1.4 Given a scenario, analyze potential indicators associated with network attacks. Flashcards
What is a rogue access point and how to mitigate its affect.
Unauthroized WAP.
Maybe added by employee or an Attacker
Not malicious all the time
Very easy to plug in a WAP
Schedule Periodic Survey to check all WAPs.
Consider using 802.1x(Network Access Control
What is a Wireless Evil twin
Wireless version of phishing.
Attacker may use a similar SSID name to trick users into connecting to the evil twin.
Big issue for Wifi hotspots. Easy to fool
Always use HTTPS and a VPN when using public WIFI.
What is BlueJacking
An attacker sends an unsolicited message to a victim’s machine, usually this is a mobile phone or tablet, and the attacker is sending this message over Bluetooth. This does not use the cellular frequencies from a mobile carrier or 802.11 networks. It’s exclusive to using the Bluetooth communications channel.
The attacker would need to be relatively close to the victim’s machine to be able to send these Bluejacking messages since Bluetooth is only effective within 10 meters.
What is blue snarfing
When an attacker can access data that’s on your mobile device using the Bluetooth communications channel, using Bluesnarfing, an attacker would be able to access contact lists, emails, calendar information, or any other data you might keep on that mobile device. Old concerns from 2003, a modern device will not be susceptible to this.
What is RFID and what it stands for
Radio frequency identification
NFC is a type of RFID. Has same vulnerability as any wireless communication has as it is free and in clear.
What is a nonce?
Arbitrary number used once. Used in cryptography. A “sAlt” is considered a nonce.
What is an On-PAth attack
an attacker that sits in the middle between two stations and is able to intercept, and in some cases, change that information that’s being sent interactively across the network. This is a type of attack that can occur without anyone knowing that anyone is sitting in the middle of the conversation.
Referred to as a Man-in-the-middle attack.
What is ARP poisoning?
On-Path attack on the local IP subnet.
This is an Address Resolution Protocol poisoning. And that’s because ARP, as a protocol, does not have any type of security associated with it. Devices receive and modify ARP tables without any type of authentication or any type of encryption. This would allow an attacker to send ARPs to any device on the local subnet, and those local devices would interpret the ARPs as if they were coming from a legitimate source.
Will lead to ARP Tables with wrong information which will relay all information to the attacker before it gets to or from the router. They will be “in-the-middle” of any communication in the network.
What is an On-Path browser attack
Also known as man-in-the-browser attack.
A MitB attack occurs when the attacker compromises the web browser by installing malicious plug-ins, scripts, or intercepting API calls. Attackers can install vulnerability exploit kits on a website and will actively try to exploit vulnerabilities in clients browsing the site.
This type of attack has malware that’s running on the victim’s machine, and it’s usually not a person that’s handling the relay, but an automated process within the malware. Having malware on the same machine perform this on-path attack provides a number of advantages. Over the network, any encrypted data, even though it was proxied or relayed through a secondary device, would still be encrypted.
What is Mac Flooding?
An attack that sends numerous packets to a switch, each of which has a different source MAC address, in an attempt to use up the memory on the switch. If this is successful, the switch will change state to fail‐open mode. Sends every frame to every interface on the switch. The switch has turned into a hub. Most switches have something called “Flood Guard” to prevent this.
What is Mac cloning(Spoofing)?
Attacker changes their MAC address to match an existing MAC adress as a clone/spoof. disrupts communication to legitimate MAC. Easily manipulated via software.
What is DNS poisoning?
- Modify host file located on each device, the host files takes precedence on each device when making a DNS query.
- Attackers can also modify DNS Server information on the legitimate DNS Server.
- Attacker could also send fake reponse to a valid DNS request to poison DNS
What is domain hijacking?
Get access to domain registration and control where traffic flows. Using Brute force, social engineering etc.
What is an IV attack
An Initialization Vector attack modifies the IV of an encrypted wireless packet during transmission to compute the RC4 keystream to decrypt all other wireless traffic. This attack becomes useless when WPA or WPA2 wireless protection is enabled.
what is URL redirection
URL redirection refers to the use of HTTP redirects to open a page other than the one the user requested.