CEHv8 BOOTCAMP: MODULE 03-SCANNING NETWORKS_SET-4 Flashcards
Describe Super Network Tunnel.
A 2-way http tunnel software connecting 2 computers that works like VPN tunneling but uses HTTP protocol to establish a connection.
Describe HTTP-Tunnel.
Acts as a socks server, allowing you to use your Internet applications safely despite restrictive firewalls.
What is SOCKet Secure (SOCKS)?
An internet protocol that routes network packets between a client and server through a proxy server.
What do attackers use OpenSSH for?
To encrypt and tunnel all traffic from a local machine to a remote machine to avoid detection by perimeter security controls.
What does Bitvise provide?
Secure remote login capabilities to windows workstations and servers.
Describe an Anonymizers.
- Removes all identifying information from the user’s computer while the user surfs the internet.
- Make activity on the Internet untraceable.
- Tools that allow you to bypass Internet censored websites.
What are 4 reasons to use anonymizers?
- Privacy and anonymity.
- Protects from online attacks.
- Access restricted content.
- Bypass IDS and Firewall rules.
What are 2 tools for Censorship Circumvention?
- Your-Freedom
* Psiphon
What is Psiphon?
A censorship circumvention system that allows users to bypass firewalls and access blocked sites in countries where the internet is censored.
What does IP spoofing refer to?
The procedure of an attacker changing his or her IP address so that he or she appears to be someone else.
What happens when a victim responds to a spoofed IP?
It goes back to the spoofed address and not the attacker’s real address.
What are 3 IP Spoofing detection techniques?
- Direct TTL Probes
- IP Identification Number
- TCP Flow Control Method
Describe Direct TTL Probes.
- Send packet to host of suspect spoofed packet that triggers reply and compare TTL with suspect packet; if the TTL in the reply is not the same as the packet being checked, it is a spoofed packet.
- This technique is successful when attacker is in different subnet from victim.
Describe IP Identification Number.
- Send probe to host of suspect spoofed traffic that triggers reply and compare IP ID with suspect traffic.
- If IP IDs are not in the near value of packet being checked, suspect traffic is spoofed.
- This technique is successful even if the attacker is in the same subnet.
Describe the TCP Flow Control Method.
- Attackers sending spoofed TCP packets, will not receive the target’s SYN-ACK packets.
- Attackers cannot therefore be responsive to change in the congestion window size.
- When received traffic continues after a window size is exhausted, most probably the packets are spoofed.