9.1 IP and Protocols Flashcards
What does DHCP stand for and what is it for
The Dynamic Host Configuration Protocol (DHCP) is a
client-server based protocol on your local network
responsible for managing and providing these IPs.
True or False
DHCP is dynamic, because most devices have fixed IP addresses.
DHCP is dynamic, because most devices do not have fixed IP addresses.
True or False
DHCP is a Layer 7: Application protocol that uses two UDP ports:
67
68
True
What is the DHCP Request and Receive Four-Step Process?
Step 1: DHCP Discover - client finds the server.
Step 2: DHCP Offer - The server checks available IPs, selects one, and sends it back over the network.
Step 3: DHCP Request - Client sends a message accepting the IP.
Step 4: mDHCP ACK - Server tells the client the IP is valid for the DHCP lease time, after which it can be sent to another machine.
What does NAT stand for and what is it for?
Network Address Translation (NAT) is a method of mapping a private IP address to a public IP address and vice versa.
NAT
Mapping gets stored in a _____________________
Mapping gets stored in a network address Translation Table
True or False
NAT tables are managed by the router, considered the gateway between private and public networks.
True
True or False
NAT touches several OSI layers, but it’s main task is IP address translation, so it primarily works on Layer 2
False
NAT touches several OSI layers, but it’s main task is IP address translation, so it primarily works on Layer 3: Network.
DHCP Attacks
True or False
DHCP servers only have a limited amount of IP addresses they can distribute to devices on a LAN.
If an attacker is able to access the LAN, they can send a large number of DHCP messages over the network requesting IP addresses from the DHCP server.
If the number of requests is large enough, the DHCP server can run out of IPs, and new, legitimate users won’t be able to receive an IP.
What is DHCP starvation?
If it sounds familiar, this is because it’s a type of denial of service (DoS) attack. This attack impacts the availability concept of the CIA triad.
How do you prevent DHCP Starvation?
One way to prevent DHCP starvation is to set a maximum threshold. This threshold is the number of DHCP requests a server can accept per second.
What is DHCP spoofing?
After a DHCP starvation attack occurs, an attack can potentially set up a fraudulent DHCP server.
The fraudulent server can send spoof messages, assigning clients to a malicious router.
The attacker can use this router to capture sensitive data.
How do you prevent DHCP Spoofing?
DHCP snooping
DHCP snooping is a process implemented on a network switch that inspects packets to confirm that they’re legitimate DHCP offers.
Routing Schemes
What is Unicast?
A single device delivers a message to another single specific device.
Routing Schemes
What is Unicast?
A single device delivers a message to another single specific device.
Ex. A phone call between two people
Routing Schemes
What is Broadcast?
A single device broadcasts a message to all devices on that same network.
Ex. DHCP offer message that is broadcast across an entire LAN.
Routing Schemes
What is Multicast?
A device sends a message to devices that have expressed interest in receiving the message.
Ex. A subscription-based service sends network traffic to its subscribers. Like Twitch
What’s the disadvantage of Unicast?
If the message has to reach multiple destinations, many unicast messages must be sent.
What’s the disadvantage of Broadcast?
Since broadcast messages are sent to everyone on a network, they can cause unnecessary traffic.
What’s the disadvantage of Multicast?
Intended recipients will need to be updated and maintained to make sure they’re accurate.
Routing Techniques
Networks use two primary routing techniques to
determine the path: ______ and ______ routing.
Networks use two primary routing techniques to
determine the path: static and dynamic routing.
What is Static routing?
Static routing is the manual configuration of a network route, typically done by a network administrator.
Usually used on smaller networks.
Advantages: lower CPU on the router, network administrator has full control of their network’s routing behavior.
Disadvantages: fault tolerance, meaning if a device on a manually created path fails, the route can’t be adjusted.
What is dynamic routing
Dynamic Routing prevents fault tolerance issues by allowing the network to act autonomously in order to avoid network blockages.
Network is adaptive and data gets forwarded on a different route depending on the network conditions.
Primary routing technique used over the internet.
Uses routing protocols to determine the best route.
There are several dynamic routing protocols used to determine the path traffic takes to reach its final destination.
The two primary criteria are _____ and ______.
The two primary criteria are distance and speed.
True or False
Distance is the number of hops (devices) it takes to get from the source to the destination.
True
Dynamic routing protocols that use distance as criteria are distance-vector routing protocols.
Protocols include:
Routing Information Protocol (RIP)
Enhanced Interior Gateway Routing Protocol (EIGRP)
Devices that use WiFi have a standard called ________
Devices that use WiFi have a standard called 802.11.
Wireless access points (WAPs) broadcast a signal called a _________ that computers detect and tune into.
Wireless access points (WAPs) broadcast a signal called a beacon that computers detect and tune into.
Wireless Networking
When a WAP needs to broadcast its signal, it must identify itself with a ___________.
When a WAP needs to broadcast its signal, it must identify itself with a Basic Service Set Identifier (BSSID).
These BSSIDs are not easily recognizable.
For example: 00-A4-22-01-53-45.
So WAPs also broadcast _____________.
So WAPs also broadcast Service Set Identifiers (SSID). For example:
How do you secure WiFi?
First, there was Wired Equivalent Privacy (WEP), a security protocol using encryption to provide protection and privacy to wireless traffic.
Major vulnerabilities made WEP obsolete, replaced by a more secure, sophisticated protocol called WiFi Protected Access (WPA).
Finally, an even more secure protocol, WPA2, came along. This is currently the most commonly used protocol. 2006
What is Aircrack-ng?
Decrypts WEP-encrypted wireless traffic.
What are the ways cyber criminals can find weak wireless secuirty routers?
Wardriving: Driving around an area with a computer and a wireless antenna to find wireless LANs that may be vulnerable.
Warchalking: Marking locations with chalk so sites can be exploited these access points at a later time.
Warflying: Using drones to find vulnerable access points.
What is an evil twin?
Cybercriminals can also create a fake WAP called an evil twin: When using an evil twin, an attacker can make a fake SSID to trick unsuspecting users into connect to the attacker’s wireless access point.
