Advanced Attacks Flashcards

1
Q

MAC Spoofing

  • Type of attack
  • An exploitation
A

MAC Spoofing

  • Use software to change MAC address of NIC
  • MAC flood attack overwhelms switch with spoofed MACs
  • Attacker can use to bypass MAC filtering
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IP Spoofing

A

IP Spoofing

  • Attacker changes source IP address of packet
  • Attack from single systems seems to come from many
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SYN Flood Attack

A

SYN Flood Attack

  • Against server on internet
  • Disrupt three-way handshake
  • Attacker sends many SYN’s
  • Never completes with ACK’s
  • Many half-open connections
  • Servers can limit number of connection, but may deny connections to legit clients
  • One attacker spoof IP for DoS
  • Many attackers are DDoS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Man-In-The-Middle

-What can prevent and how?

A

Man-In-The-Middle

  • Third computer intercepts comms and forwards
  • Can insert malicious code
  • Kerberos helps prevent with mutual authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ARP Poisoning

-Two kinds of attack

A

ARP Poisoning

  • Attacker creates fake ARP reply with spoofed MAC address to poison ARP cache
  • ARP Man-In-The-Middle - make traffic of router go to attacker. Attacker uses IP forwarding to send traffic to router
  • ARP DoS - send ARP reply with bogus MAC address for default gateway - stops traffic out of network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DNS Poisoning

-What prevents?

A

DNS Poisoning

  • Replace IP address of legit website with that of malicious site
  • DNS-SEC prevents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DDoS DNS Attack

A

DDoS DNS Attack

-Botnet machines repeatedly send queries to DNS servers, overwhelm them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Amplification Attack

A

Amplification Attack

  • DoS
  • Increase traffic sent to or from victims
  • smurf attack
  • DNS amplification attack
  • NTP attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Smurf Attack

A

Smurf Attack

  • An amplification attack
  • broadcast ping to all computers in subnet, spoof source IP to victim, so victim gets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

DNS Amplification Attack

A

DNS Amplification Attack

  • An amplification attack
  • Send DNS requests spoofing IP address of victim; request as much zone data as possible
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

NTP Attack

A

NTP Attack

  • An amplification attack
  • Request monlist (last 600 systems requesting time) using spoofed IP address of victim
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Pass The Hash Attack

  • What is susceptible and why?
  • Use what instead?
A

Pass The Hash Attack

  • Password attack
  • Discover password hash and use to log on
  • LM and NTLM susceptible because hash not encrypted
  • Use NTLMv2 or Kerberos instead
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Birthday Attack

  • Type of attack
  • How to prevent
  • What is susceptible
  • What is not susceptible
A

Birthday Attack

  • Password attack
  • Attacker creates hash that produces same hash as actual password (hash collision)
  • Prevent by increasing bits in hash
  • MD5 has 128 bits - susceptible
  • SHA-3 has 512 bits - not susceptible
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Rainbow Table Attack

-How to prevent

A

Rainbow Table Attack

  • Database of passwords and their hashes
  • Compare hash of original password vs hashes in table
  • When match, password discovered
  • Salting prevents - random data (extra characters) before hashing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Replay Attack

-What prevents

A

Replay Attack

  • Password attack
  • Attacker intercepts authentication credentials and replays to impersonate
  • Timestamps and sequence numbers can prevent - Kerberos
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Known Plaintext Attack

A

Known Plaintext Attack

  • Attacker has sample of plaintext and its ciphertext
  • Use both to discover encryption method
  • Use to decrypt other cyphertexts
17
Q

Chosen Plaintext Attack

A

Chosen Plaintext Attack

  • Choose part of encrypted message you know, try to decrypt that
  • If it works, use same method to decrypt whole message
18
Q

Session Hijacking

A

Session Hijacking

-Attacker uses user’s session ID (cookie) to impersonate user

19
Q

Domain Hijacking

A

Domain Hijacking

  • Change registration of domain name
  • Likely using social engineering
20
Q

Man-In-The-Browser

A

Man-In-The-Browser

  • Proxy trojan horse infecting web browsers
  • Can capture session data: keystrokes, data sent from browser (bank login info)
21
Q

Buffer Overflow Attack

A

Buffer Overflow Attack

  • Use buffer overflow to overwrite memory with malicious code
  • Ex: long string, first part causes buffer overflows, then string of no-op commands (NOP or x90) followed by malicious code
22
Q

Directory Traversal

A

Directory Traversal

  • Webserver vulnerability
  • Injection attack
  • Enter directory path into web form or text box
23
Q

Cross Site Scripting (XSS)

A

Cross Site Scripting (XSS)

  • Webserver vulnerability
  • Attackers embed malicious HTML or Javascript into website’s code
  • Or email link that takes advantage of website that allows scripts to run in user input
  • Executes when user visits
  • Can capture cookies
  • Prevent with
  • input validation
  • security encoding library to sanitize HTML
24
Q

Cross-Site Request Forgery (XSRF)

-How to prevent

A

Cross-Site Request Forgery (XSRF)

  • Webserver vulnerability
  • Attacker tricks user into performing action on website
  • Attacker creates HTML link that performs action if clicked, ie, www.foo.com/edit?action=badstuff
  • attacker makes request on behalf of the authenticated user
  • Prevent by
  • expiring cookie
  • forcing re-authentication when performing action
  • sending token with form submission and check on server
25
Q

Kerberos prevents these attacks

A

Kerberos prevents these attacks

  • Replay attack - timestamps and sequence numbers
  • Pass the hash attack - encrypts hash
  • Man-In-The-Middle - mutual authentication