Chapter 4: Network Connectivity Flashcards
In which attack does the attacker send a TCP packet with all flags set, which is never used in routing communication?
XMAS attack
In which attack does the attacker send a routine packet to a network service, such as a connection request, and see what information is returned. The goal is to see the software and protocol versions supported, along with other information?
Banner grabbing
Which spoofing technique alters the source IP address which is often used to impersonate another device on the network?
IP Spoofing
Which spoofing technique alters the MAC address, sometimes to impersonate a specific device, and is only useful on the local network?
MAC Spoofing
Which MAC spoofing attack alters the MAC address to specifically impersonate another device and is only useful on the local network?
MAC cloning
Which MAC spoofing attack is used to compromise a switch by overwriting it’s MAC table cache. It involves spoofing many source MAC addresses?
MAC flooding
Which spoofing attack is often used in phishing attacks?
E-mail spoofing
Which spoofing attack is common in vishing attacks?
Caller ID spoofing
Which redirection attack uses spoofed ARP messages to alter the ARP cache of a target host or switch, associating a given IP address with a physical device of the attackers choice? It only works on local network segments.
ARP poisoning
Which redirection attack compromises or impersonates a DNS server to modify the DNS cache of a target host or DNS server? Typically used to associate a legitimate host or domain name with an IP address of the attacker’s choice.
DNS poisoning
Which redirection attack uses compromised or insecure pages manipulated by an attacker which can redirect users to malicious sites? These attacks are usually accomplished with malicious server-side scripts.
URL redirection
In which DNS poisoning attack does the attacker redirect traffic for a legitimate website to a malicious imitator. Like phishing, the attacker uses the site to distribute malware or harvest sensitive information.
Pharming
In which redirection attack does the attacker quickly re-register an expired domain
Domain hijacking
In which redirection attack does the attack compromise the VLAN protocol to allow the attacker to divert traffic across VLANs?
VLAN hopping
Which 2 packet types causes a DoS by confusing a host and causing undesired behavior?
oversized packets and malformed packets
Which DoS variant abuses the TCP connection by sending a constant stream of SYN packets used to open connections, but never responds?
SYN flood
Which password cracking technique tries every possible password in order until the right one is found?
Brute force
Which password cracking technique uses lists such as dictionaries or common passwords?
Dictionary attacks
Which password cracking technique targets many different usernames on the same system at one time using common passwords?
Password spraying
Which dictionary attack is based on stolen usernames and password pairs from another compromised system?
Credential stuffing
Which hash cracking technique exploits hash collisions in weaker hashing and digital signature algorithms?
Birthday attacks
Which hash cracking tool uses a pre-computed table?
Rainbow table
Which hash cracking technique steals the hash and then presents the stolen hash to access resources?
Pass the hash
Which On-path/MiTM attack intercepts data transmissions, especially those with authentication credentials or encryption key exchanges, then delays or resends them?
Replay attack
Which On-path/MiTM attack is a replay attack targeting secure websites using a stolen session ID?
Session replay
In which On-path/MiTM attack does the attacker take over the session immediately after the client logs in?
Session hijacking
In which On-path/MiTM attack does the attacker communicate with client either on HTTP or HTTPS via a fraudulent certificate and then the attacker establishes an HTTPS connection to the server?
SSL stripping
Which On-path/MiTM attack use an infected browser?
Browser based
Which technique uses a wireless sniffer and searches an area for wireless hotspots?
Wireless reconnaissance
In wireless attacks, when is PSK vulnerable?
when the password is weak
Is WEP and WPS considered secure?
No
WPA and WPA2 supports two encryption modes, TKIP and AES. Which of the two are considered secure?
AES
Which attack has a rogue access point with the same SSID and security settings as the legitimate AP?
Evil Twin
Which attack sends a packet with a spoofed address that de-authenticates a client from a Wi-Fi network? This can be used as a DoS, or as part of an Evil Twin attack.
Disassociation
Which Bluetooth vulnerability involves sending unsolicited messages to a Bluetooth device?
Bluejacking
Which Bluetooth vulnerability involves stealing or compromising data on a device, typically by pairing without the owner’s knowledge?
Bluesnarfing
Which mobile technology is intended for payment and authentication systems at close range, an is therefore a target of attackers?
Near-Field Communication (NFC)
Which technology has more range than NFC, and typically has fewer security features?
Radio Frequency Identification (RFID)
Which switch security feature tracks MAC addresses against switch ports?
Port security
Which switch security feature prevents rogue DHCP servers?
DHCP snooping
Which switch security feature prevents loops by detecting and disabling redundant connections. Uses Spanning Tree Protocol (STP)?
Loop protection
Which switch security feature prevents loops by disabling a port when it receives a bridge protocol data unit from another switch?
BPDU guard
Which switch security feature disables STP on a specific port by preventing it from sending or receiving BPDUs?
BPDU filter
Which switch security feature prevents a specific port from being selected as a root port?
Root guard
Which switch security feature adds additional checks to loop prevention by preventing switching loops caused by unidirectional links.
Loop guard
Which attack is prevented with a switch security feature that adds rate limiting features for broadcast or multicast traffic
Broadcast storm
Which switch security feature protects against SYN floods and similar attacks by enforcing a rate limit on communications that shouldn’t be a significant part of network traffic.
Flood guard
Which switch security feature is defined in IEEE 802.1AE and adds authentication and encryption to Layer 2 protocols over Ethernet such as ARP and DHCP? This can prevent many snooping, impersonation and DoS techniques.
MACsec
Which filtering technique looks at each packet in isolation?
stateless filtering
Which filtering technique inspects source and destination headers, and possibly some other TCP or UDP data, to determine whether the traffic is a new communication session or a continuation of an existing one? It keeps track of ongoing conversations in a state table.
Stateful filtering.
Also known as stateful packet inspection.
Which filtering technique involve application firewalls that are context-aware or application-aware because they don’t only monitor traffic and sessions, but the context information is transmitted in and the applications being used?
Deep Packet Inspection (DPI)
In which hardware attack an read ID cards and produce a working facsimile
Card cloning
What devices attaches to ATMs, looking to an unwary user like a normal part of the machine. In truth, they
simply capture the user’s card information and PIN
Skimmer
