1.4 Given a scenario, analyze potential indicators associated with network attacks. Flashcards
Evil twin
Using a false AP, cloning the identity of a legit AP based on client device’s request to connect
Rogue WAP
Access point not authorized by network authorities, usually aren’t configured well for security
Bluesnarfing
Unauthorized access of data via bluetooth connection
Bluejacking
Sending unsolicited messages to bluetooth-capable devices
Disassociation
A wireless management frame, disconnecting clients
Radio frequency identifier (RFID)
Tracking technology based on ability to power a radio transmitter using current generated in an antenna
Jamming
Transmission of radio signals to prevent reliable communications by decreasing effective signal-to-noise ratio
Near field communication (NFC)
A standard establishing radio communications between devices in close proximity
Derivative from RFID
Initialization vector (IV)
Mathematical and cryptographic term for random number
Most modern crypto functions use IV’s to increase security by reducing predictability & repeatability
On-path attack (previously known as man-in-the middle attack/man-in-the-browser attack)
Initially a communications eavesdropping attack, where an attacker then positions themselves between a client and server
Countermeasures to on-path attacks
Strong encryption protocols
Strong authentication
Domain Name System Security Extensions
Mutual cert. authentication
Layer 2 attack
Falsifying layer 2 IP-to-MAC address resolution
Media access control (MAC) flooding
Uses flooding attack to compromise a switch so that the switch gets stuck into flooding all network communications
MAC cloning
Altering a system’s software copy of NIC’s MAC creating frames w/modified or spoofed MAC address
Countermeasures to MAC cloning
Using intelligent switches monitoring for odd MAC address uses
Using NIDS monitoring for MAC address use and abuses
Maintaining an inventory of devices and MAC addresses to confirm if device is authorized or unknown/rogue
Domain name system (DNS)
Domain Name System (DNS) translates domain names to IP addresses so browsers can load Internet resources.
Domain hijacking
Changing the registration of a domain name w/o authorization of valid owner
Accomplished by stealing owner’s login, using XSRF, session hijacking, on-path attack, or exploiting flaw in domain registrar’s systems
Methods of DNS poisoning
Rogue DNS server
DNS poisoning of zone file
Alter HOSTS file
Corrupt IP config via DHCP to change a DNS lookup address
Proxy falsification to redirect DNS traffic
DNS poisoning
Act of falsifying DNS info used by client to reach a desired system
Universal resource locator (URL) redirection
Force users of an application to an untrusted external site
Domain reputation
Scoring system used to determine site legitimacy
Distributed denial-of-service (DDoS)
Using one or more intermediary systems serving as attack platforms to perform DoS
These systems are known as bots, zombies, or agents
Denial of service (DoS)
Form of attack w/the goal of preventing victimized system from performing legit activity
Distributed reflective denial-of-service (DRDoS)
Employs amplification or bounce network that is an unknowing participant.
Attacker sends spoofed message packets to network’s broadcast address, then each host responds to that packet, with that response going to a victim
DoS/DDoS/DRDoS attacks
Smurf
-Form of DRDoS
-Uses ICMP reply packets
Fraggle
-Form of DRDoS
-Uses UDP packets
SYN Flood
-Attack is an exploitation of TCP three-way handshake to perform resource exhaustion
-Sending numerous SYN packets w/o ACK packets
Ping of death
-Sending fragments to victim, which when re-assembled result in oversized ping packet, resulting in buffer overflow
Xmas attack
-Using XMAS scan to perform DoS
Teardrop
-Partial transmission of fragmented packets causing target to consume system resources holding onto the incomplete reassembles
Land attack
-SYN Flood where source and dest. address are both set to victim’s address causing logical error
Protections to DoS/DDoS/DRDoS attacks
Firewalls, routers, and IDSs that can detect and auto block port or filter packets based on source/dest. address
Disable echo replies on external systems
Disable broadcast features on border systems
Block spoofed packets from entering or leaving
Keep all systems patched
Use a flood guard
Network DoS Attack
Attempt to consume all bandwidth of connection
Application DoS Attack
Attempt to consume all system resources through app queries or half-open connections
Operational technology (OT) DoS Attack
Focused on OT systems, a collection of computer systems designed to monitor/manipulate physical world
Malicious code or script execution
PowerShell - ps1
Python - py
Bash - sh
Macros
Virtual Basic for Applications (VBA)
