Advanced Attacks Flashcards
1
Q
MAC Spoofing
- Type of attack
- An exploitation
A
MAC Spoofing
- Use software to change MAC address of NIC
- MAC flood attack overwhelms switch with spoofed MACs
- Attacker can use to bypass MAC filtering
2
Q
IP Spoofing
A
IP Spoofing
- Attacker changes source IP address of packet
- Attack from single systems seems to come from many
3
Q
SYN Flood Attack
A
SYN Flood Attack
- Against server on internet
- Disrupt three-way handshake
- Attacker sends many SYN’s
- Never completes with ACK’s
- Many half-open connections
- Servers can limit number of connection, but may deny connections to legit clients
- One attacker spoof IP for DoS
- Many attackers are DDoS
4
Q
Man-In-The-Middle
-What can prevent and how?
A
Man-In-The-Middle
- Third computer intercepts comms and forwards
- Can insert malicious code
- Kerberos helps prevent with mutual authentication
5
Q
ARP Poisoning
-Two kinds of attack
A
ARP Poisoning
- Attacker creates fake ARP reply with spoofed MAC address to poison ARP cache
- ARP Man-In-The-Middle - make traffic of router go to attacker. Attacker uses IP forwarding to send traffic to router
- ARP DoS - send ARP reply with bogus MAC address for default gateway - stops traffic out of network
6
Q
DNS Poisoning
-What prevents?
A
DNS Poisoning
- Replace IP address of legit website with that of malicious site
- DNS-SEC prevents
7
Q
DDoS DNS Attack
A
DDoS DNS Attack
-Botnet machines repeatedly send queries to DNS servers, overwhelm them
8
Q
Amplification Attack
A
Amplification Attack
- DoS
- Increase traffic sent to or from victims
- smurf attack
- DNS amplification attack
- NTP attack
9
Q
Smurf Attack
A
Smurf Attack
- An amplification attack
- broadcast ping to all computers in subnet, spoof source IP to victim, so victim gets
10
Q
DNS Amplification Attack
A
DNS Amplification Attack
- An amplification attack
- Send DNS requests spoofing IP address of victim; request as much zone data as possible
11
Q
NTP Attack
A
NTP Attack
- An amplification attack
- Request monlist (last 600 systems requesting time) using spoofed IP address of victim
12
Q
Pass The Hash Attack
- What is susceptible and why?
- Use what instead?
A
Pass The Hash Attack
- Password attack
- Discover password hash and use to log on
- LM and NTLM susceptible because hash not encrypted
- Use NTLMv2 or Kerberos instead
13
Q
Birthday Attack
- Type of attack
- How to prevent
- What is susceptible
- What is not susceptible
A
Birthday Attack
- Password attack
- Attacker creates hash that produces same hash as actual password (hash collision)
- Prevent by increasing bits in hash
- MD5 has 128 bits - susceptible
- SHA-3 has 512 bits - not susceptible
14
Q
Rainbow Table Attack
-How to prevent
A
Rainbow Table Attack
- Database of passwords and their hashes
- Compare hash of original password vs hashes in table
- When match, password discovered
- Salting prevents - random data (extra characters) before hashing
15
Q
Replay Attack
-What prevents
A
Replay Attack
- Password attack
- Attacker intercepts authentication credentials and replays to impersonate
- Timestamps and sequence numbers can prevent - Kerberos