Chap3-1

Question 1

Physical Layer attacks- Cut cable & barrier to radio waves It is called ……….. and it affects ……………

Answer 1

It is called disconnection

It affects Availability

Question 2

Physical Layer attack- Tapping on wire/cable It is called ………… and it affects ………

Answer 2

It is called Eavesdropping,

It affects Confidentiality

Question 3

Physical Layer attack - Interference and Jamming like …….. it affects ………….

Answer 3

Provide 120 v ac in a cable to cause damage

Availability

Question 4

Physical Layer attack - Interception like ……….. it affects ……………….

Answer 4

Splice a cable with attacker in between, Can change messages

Integrity

Question 5

How we can Attack CSMA/Cd and what it will result in nd what it affects

Answer 5

Keep transmitting Brute force;
Denial of service
Affects Availability

Question 6

CAM Table

Answer 6

Content addressable Memory

Question 7

CAM table stores information such …………..

Answer 7

MAC address

Question 8

All CAM tables have fixed size

Answer 8

TRUE

Question 9

MAC Flooding Attack

Answer 9

MACOF tool keep sending random source MAC and IP address, this will lead to flooding the CAM table

Question 10

Macof is a tool that can flood a switch with a lot of mac addresses

Answer 10

TRUE

Question 11

Countermeasures for MAC Flooding

Attack

Answer 11

1-) Port Security, Allows you to specify MAC addresses for each port , upoon detection of invalid MAC block it
2-) SMART CAM table
Active hosts never get overwritten
Time our inactive entries
3-) Speak first
Require host to send traffic first

Question 12

MAC address spoofing

Answer 12

Tools to change MAC address like SMAC on windows

Question 13

DHCP

Answer 13

Dynamic Host Configuration Protocol is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP

Question 14

DHCP Function

Answer 14

Dynamically assigns IP addresses and configuration information on demand

Question 15

DHCP attack (tool is called DHCPx / Gobbler)

Answer 15

Tool looks at entire DHCP and tries to lease all DHCP addresses

It is called Denial of Service

Question 16

Countermeasures for DHCP attack

Answer 16

Restrict number of MAC addresses on a port

Will not able to lease more IP addresses than MAC addresses

Question 17

What can attacker do if he is the DHCP server

Answer 17

He can send wrong configuration like himself as default gateway

Question 18

DHCP snooping

Answer 18

It is like a firewall between untrusted hosts and trusted DHCP servers

Question 19

e

Answer 19

e

Question 20

DHCP Man-in-the-Middle Attack

Answer 20

Spoofing MAC addresses where attacker can obtain all MAC

Block other machines from gettting on Network

Set up a fake DHCP server and set default gateway to attacker IP

Question 21

Countermeasures for DHCP MIM

Answer 21

Authentication of the remote system

Question 22

ARP - Address Resolution Protocol

Answer 22

Map IP address to MAC address

Question 23

ARP- Attacks

ARP cache poisoning

Answer 23

Replace entries with your own entries which will lead to session hijacking, man in the middle attacks, Denial of sercvice

Question 24

ARP attack tool example is ettercap

Answer 24

TRUE

Question 24

ARP attack tool example is ettercap

Answer 24

TRUE

Question 25

Solution to ARP poisoning attack

Answer 25

Smart switches that keep track of MACs

Question 26

ARP attack clean up

Answer 26

Attacker corrects ARP tables entries & traffic flows return to normal

Question 27

Countermeasures to ARP attacks

Answer 27

Dynamic ARP Inspection, if there is non matching then it is an attacker and it will get blocked

Question 28

ARP: Man-in-the-middle Attack

Answer 28

Some servers use IP addresses for authentication. This is the case for many application like Apache, attacker let the server believe the evil host (E) has the legitimate IP, he will take the traffic and forwarded to the trusted host

Question 29

Man-in-the-middle Attack difficulties

Answer 29

evil host E, trusted host T, and server S. T might broadcast new ARPs, which can correct S's ARP cache. S then sends TCP replies to T, who will send back TCP reset to S (because such TCP connection does not exist between S and T). This will end the evil host's connection with S.  Solution for proper attack:  Shutdown T (denial of service)  Flood S with forged ARP message  Prevent T from sending ARP broadcast: how? give T everything before it needs them

Question 30

ARP Cache Poisoning Protection

Answer 30

 Use intrusion detection tools: detect fake ARP messages and maintain consistency of the ARP table Use strong authentication rather than source IP address. VPN protocols like SSH