Comparing Common Attacks Flashcards
what attack typically changes data to impersonate another system or person?
Spoofing attack.
DoS attacks often use what other type of attack to acheive the goal of DoS?
Syn flood attack
What common attack is a form of active interception/eavesdropping
Man-In-The-Middle
How does ARP poisoning enable man-in-the-middle and DoS attacks?
It enables MITM attack because it associates both the gateway and victim machine with the MAC address of the attacker.
It can be used for DoS attacks by redirecting the internet gateway to a MAC address of a bogus machine
What type of attack would it be if a bogus MAC address was sent out to computers claiming it was the default gateway? What would happen?
ARP DoS attack
None of the computers could connect out the network because the MAC address for the default gateway is invalid.
How does DNS poisoning work and what’s the end result?
What can DNS servers implement to protect against these attacks?
changes the ip addresses associated with a CNAME to redirect users to a different website
SECDNS protects against DNS poisoning
Modifying the hosts file to include an entry that points a website to a different IP than it’s original address is known as what?
DNS Pharming
note - DNS pharming is essentially the same as DNS poisoning
What attack involves spoofing the source IP address as the victims machine and sends out ICMP packets as a broadcast to generate lots of replies to that machine?
Smurf attack [DNS amplification attacks work on the same principle but zone information is sent to the victim’s machine]
most authentication protocols can encrypt the what before it is sent across the network?
the password or the hash of the password
Which old Microsoft client authentication protocols are susceptible to pass the hash attacks? What can be used instead to eliminate the risk?
Lan Manager and NT Lan Manager (NTLM).
NTLMv2 or Kerberos authentication are not susceptible to pass the hash
What is a hash collision?
when the hashing algorithm creates the same hash from more than one word
what method of modifying passwords is used to thwart what types of password attacks? How?
Salting. It adds extra characters to the original password. Brute Force attacks and Rainbow table attacks will have less chance of success because they are looking for original spellings or character combinations
What attack involves an attacker capturing authentication credentials between two computers and then later using the same information to initiate communicate with one of them by impersonating one of the machines in the earlier capture?
Replay attack
Timestamps and sequence number thwart what type of attack? What commonly used Windows client authentication protocol uses it?
replay attacks
Kerberos
In an encryption/de-encryption attack, when the attacker knows all of the plaintext in a message and some of the cyphertext, what is the attack known as?
known plaintext