8: 7 Network Attacks

Question 1

DoS Attack

Answer 1

Denial of Service attack makes a system unavailable for legit users by sending a huge number of requests to a server.

Question 2

Dos Limitations

Answer 2

Easy to block based on IP address, require a huge bandwidth

Question 3

DDoS attacks

Answer 3

Utilizes botnets to overwhelm a target

Question 4

Smurf attack

Answer 4

Attacker sends echo requests to third-party servers with a forged victim IP address, and then send reply to the victim’s IP address

Question 5

Amplified DDoS attacks

Answer 5

Sends small requests that lead to large replies- looking for the higher amplification factor

Question 6

Eavesdropping Attacks

Answer 6

Theft of information as a user communicates with a server over the web. Relies on compromised Communication path (network device tapping, DNS poisoning, ARP poisoning)

Question 7

Man-in-the-middle Attack

Answer 7

Attacker tricks the user to establish a communication channel with the attacker, who then communicates with the server on behalf of the client while reading the information.

Question 8

Replay Attack

Answer 8

Uses previously captured data to create a separate attack at a later date - just has the encoded version of the credentials

Question 9

Defeat replay attacks

Answer 9

Use a token session system, and timestamps

Question 10

SSL Stripping

Answer 10

Tricks browser into using unencrypted communications

Question 11

DNS

Answer 11

Domain Name System, translates common domain names into IP address for the purpose of network routing

Question 12

Hierarchical DNS lookup

Answer 12

Root Nameserver, then .org nameserver, then specific .org nameserver

Question 13

DNS Poisoning

Answer 13

Inserting incorrect DNS records in a valid DNS Server than will then redirect the user to the attacker’s server.

Question 14

Typosquatting

Answer 14

Registering many domain names with similar address hoping to capture legitimate traffic.

Question 15

Domain Hijacking

Answer 15

Taking over control of an organization’s valid domain name.

Question 16

URL Redirection

Answer 16

Attacker places redirects on a trusted site to content hosted on a malicious site.

Question 17

ARP

Answer 17

Address Resolution Protocol - protocol that translates IP address to hardware MAC addresses on local area networks

Question 18

ARP poisoning

Answer 18

Only works on LAN - Confuses system that the gateway device is different than expected.

Question 19

MAC flooding attack

Answer 19

Rapidly cycle addresses on a single system to overwhelm the table that maintains MAC addresses in memory, causing switch to forget where system is located, which will then broadcast traffic

Question 20

MAC Spoofing/Cloning

Answer 20

Alterns the assigned hardware address of a system to assume a false identity or engage in a MAC flooding attack

Question 21

IP Spoofing

Answer 21

Alters the IP address of a system and normally can’t be used for two-way communication - difficult to reconfigure network to receive return traffic at a spoofed IP address.

Question 22

Anti-Spoofing controls

Answer 22

Ingress Filtering - blocks inbound traffic that contains spoofed source addresses
Egress filtering - blocks outbound traffic that contains spoofed source addresses

Question 23

Wireless Attacks on WEP

Answer 23

Attackers get enough Initialization vectors to reconstruct the encryption key

Question 24

Wireless Attacks on WPA

Answer 24

WPA depends on RC4, but also TKIP (changing keys each time). Issue is with hashing function.

Question 25

WPS

Answer 25

Wi-Fi Protect Setup - allows quick setup of devices (press button on both devices, uses 8-digit WPS PIN)

Question 26

Issues with WPS

Answer 26

Trivial to guess the WPS PIN (11000 guesses) gives access to the network. WPS PIN cannot change on a device.

Question 27

Jamming and Interference Attacks

Answer 27

DoS attack that broadcasts a strong signal that over the same spectrum that overwhelms the signal

Question 28

Wardriving

Answer 28

Cruise neighborhoods and commercial areas using tools that capture information about Wi-Fi network.

Question 29

Rogue Access Point

Answer 29

Connecting an unauthorized AP to a corporate network. Bypasses authentication, can interfere with legitimate wireless use.

Question 30

Rogue AP Detection

Answer 30

Built-in detection systems of Enterprise grade wireless.

Question 31

Evil twins

Answer 31

Fake AP with SSID of legitimate network, then redirect users to phishing IDs

Question 32

Disassociation Attack

Answer 32

Disconnects a client from a network using a deauthentication frame - spoofed frame believed to come from access point, so disconnects.

Question 33

Goals of Disassociation Attack

Answer 33

Gather authentication information for cryptographic attacks, can deny service too

Question 34

NFC

Answer 34

Near Field Communication system (30-50 feet apart)

Question 35

Bluetooth

Answer 35

NFC technology used to connect speakers, headsets, keyboards, and similar devices

Question 36

Bluejacking

Answer 36

Attack sends bluetooth spam to a user’s device

Question 37

Bluesnarfing

Answer 37

Attacker force pairing between devices in older bluetooth devices

Question 38

NFS Security Improvements

Answer 38

Turn off discoverable mode when not in use, apply firmware updates, watch for suspicious activities

Question 39

RFID

Answer 39

Chips embedded in many items and may be read by scanners

Question 40

RFID Security Concerns

Answer 40

Businesses want strong authentication and encryption to protect the integrity of RFID systems
Consumers want privacy safeguards to protect their personal information