Identifying Network Attacks

Question 1

Rogue Access Points

Answer 1

Bad access point that they might use jamming of the legitimate access points to force you to use it.

Question 2

Evil Twin

Answer 2

Rogue access point using the same SSID as a legitimate one.

Question 3

Bluejacking

Answer 3

Sending unauthorized messages or data to an unexpected user to a user with bluetooth in discovery mode.

Question 4

OBEX

Answer 4

Object Exchange protocol (used for sending contact cards and such through phone bluetooth)

Question 5

Bluesnarfing

Answer 5

Uses Bluetooth to pull data from a users phone when it is discovery mode.

Question 6

Dissociation

Answer 6

Create DOS by telling the network to disconnect a device from the network

Question 7

Jamming

Answer 7

Sending out RF noise to Wi-Fi channels making them unusable.

Question 8

RFID

Answer 8

Radio Frequency Identification is a chip used for mostly inventory tracking. Can be active or passive. Active sends out a signal. Passive has a range of about 1-3 feet.

Question 9

Near Field Communication (NFC)

Answer 9

Google/Apple Pay. Couple inch communication. Can be used by malicious people to grab data from your device.

Question 10

IV Attack

Answer 10

Initialization Vector Attack. Weaker encryption like WEP would repeat quickly so attackers would flood the network and sniff the packets to find the IV and then gain access.

Question 11

WEP

Answer 11

24 bit encryption used in Wireless that is essentially depricated. Used an RC4 stream and sent in clear text.

Question 12

WPA

Answer 12

Used TKIP with 128 bit encryption. Has been cracked.

Question 13

WPA2

Answer 13

Uses AES-CCMP with 128 bit encryption. Has a 48 bit IV (Initialization Vector) which makes it exponentially stronger than WEP’s 24bit.

Question 14

On-Path Attacks (Man in the Middle)

Answer 14

Pineapple

Question 15

Man in the Browser Attack

Answer 15

Installs bad code in the browser. Could capture data on banking sites etc.

Question 16

ARP Poisoning

Answer 16

Sends out a spoofed ARP messaged to the LAN (Local Area Network). Allows attacker to intercept data.

Question 17

ARP

Answer 17

Address Resolution Protocol. Resolves an IP address to a MAC address. Layer 3 (IP Address) to a Layer 1 (Physical machine).

Question 18

IP/MAC Spoofing

Answer 18

Making your IP or Mac address be that of another user.

Question 19

MAC Flooding

Answer 19

The switch normally sorts the traffic to the correct MAC address. This attack sends tons of Ethernet frames filling the MAC table on the switch. The switch will then tweak out and start sending out data to all ports cause it doesn’t know where to go resulting in either a DOS attack or allowing the attacker to receive all those packets.

Question 20

MAC Cloning

Answer 20

Changing the MAC address of a network interface card (NIC).

Question 21

DNS Poisoning

Answer 21

Telling the DNS to point to an incorrect IP Address. Direct traffic such as credentials to go to a fake site.

Question 22

Typo Squatting/URL Hijacking

Answer 22

Misspelled URLs like microsft that attackers are holding the site.

Question 23

DDoS

Answer 23

Large scale DoS attack. Can use bots

Question 24

Smurf Attack

Answer 24

DDoS attack that spoofs a victims IP and pings a bunch of resources so that they ping back and flood the victims IP slowing it down or making the computer unusuable.

Question 25

ICMP

Answer 25

Internet Control Message Protocol (PING)