Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH > Module 08: Sniffing > Flashcards

Module 08: Sniffing Flashcards

1
Q

How can you configure a NIC to process frames not addressed to you?

A

Promiscuous mode enables a NIC to process frames not directly addressed to it.

  • Normal Mode: By default, a NIC only processes frames addressed to its own MAC address or broadcast frames meant for everyone.
  • Promiscuous Mode: When you enable promiscuous mode, the NIC will capture all frames on the network segment, regardless of the destination MAC address.

This mode is essential for sniffing and packet analysis because it allows tools like Wireshark or tcpdump to capture all network traffic that reaches the NIC, not just traffic specifically meant for that device.

Enabling promiscuous mode is helpful for network diagnostics, security monitoring, and packet analysis, allowing you to see all data flowing on the network segment, which is essential for effective sniffing. Here you process every frame we see without discrimination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

MAC Flooding

A

Overloads a network switch’s MAC address table with fake addresses, causing it to broadcast all traffic; tools like macof can be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DNS Poisoning

A

Redirects users to malicious sites by corrupting DNS records with fake IP addresses; dnsspoof and Ettercap are common tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ARP Poisoning

A

Alters the ARP cache of network devices to redirect traffic through an attacker’s device, often performed using arpspoof or Ettercap.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DHCP attacks

A

Exploits DHCP to assign incorrect IP information, often to hijack network traffic; Yersinia can execute DHCP starvation or rogue DHCP attacks.

DHCP starvation is an attack that exhausts the available IP addresses in a network’s DHCP pool by flooding the DHCP server with numerous fake DHCP requests. Each request appears to come from a unique, random MAC address, causing the server to allocate all its IP addresses to non-existent devices.

Purpose of DHCP Starvation
This attack can:

Prevent legitimate devices from obtaining an IP address, effectively blocking them from accessing the network.
Be a precursor to a rogue DHCP server attack, where the attacker sets up a fake DHCP server to control IP assignments and intercept traffic.
Common Tools
Yersinia and dhcpstarv are often used to perform DHCP starvation attacks by automating the flood of DHCP requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Switch port stealing

A

Tricks a switch into forwarding traffic to the attacker by sending fake MAC addresses, typically performed with macof.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Spoofing attack (impersonation)

A

Impersonates another device or user by faking IP or MAC addresses to gain unauthorized access; tools like hping3 and Scapy facilitate spoofing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CEH (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions