Gibson - Chapter 3: Exploring Network Technologies Flashcards
Sniffing Attack
answer
DoS & DDoS
answer
Poisoning Attack
answer
OSI (Open Systems Interconnection) model
answer
TCP (Transmission Control Protocol)
- provides connection-oriented traffic
- guaranteed delivery
- uses 3-way handshake
- SYN : SYN/ACK : ACK
Guaranteed delivery via 3- way handshake
- (vs best effort /connectionless UDP)
UDP (User Datagram Protocol)
- connectionless sessions (w/out 3-way handshake)
- best effort to deliver traffic (w/out extra traffic to ensure delivery
- ICMP traffic such as ping, audio/video, network based DoS
Best effort / connectionless
- (vs guaranteed delivery via 3- way handshake for TCP)
IP (Internet Protocol)
- identifies hosts in a TCP/IP network
- delivers traffic from one host to another using IP addressed
- IPv4 (32 bit dotted decimal)
- IPv6 (128 bit hexadecimal)
IP (Internet Protocol)
ICMP (Internet Control Message Protocol)
- used for testing basic connectivity
- tools include ping, pathping, tracert
- blocking ICMP prevents many DoS attacks
ICMP (Internet Control Message Protocol)
ARP (Address Resolution Protocol)
- resolves IPv4 addresses to MAC (Media Access Control) addresses
- ARP poisoning attacks redirect or interrupt network traffic
ARP (Address Resolution Protocol)
RTP (Real Time Transport Protocol)
- delivers audio & video over IP networks
- includes VoIP (Voice over Internet Protocol), streaming media, video teleconferencing etc
- unsecure
RTP (Real Time Transport Protocol)
SRTP (Secure Real-time Transport Protocol)
- provides encryption
- provides message authentication
- provides integrity
- protects against Replay Attacks
- can be used for both unicast and multicast transmissions
SRTP (Secure Real-time Transport Protocol)
SIP (Session Initiation Protocol)
- used to initiate, maintain, and terminate voice, video, and messaging sessions
- use request and response messages when establishing a session
- are text so easy to read if captured
- contain metadata about sessions (not data)
SIP (Session Initiation Protocol)
FTP (File Transfer Protocol)
- uploads and downloads large files to and from an FTP server
- by default transmits data in clear text
(Gibson 601; Chapter 3, pg 324)
TCP port 20/21
- TCP port 21 (for CONTROL SIGNALS)
— (both ACTIVE & PASSIVE MODE)
- TCP port 20 (for DATA in ACTIVE MODE)
- Passive (PASV) uses random DATA port
(Transmission Control Protocol)
TFTP (Trivial File Transfer Protocol)
- used to transfer smaller amounts data
– i.e. when communicating with network devices
- not essential protocol on most networks
- commonly disabled
(Gibson 601; Chapter 3, pg 324)
UDP port 69
SSH (Secure Shell)
- encrypts traffic in transit
- SSH + FTP = SFTP (Secure File Transfer Protocol)
- can also encrypt TCP Wrappers
— (TCP Wrappers are a type of access control list (ACL) used on Linux systems to filter traffic)
- Secure Copy (SCP) is based on SSH
(Gibson 601; Chapter 3, pg 324)
TCP port 22
SSL (Secure Sockets Layer)
primary encryption for HTTP (Hypertext Transfer Protocol)
compromised, replaced by TLS
