Network Attacks Flashcards
Network Attacks
o Denial of Service o Spoofing o Hijacking o Replay o Transitive Attacks o DNS attacks o ARP Poisoning
Port
A logical communication endpoint that exists on a computer or server
Inbound Port
A logical communication opening on a server that is listening for a connection from a client
Outbound Port
A logical communication opening created on a client in order to call out to a server that is listening for a connection
Ports can be any number between
0 and 65,535
Well-Known Ports
Ports 0 to 1023 are considered well-known and are assigned by the Internet Assigned Numbers Authority (IANA)
Registered Ports
Ports 1024 to 49,151 are considered registered and are usually assigned to proprietary protocols
Dynamic or Private Ports
Ports 49,152 to 65,535 can be used by any application without being registered with IANA
Denial of Service
Attacks which attempt to make a computer or server’s resources unavailable
- Flood Attacks
- Ping of Death
- Teardrop Attack
- Permanent DoS
- Fork Bomb
Flood Attack
A specialized type of DoS which attempts to send more packets to a single server or host than they can handle
Ping Flood
An attacker attempts to flood the server by sending too many ICMP echo request packets (which are known as pings)
Smurf Attack
Attacker sends a ping to subnet broadcast address and devices reply to spoofed IP (victim server), using up bandwidth and processing
Fraggle Attack
Attacker sends a UDP echo packet to port 7 (ECHO) and port 19 (CHARGEN) to flood a server with UDP packets
SYN Flood
Variant on a Denial of Service (DOS) attack where attacker initiates multiple TCP sessions but never completes the 3-way handshake
Flood guards, time outs, and an IPS can prevent SYN Floods
XMAS Attack
A specialized network scan that sets the FIN, PSH, and URG flags set and can cause a device to crash or reboot
Ping of Death
An attack that sends an oversized and malformed packet to another computer or server
Teardrop Attack
Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine
Permanent Denial of Service
Attack which exploits a security flaw to permanently break a networking device by reflashing its firmware
Fork Bomb
Attack that creates a large number of processes to use up the available processing power of a computer
Distributed Denial of Service (DDoS)
A group of compromised systems attack simultaneously a single target to create a Denial of Service (DOS)
DNS Amplification
Attack which relies on the large amount of DNS information that is sent in response to a spoofed query on behalf of the victimized server
Blackholing or Sinkholing
Stopping a DDoS
Identifies any attacking IP addresses and routes all their traffic to a nonexistent server through the null interface
Spoofing
§ Occurs when an attacker masquerades as another person by falsifying their identity
§ Anything that uniquely identifies a user or system can be spoofed
§ Proper authentication is used to detect and prevent spoofing
Hijacking
§ Exploitation of a computer session in an attempt to gain unauthorized access to data, services, or other resources on a computer or server
Types of Hijacking
§ Session theft § TCP/IP hijacking § Blind hijacking § Clickjacking § Man-in-the-Middle § Man-in-the-Browser § Watering hole § Cross-site scripting
Session Theft
Attacker guesses the session ID for a web session, enabling them to take over the already authorized session of the client
TCP/IP Hijacking
Occurs when an attacker takes over a TCP session between two computers without the need of a cookie or other host access
Blind Hijacking
Occurs when an attacker blindly injects data into the communication stream without being able to see if it is successful or not
Clickjacking
Attack that uses multiple transparent layers to trick a user into clicking on a button or link on a page when they were intending to click on the actual page
Man-in-the-Middle (MITM)
Attack that causes data to flow through the attacker’s computer where
they can intercept or manipulate the data
Man-in-the-Browser (MITB)
Occurs when a Trojan infects a vulnerable web browser and modifies the web pages or transactions being done within the browser
Watering Hole
Occurs when malware is placed on a website that the attacker knows his potential victims will access
Replay Attack
§ Network-based attack where a valid data transmission is fraudulently or malicious rebroadcast, repeated, or delayed
§ Multi-factor authentication can help prevent successful replay attacks
DNS Poisoning
§ Occurs when the name resolution information is modified in the DNS server’s cache
§ If the cache is poisoned, then the user can be redirected to a malicious website
Unauthorized Zone Transfer
Occurs when an attacker requests replication of the DNS information to their systems for use in planning future attacks
Altered Hosts File
Occurs when an attacker modifies the host file to have the client bypass the DNS server and redirects them to an incorrect or malicious website
Pharming
Occurs when an attacker redirects one website’s traffic to another website that is bogus or malicious
Domain Name Kiting
Attack that exploits a process in the registration process for a domain name that keeps the domain name in limbo and cannot be registered by an authenticated buyer
ARP Poisoning
§ Attack that exploits the IP address to MAC resolution in a network to steal, modify, or redirect frames within the local area network
§ Allows an attacker to essentially take over any sessions within the LAN
§ ARP Poisoning is prevented by VLAN segmentation and DHCP snooping