CEHv8 BOOTCAMP: MODULE 03-SCANNING NETWORKS_SET-4 Flashcards
Describe Super Network Tunnel.
A 2-way http tunnel software connecting 2 computers that works like VPN tunneling but uses HTTP protocol to establish a connection.
Describe HTTP-Tunnel.
Acts as a socks server, allowing you to use your Internet applications safely despite restrictive firewalls.
What is SOCKet Secure (SOCKS)?
An internet protocol that routes network packets between a client and server through a proxy server.
What do attackers use OpenSSH for?
To encrypt and tunnel all traffic from a local machine to a remote machine to avoid detection by perimeter security controls.
What does Bitvise provide?
Secure remote login capabilities to windows workstations and servers.
Describe an Anonymizers.
- Removes all identifying information from the user’s computer while the user surfs the internet.
- Make activity on the Internet untraceable.
- Tools that allow you to bypass Internet censored websites.
What are 4 reasons to use anonymizers?
- Privacy and anonymity.
- Protects from online attacks.
- Access restricted content.
- Bypass IDS and Firewall rules.
What are 2 tools for Censorship Circumvention?
- Your-Freedom
* Psiphon
What is Psiphon?
A censorship circumvention system that allows users to bypass firewalls and access blocked sites in countries where the internet is censored.
What does IP spoofing refer to?
The procedure of an attacker changing his or her IP address so that he or she appears to be someone else.
What happens when a victim responds to a spoofed IP?
It goes back to the spoofed address and not the attacker’s real address.
What are 3 IP Spoofing detection techniques?
- Direct TTL Probes
- IP Identification Number
- TCP Flow Control Method
Describe Direct TTL Probes.
- Send packet to host of suspect spoofed packet that triggers reply and compare TTL with suspect packet; if the TTL in the reply is not the same as the packet being checked, it is a spoofed packet.
- This technique is successful when attacker is in different subnet from victim.
Describe IP Identification Number.
- Send probe to host of suspect spoofed traffic that triggers reply and compare IP ID with suspect traffic.
- If IP IDs are not in the near value of packet being checked, suspect traffic is spoofed.
- This technique is successful even if the attacker is in the same subnet.
Describe the TCP Flow Control Method.
- Attackers sending spoofed TCP packets, will not receive the target’s SYN-ACK packets.
- Attackers cannot therefore be responsive to change in the congestion window size.
- When received traffic continues after a window size is exhausted, most probably the packets are spoofed.
What are some IP Spoofing Countermeasures?
- Limit access to configuration information on a machine
- Do not rely on IP-based authentication
- Use random initial sequence numbers
- Strictly filter use of ICMP
- Ingress Filtering – Use router filters to prevent packets from entering your network
- Reduce TTLs in TCP/IP requests
- Egress Filtering – Use filters to prevent packets from leaving your network
- Block private or unauthorized IP addresses using access control lists
- Encrypt all network traffic
- Use multiple firewalls providing multi-layered depth of protection
What is Scanning Pen Testing?
A method to determine the network’s security posture by identifying live systems, discovering open ports, associating services and grabbing system banners to simulate a network hacking attempt
What are 5 things that penetration testing reports will help a system administrator to do?
- Close unused ports
- Disable unnecessary services
- Hide or customize banners
- Troubleshoot service configuration errors
- Calibrate firewall rules
What is the first step in Scanning Pen Testing?
Perform host discovery
What is the last step in Scanning Pen Testing?
Document all findings
