Midterm 426 Flashcards
_____ defines list of reserved ports.
Internet Assigned Numbers Authority
Briefly explain TCP’s three-way handshake. (2 points)
- Each party selects Initial Sequence Number
- shows both parties are capable of receiving data
Briefly explain SYN flooding. (3 points)
- attacker sends many TCP SYN packets without responding to the SYN-ACK
- victim allocates resources
- once resources exhausted, requests from legitimate clients are denied
Briefly explain TCP Reset (RST) attack. (3 points)
- If RST header is set, the TCP connection is dropped
- Attackers can forge TCP packets from sender with RST header set
- Must set source IP, port IP, dest IP and port sequence number correct
What is the RST attack used for?
To stop traffic.
Briefly explain what is port scanning. (2 points)
To determine: 1) hosts on a network and 2) services they run.
Briefly explain what is SYN scanning. (3 points)
- generates raw IP packets with SYN flag
- monitor responses
- but does not open full TCP connection
Briefly explain what is UDP scanning.
When UDP port is not open, system responds with ICMP port unreachable message.
Briefly explain ACK scanning.
Determines if port is filtered or unfiltered by a firewall.
Briefly explain FIN scanning.
Closed ports reply to a FIN packet with the appropriate RST header.
Briefly explain X-MAS scan.
Similar to FIN scan, but sends packets with FIN, URG, and PUSH flags turned on.
What is the easiest way to create custom packets?
Using hping3.
What is device fingerprinting?
Information collected about the software and hardware of a remote computing device for the purpose of identification.
What does the Internet Protocol allows network and applications to do? (2 points)
Allows network to interoperate.
Allows applications to function on all networks.
Briefly explain what is IP - Spoofing (Blind)? (2 points)
Occurs when the attacker is not on the same subnet as the destination. Sends an IP packet with a source route specified.
Briefly explain what is IP-Spoofing (non-blind) ? (3 points)
- Attacker needs to know the TCP sequence numbers used in the TCP segments to hijack a session
- Successful guesses of TCP sequence numbers, the attacker can send a properly constructed ACK segment to the destination
- If the attacker’s ACK segment reaches the destination before the originator’s, the attacker becomes trusted
Why is IP fragmentation perfect for resource exhaustion attacks? (3 points)
- Difficult reassembly (must keep track of all fragments until packet is reassembled)
- Resource allocation is necessary
- Lots of fragments
Mention some important fields of IP fragmentation. (3 points)
- Total length
- Fragment offset
- Fragment ID
What does ARP do?
Locates a host’s link-layer (MAC) address.
Briefly explain ARP spoofing. (3 points)
- Each ARP response overwrites the previous entry in ARP table
- Forge ARP response
- Attacker impersonates the switch (Middle-person attacks)
Briefly mention the ARP spoofing defenses. (2 points)
- Smart switches that remember MAC addresses
- Switches that assign hosts to specific ports
What does DHCP do?
Dynamically assigning IP addresses to hosts in a network.
Which 4 types of messages does DHCP use?
Discover, Request (Client)
Offer, ACK (Server)
Briefly explain DHCP server spoofing. (3 points)
- Attacker operates a rogue DHCP server
- User can blindly start a DHCP communication with the attacker instead of the legitimate DHCP server on the network
- Host now has an IP address assigned not by the DHCP server, but by the attacker
