP
Schedule Periodic Survey to check all WAPs.
Consider using 802.1x(Network Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a Wireless Evil twin

A

Wireless version of phishing.
Attacker may use a similar SSID name to trick users into connecting to the evil twin.
Big issue for Wifi hotspots. Easy to fool
Always use HTTPS and a VPN when using public WIFI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is BlueJacking

A

An attacker sends an unsolicited message to a victim’s machine, usually this is a mobile phone or tablet, and the attacker is sending this message over Bluetooth. This does not use the cellular frequencies from a mobile carrier or 802.11 networks. It’s exclusive to using the Bluetooth communications channel.
The attacker would need to be relatively close to the victim’s machine to be able to send these Bluejacking messages since Bluetooth is only effective within 10 meters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is blue snarfing

A

When an attacker can access data that’s on your mobile device using the Bluetooth communications channel, using Bluesnarfing, an attacker would be able to access contact lists, emails, calendar information, or any other data you might keep on that mobile device. Old concerns from 2003, a modern device will not be susceptible to this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is RFID and what it stands for

A

Radio frequency identification
NFC is a type of RFID. Has same vulnerability as any wireless communication has as it is free and in clear.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a nonce?

A

Arbitrary number used once. Used in cryptography. A “sAlt” is considered a nonce.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an On-PAth attack

A

an attacker that sits in the middle between two stations and is able to intercept, and in some cases, change that information that’s being sent interactively across the network. This is a type of attack that can occur without anyone knowing that anyone is sitting in the middle of the conversation.
Referred to as a Man-in-the-middle attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is ARP poisoning?

A

On-Path attack on the local IP subnet.
This is an Address Resolution Protocol poisoning. And that’s because ARP, as a protocol, does not have any type of security associated with it. Devices receive and modify ARP tables without any type of authentication or any type of encryption. This would allow an attacker to send ARPs to any device on the local subnet, and those local devices would interpret the ARPs as if they were coming from a legitimate source.

Will lead to ARP Tables with wrong information which will relay all information to the attacker before it gets to or from the router. They will be “in-the-middle” of any communication in the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an On-Path browser attack

A

Also known as man-in-the-browser attack.

A MitB attack occurs when the attacker compromises the web browser by installing malicious plug-ins, scripts, or intercepting API calls. Attackers can install vulnerability exploit kits on a website and will actively try to exploit vulnerabilities in clients browsing the site.

This type of attack has malware that’s running on the victim’s machine, and it’s usually not a person that’s handling the relay, but an automated process within the malware. Having malware on the same machine perform this on-path attack provides a number of advantages. Over the network, any encrypted data, even though it was proxied or relayed through a secondary device, would still be encrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Mac Flooding?

A

An attack that sends numerous packets to a switch, each of which has a different source MAC address, in an attempt to use up the memory on the switch. If this is successful, the switch will change state to fail‐open mode. Sends every frame to every interface on the switch. The switch has turned into a hub. Most switches have something called “Flood Guard” to prevent this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Mac cloning(Spoofing)?

A

Attacker changes their MAC address to match an existing MAC adress as a clone/spoof. disrupts communication to legitimate MAC. Easily manipulated via software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is DNS poisoning?

A
  • Modify host file located on each device, the host files takes precedence on each device when making a DNS query.
  • Attackers can also modify DNS Server information on the legitimate DNS Server.
  • Attacker could also send fake reponse to a valid DNS request to poison DNS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is domain hijacking?

A

Get access to domain registration and control where traffic flows. Using Brute force, social engineering etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an IV attack

A

An Initialization Vector attack modifies the IV of an encrypted wireless packet during transmission to compute the RC4 keystream to decrypt all other wireless traffic. This attack becomes useless when WPA or WPA2 wireless protection is enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what is URL redirection

A

URL redirection refers to the use of HTTP redirects to open a page other than the one the user requested.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is an application attack

A

An application attack targets vulnerabilities in the headers and payloads of specific application protocols. For example, one type of amplification attack targets DNS services with bogus queries.

17
Q

Operational Technology Atack

A

An operational technology attack is a network attack that involves connections between embedded system devices. The term is “operational” because these systems monitor and control physical electromechanical components.

18
Q

What is Http Reponse splitting

A

HTTP Response Splitting occurs when the attacker would craft a malicious URL and convince the victim to submit it to the web server.

19
Q

Locally Shared Objects(LSO)

A

LSOs, or Flash cookies, are data stored on a user’s computer by websites that use Adobe Flash Player. A site may be able to track a user’s browsing behavior through LSOs.

20
Q

disassociation attack

A

A disassociation attack uses disassociation packets to remove a known wireless access point (WAP) from a client’s list of available networks. This is a type of DoS on wireless networks.

21
Q

deauthentication attack

A

A deauthentication attack sends a stream of spoofed frames to cause a client to deauthenticate. This is a type of DoS attack on wireless networks