Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

certified ethical hacker > Attacks > Flashcards

Attacks Flashcards

1
Q

Teardrop

A

During a Teardrop attack, an attacker sends several large overlapping IP fragments. The victim system will attempt to reassemble these packets, sometimes causing the system to crash. The Teardrop attack is called a Denial of Service (DoS) attack, because it denies service to the victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Smurf

A

In a Smurf attack, an attacker pings a broadcast address by sending Internet Control Message Protocol (ICMP) Echo Request packets with a forged source address. Every device that receives the ICMP ping will send an Echo Reply to the forged source address, which can overwhelm the device at that source address. Therefore, the Smurf attack is also a DoS attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Fraggle

A

In a Fraggle attack, an attacker sends User Datagram Protocol (UDP) echo and chargen packets with a forged source address. Every device that receives one of these UDP broadcasts will send a response to the spoofed source address, which can overwhelm the device at that source address. Therefore, the Fraggle attack is also a DoS attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

LAND

A

In a Local Area Network Denial (LAND) attack, an attacker sends an IP packet with the same source and destination address and port. When the victim with that destination address receives the packet, it can become confused and crash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

POODLE

A

Padding Oracle On Downgraded Legacy Encryption (POODLE) was originally a man-in-the middle attack that was designed to exploit vulnerabilities in security protocol fallback mechanisms from Transport Layer Security (TLS) to Secure Sockets Layer (SSL) 3.0. That variant of the POODLE attack could decrypt a single byte of an encrypted message by making up to 256 SSL 3.0 requests while eavesdropping on an encrypted connection. A later variant of POODLE discovered in 2014 is capable of exploiting bugs in the implementation of block cipher mode in TLS from version 1.0 through version 1.2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Heartbleed

A

Heartbleed is an OpenSSL vulnerability that could allow an attacker to obtain approximately 64 kilobytes (KB) of information from a web server’s memory at regular intervals. The Heartbleed bug, which was discovered in 2014, was a memory-handling bug present in OpenSSL from version 1.0.1 through version 1.0.1f. OpenSSL 1.0.1g was the first version to fix the bug. By exploiting this vulnerability, an attacker can obtain a server’s private key, which could in turn allow the attacker to decrypt communications with the server or perform man-in-the-middle attacks against the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

FREAK

A

Factoring Attack on RSA-EXPORT Keys (FREAK) is a technique that can be used in a man-inthe-middle attack to force the downgrade of an RSA key to a weaker length. FREAK, which was discovered in 2015, enables an attacker to force the use of a weaker encryption key length, enabling the attacker to use brute force to decrypt messages sent between a vulnerable server and a vulnerable client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

certified ethical hacker (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions