Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CS426 > Midterm 426 > Flashcards

Midterm 426 Flashcards

1
Q

_____ defines list of reserved ports.

A

Internet Assigned Numbers Authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Briefly explain TCP’s three-way handshake. (2 points)

A
  • Each party selects Initial Sequence Number
  • shows both parties are capable of receiving data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Briefly explain SYN flooding. (3 points)

A
  • attacker sends many TCP SYN packets without responding to the SYN-ACK
  • victim allocates resources
  • once resources exhausted, requests from legitimate clients are denied
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Briefly explain TCP Reset (RST) attack. (3 points)

A
  • If RST header is set, the TCP connection is dropped
  • Attackers can forge TCP packets from sender with RST header set
  • Must set source IP, port IP, dest IP and port sequence number correct
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the RST attack used for?

A

To stop traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Briefly explain what is port scanning. (2 points)

A

To determine: 1) hosts on a network and 2) services they run.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Briefly explain what is SYN scanning. (3 points)

A
  • generates raw IP packets with SYN flag
  • monitor responses
  • but does not open full TCP connection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Briefly explain what is UDP scanning.

A

When UDP port is not open, system responds with ICMP port unreachable message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Briefly explain ACK scanning.

A

Determines if port is filtered or unfiltered by a firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Briefly explain FIN scanning.

A

Closed ports reply to a FIN packet with the appropriate RST header.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Briefly explain X-MAS scan.

A

Similar to FIN scan, but sends packets with FIN, URG, and PUSH flags turned on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the easiest way to create custom packets?

A

Using hping3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is device fingerprinting?

A

Information collected about the software and hardware of a remote computing device for the purpose of identification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does the Internet Protocol allows network and applications to do? (2 points)

A

Allows network to interoperate.
Allows applications to function on all networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Briefly explain what is IP - Spoofing (Blind)? (2 points)

A

Occurs when the attacker is not on the same subnet as the destination. Sends an IP packet with a source route specified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Briefly explain what is IP-Spoofing (non-blind) ? (3 points)

A
  • Attacker needs to know the TCP sequence numbers used in the TCP segments to hijack a session
  • Successful guesses of TCP sequence numbers, the attacker can send a properly constructed ACK segment to the destination
  • If the attacker’s ACK segment reaches the destination before the originator’s, the attacker becomes trusted
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Why is IP fragmentation perfect for resource exhaustion attacks? (3 points)

A
  • Difficult reassembly (must keep track of all fragments until packet is reassembled)
  • Resource allocation is necessary
  • Lots of fragments
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Mention some important fields of IP fragmentation. (3 points)

A
  • Total length
  • Fragment offset
  • Fragment ID
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does ARP do?

A

Locates a host’s link-layer (MAC) address.

20
Q

Briefly explain ARP spoofing. (3 points)

A
  • Each ARP response overwrites the previous entry in ARP table
  • Forge ARP response
  • Attacker impersonates the switch (Middle-person attacks)
21
Q

Briefly mention the ARP spoofing defenses. (2 points)

A
  • Smart switches that remember MAC addresses
  • Switches that assign hosts to specific ports
22
Q

What does DHCP do?

A

Dynamically assigning IP addresses to hosts in a network.

23
Q

Which 4 types of messages does DHCP use?

A

Discover, Request (Client)
Offer, ACK (Server)

24
Q

Briefly explain DHCP server spoofing. (3 points)

A
  • Attacker operates a rogue DHCP server
  • User can blindly start a DHCP communication with the attacker instead of the legitimate DHCP server on the network
  • Host now has an IP address assigned not by the DHCP server, but by the attacker
25
Q

Briefly explain DHCP starvation. (3 points)

A

Goal: exhaust the address space available to the DHCP server.
- Attacker sends a flood of fake DHCP Discover messages with spoofed MAC addresses
- All available IP addresses are then reserved

26
Q

How does DHCP snooping protect the network from the man-in-middle attack? (4 points)

A
  • DHCP server is connected to the port Fa0/11
  • Configure DHCP snooping to allow Offer/ACK messages only on this port
  • The switch will accept Offer/ACK messages only on the ports that are configured as the allowed ports
  • If it receives Offer/ACK messages that are not configured as the allowed ports, messages are discarded
27
Q

How does DHCP snooping prevent DoS attack? (3 points)

A
  • Maintain a record of all offered/leased IP addresses in the DHCP binding table
  • When it receives a Discovery/Request message on an untrusted port, it reads the MAC address of the message
  • If it finds an entry in the DHCP binding table, it discards the message
28
Q

What is a DNS zone?

A

A distinct part of the domain namespace which is delegated to a legal entity – a person, organization or company responsible for maintaining the DNS zone

29
Q

What are some DNS record types? (6 points)

A

A: IPv4
AAAA: IPv6
CNAME: alias
MX: MTA
SOA: Authoritative info
TXT: notes + machine-readable data

30
Q

What are the bailiwick rules? (3 points)

A
  • Root servers can return any record
  • TLD servers can return anything within that TLD
  • Ns.bank.com can return anything for bank.com
31
Q

Briefly explain key exchange/management.

A

Allows A and B to agree on a shared (session) key, which is then used for communication during that session in the authenticated manner.

32
Q

What are some attacks against RSA? (2 points)

A
  • Probably message attack (encrypt all possible plaintext messages). Solution: pad the plaintext messages with random message
  • Timing attacks. Recover the private key from the runtime of the decryption algorithm.
33
Q

Digital signatures: expected to be ____ under ____.

A

existentially unforgeable; adaptive chosen-message attack

34
Q

What attack can be used against DH?

A

Middle-person attack.

35
Q

3 ways of distributing public keys?

A
  • Public announcement or public directory
  • Public-key certificate
  • Certificate Authority (CA)
36
Q

X.509 certificates are used in ___ and ___.

A

IPsec; SSL/TLS

37
Q

What is X.509 for? (2 points)

A
  • specifies certificate directory service
  • specifies a set of authentication protocols
38
Q

What are some characteristics of certificate logs? (4 points)

A
  • public auditable, append-only records of certificate
  • anyone (including CA) can submit certificates to a log
  • anyone can query a log for a cryptographic proof
  • the number of log servers is small
39
Q

What does monitors do (CA)? (2 points)

A
  • Periodically contact all of the log servers
  • watch for suspicious certificates
40
Q

What does auditors do (CA)? (2 points)

A
  • Verify that the log is behaving properly
  • verify that a particular certificate has been logged
41
Q

What are some weaknesses of shared secret authentication? (2 points)

A
  • Authentication is not mutual
  • off-line password guessing attack (if shared key from password)
42
Q

What are some weaknesses of public key authentication? (2 points)

A
  • the adversary can trick A into signing
  • A must use a different key for authentication
43
Q

How to avoid reflection attacks (web authentication)? (2 points)

A
  • A and B must do different things
  • the initiator should be the first to prove its identity
44
Q

What are some limitation for KDC issuing ticket E to B relayed through A? (2 points)

A
  • the adversary can replay E
  • must still be followed by mutual authentication using Kab
45
Q

Briefly smurf attack. (5 points)

A
  • generate fake Echo request containing a spoof source IP
  • the request is sent to an intermediate IP broadcast network
  • the request is transmitted to all of network hosts in the network
  • each host sends an ICMP response to the spoofed source address
  • with enough ICMP responses forwarded, the target server is brought down

CS426 (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions