9.1 IP and Protocols

Question 1

What does DHCP stand for and what is it for

Answer 1

The Dynamic Host Configuration Protocol (DHCP) is a
client-server based protocol on your local network
responsible for managing and providing these IPs.

Question 2

True or False

DHCP is dynamic, because most devices have fixed IP addresses.

Answer 2

DHCP is dynamic, because most devices do not have fixed IP addresses.

Question 3

True or False

DHCP is a Layer 7: Application protocol that uses two UDP ports:

67

68

Answer 3

True

Question 4

What is the DHCP Request and Receive Four-Step Process?

Answer 4

Step 1: DHCP Discover - client finds the server.

Step 2: DHCP Offer - The server checks available IPs, selects one, and sends it back over the network.

Step 3: DHCP Request - Client sends a message accepting the IP.

Step 4: mDHCP ACK - Server tells the client the IP is valid for the DHCP lease time, after which it can be sent to another machine.

Question 5

What does NAT stand for and what is it for?

Answer 5

Network Address Translation (NAT) is a method of mapping a private IP address to a public IP address and vice versa.

Question 6

NAT

Mapping gets stored in a _____________________

Answer 6

Mapping gets stored in a network address Translation Table

Question 7

True or False

NAT tables are managed by the router, considered the gateway between private and public networks.

Answer 7

True

Question 8

True or False

NAT touches several OSI layers, but it’s main task is IP address translation, so it primarily works on Layer 2

Answer 8

False

NAT touches several OSI layers, but it’s main task is IP address translation, so it primarily works on Layer 3: Network.

Question 9

DHCP Attacks

True or False

DHCP servers only have a limited amount of IP addresses they can distribute to devices on a LAN.

Answer 9

If an attacker is able to access the LAN, they can send a large number of DHCP messages over the network requesting IP addresses from the DHCP server.

If the number of requests is large enough, the DHCP server can run out of IPs, and new, legitimate users won’t be able to receive an IP.

Question 10

What is DHCP starvation?

Answer 10

If it sounds familiar, this is because it’s a type of denial
of service (DoS) attack. This attack impacts the availability concept of the CIA triad.

Question 11

How do you prevent DHCP Starvation?

Answer 11

One way to prevent DHCP starvation is to set a maximum threshold. This threshold is the number of DHCP requests a server can accept per second.

Question 12

What is DHCP spoofing?

Answer 12

After a DHCP starvation attack occurs, an attack can potentially set up a fraudulent DHCP server.

The fraudulent server can send spoof messages, assigning clients to a malicious router.

The attacker can use this router to capture sensitive data.

Question 13

How do you prevent DHCP Spoofing?

Answer 13

DHCP snooping

DHCP snooping is a process implemented on a network switch that inspects packets to confirm that they’re legitimate DHCP offers.

Question 14

Routing Schemes

What is Unicast?

Answer 14

A single device delivers a message to another single specific device.

Question 15

Routing Schemes

What is Unicast?

Answer 15

A single device delivers a message to another single specific device.

Ex. A phone call between two people

Question 16

Routing Schemes

What is Broadcast?

Answer 16

A single device broadcasts a message to all devices on that same network.

Ex. DHCP offer message that is broadcast across an entire LAN.

Question 17

Routing Schemes

What is Multicast?

Answer 17

A device sends a message to devices that have expressed interest in receiving the message.

Ex. A subscription-based service sends network traffic to its subscribers. Like Twitch

Question 18

What’s the disadvantage of Unicast?

Answer 18

If the message has to reach multiple destinations, many unicast messages must be sent.

Question 19

What’s the disadvantage of Broadcast?

Answer 19

Since broadcast messages are sent to everyone on a network, they can cause unnecessary traffic.

Question 20

What’s the disadvantage of Multicast?

Answer 20

Intended recipients will need to be updated and maintained to make sure they’re accurate.

Question 21

Routing Techniques

Networks use two primary routing techniques to
determine the path: ______ and ______ routing.

Answer 21

Networks use two primary routing techniques to

determine the path: static and dynamic routing.

Question 22

What is Static routing?

Answer 22

Static routing is the manual configuration of a network route, typically done by a network administrator.

Usually used on smaller networks.

Advantages: lower CPU on the router, network administrator has full control of their network’s routing behavior.

Disadvantages: fault tolerance, meaning if a device on a manually created path fails, the route can’t be adjusted.

Question 23

What is dynamic routing

Answer 23

Dynamic Routing prevents fault tolerance issues by allowing the network to act autonomously in order to avoid network blockages.

Network is adaptive and data gets forwarded on a different route depending on the network conditions.

Primary routing technique used over the internet.

Uses routing protocols to determine the best route.

Question 24

There are several dynamic routing protocols used to determine the path traffic takes to reach its final destination.

The two primary criteria are _____ and ______.

Answer 24

The two primary criteria are distance and speed.

Question 25

True or False

Distance is the number of hops (devices) it takes to get from the source to the destination.

Answer 25

True

Dynamic routing protocols that use distance as criteria are distance-vector routing protocols.

Protocols include:

Routing Information Protocol (RIP)

Enhanced Interior Gateway Routing Protocol (EIGRP)

Question 26

Devices that use WiFi have a standard called ________

Answer 26

Devices that use WiFi have a standard called 802.11.

Question 27

Wireless access points (WAPs) broadcast a signal called a _________ that computers detect and tune into.

Answer 27

Wireless access points (WAPs) broadcast a signal called a beacon that computers detect and tune into.

Question 28

Wireless Networking

When a WAP needs to broadcast its signal, it must identify itself with a ___________.

Answer 28

When a WAP needs to broadcast its signal, it must identify itself with a Basic Service Set Identifier (BSSID).

Question 29

These BSSIDs are not easily recognizable.

For example: 00-A4-22-01-53-45.

So WAPs also broadcast _____________.

Answer 29

So WAPs also broadcast Service Set Identifiers (SSID). For example:

Question 30

How do you secure WiFi?

Answer 30

First, there was Wired Equivalent Privacy (WEP), a security protocol using encryption to provide protection and privacy to wireless traffic.

Major vulnerabilities made WEP obsolete, replaced by a more secure, sophisticated protocol called WiFi Protected Access (WPA).

Finally, an even more secure protocol, WPA2, came along. This is currently the most commonly used protocol. 2006

Question 31

What is Aircrack-ng?

Answer 31

Decrypts WEP-encrypted wireless traffic.

Question 32

What are the ways cyber criminals can find weak wireless secuirty routers?

Answer 32

Wardriving: Driving around an area with a computer and a wireless antenna to find wireless LANs that may be vulnerable.

Warchalking: Marking locations with chalk so sites can be exploited these access points at a later time.

Warflying: Using drones to find vulnerable access points.

Question 33

What is an evil twin?

Answer 33

Cybercriminals can also create a fake WAP called an evil twin: When using an evil twin, an attacker can make a fake SSID to trick unsuspecting users into connect to the attacker’s wireless access point.