Network Attacks Flashcards

1
Q

Flood Attack

A

A specialized type of DoS which attempts to send more packets to a single server or host than they can handle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Ping Flood

A

An attacker attempts to flood the server by sending too many ICMP echo request packets (which are known as pings)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Smurf Attack

A

Attacker sends a ping to subnet broadcast address and devices reply to spoofed IP (victim server), using up bandwidth and processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Fraggle Attack

A

Attacker sends a UDP echo packet to port 7 (ECHO) and port 19 (CHARGEN) to flood a server with UDP packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SYN Flood

A

Variant on a Denial of Service (DOS) attack where attacker initiates multiple TCP sessions but never completes the 3-way handshake

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

XMAS Attack

A

A specialized network scan that sends the FIN, PSH, and URG flags set and can cause a device to crash or reboot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Ping of Death

A

An attack that sends an oversized and malformed packet to another computer or server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Teardrop Attack

A

Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Permanent DoS

A

Attack which exploits a security flaw to permanently break a networking device by reflashing its firmware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Fork Bomb

A

Attack that creates a large number of processes to use up the available processing power of a computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

DNS Amplification

A

Attack which relies on the large amount of DNS information that is sent in response to a spoofed query on behalf of the victimized server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Stopping DDoS

A

GitHub suffered a 1.35 Tbps DDoS

Blackholing or Sinkholing
▪ Identifies any attacking IP addresses and routes all their traffic to a nonexistent server through the null interface

An IPS can prevent a small-scale DDoS

Specialized security services cloud providers can stop DDoS attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Session Theft

A

Attacker guesses the session ID for a web session, enabling them to take over the already authorized session of the client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TCP/IP Hijacking

A

Occurs when an attacker takes over a TCP session between two computers without the need of a cookie or other host access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Blind Hijacking

A

Occurs when an attacker blindly injects data into the communication stream without being able to see if it is successful or not

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Clickjacking

A

Attack that uses multiple transparent layers to trick a user into clicking on a button or link on a page when they were intending to click on the actual page

17
Q

MITB

A

Man-in-the-Browser:
Occurs when a Trojan infects a vulnerable web browser and modifies the web pages or transactions being done within the browser

18
Q

Watering Hole

A

Occurs when malware is placed on a website that the attacker knows his potential victims will access

19
Q

Replay Attack

A

Network-based attack where a valid data transmission is fraudulently or malicious rebroadcast, repeated, or delayed

Multi-factor authentication can help prevent successful replay attacks

20
Q

Transitive Attacks

A

Transitive Attacks aren’t really an attack but more of a conceptual method

When security is sacrificed in favor of more efficient operations, additional risk exists

21
Q

DNS Poisoning

A

Occurs when the name resolution information is modified in the DNS server’s cache

If the cache is poisoned, then the user can be redirected to a malicious website

22
Q

Unauthorized Zone Transfer

A

Occurs when an attacker requests replication of the DNS information to their systems for use in planning future attacks

23
Q

Altered Hosts File

A

Occurs when an attacker modifies the host file to have the client bypass the DNS server and redirects them to an incorrect or malicious website

Windows stores the hosts file in the following directory:
\%systemroot%\system 32\drivers\etc

24
Q

Pharming

A

Occurs when an attacker redirects one website’s traffic to another website that is bogus or malicious

25
Q

Domain Name Kiting

A

Attack that exploits a process in the registration process for a domain name that keeps the domain name in limbo and cannot be registered by an authenticated buyer

26
Q

ARP Poisoning

A

Attack that exploits the IP address to MAC resolution in a network to steal, modify, or redirect frames within the local area network

Allows an attacker to essentially take over any sessions within the LAN

ARP Poisoning is prevented by VLAN segmentation and DHCP snooping