4.2 Summarize various types of attacks and their impact to the network.

Question 1

What is a DoS?

Answer 1

• Denial of Service
• An action or series of actions that cause a system to fail.
• Hacker takes advantage of a failure or vulnerability.
• “friendly” DoS (Layer 2 loop without STP; or Bandwidth DoS).

Question 2

What is a DDoS?

Answer 2

• Distributed Denial of Service
• Multiple devices acting in unison to deny service
• Botnet (At its peak, Zeus botnet infected over 3.6 million PCs)

Question 3

What is VLAN hopping?

Answer 3

• VLANs are separated into their own network
• Some configurations do not need a router and can connect to other VLANs

Question 4

What is MAC flooding?

Answer 4

• the “physical” address of a network adapter
• 48 bits / 6 bytes long, displayed in hexadecimal
• The MAC table is only so big, attacker starts sending traffic with different source MAC addresses to force out legitimate MAC addresses.

Question 5

What is ARP spoofing?

Answer 5

• Attacker sits on the path between client and router and sends fake ARP packets that link an attacker’s MAC address with an IP of a computer already on the LAN.

Question 6

What is ARP poisoning?

Answer 6

• The attacker changes company’s ARP Cache table, so it contains falsified MAC maps.

Question 7

What is DNS poisoning?

Answer 7

• Send a fake response to a valid DNS request which requires redirection of the original request or the resulting response.

Question 8

What is DNS spoofing?

Answer 8

• Modifying the client host file which would take precedent over the DNS queries.

Question 9

What is a rogue device (DHCP or AP)?

Answer 9

• IP addresses assigned by a non-authorized server (no inherent security in DHCP).
• Client is assigned a invalid or duplicate address.

Question 10

What is an “evil twin”?

Answer 10

• Someone who is trying to leverage a wireless access point as a way to maliciously attack your network.
• They can do this by: configuring access point to look like existing network, overpowering the existing access points so that the false one is only being accessed.

Question 11

What is an “on-path” attack?

Answer 11

• The attacker needs to be able to sit between the client and the services that they are trying to access (via switch, router, piece of equipment).

Question 12

Switch Spoofing

Answer 12

• A VLAN hopping technique that support automatic configuration with no authentication required
• You are essentially presenting yourself as a switch and you can send trunk negotiation.
• You now have ability to send information to any VLAN that you are connecting with.

Question 13

Double Tagging

Answer 13

• Another form of VLAN hopping
• Used in trunking between switching
• Takes advantage of the “native” VLAN configuration.
• First “native” VLAN tag is removed; second “fake” tag is now visible to the second switch and packet is forwarded to the target.
• To prevent: don’t put any devices on the “native VLAN, change the “native” VLAN ID, force tagging of the “navtive” VLAN