Network Attacks Flashcards

1
Q

DoS: TCP SYN Flood

A

Occurs when an attacker initiates multiple TCP sessions, but never completes them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DoS: Smurf Attack (ICMP Flood)

A

Occurs when an attacker sends a ping to a subnet broadcast address with the source IP spoofed to be that of the victim server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DDoS Attack

A

Occurs when an attacker uses multiple computers to ask for access to the same server at the same time.

(Ex: Botnet/Zombies)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

On-Path/Man-in-the-Middle Attack

A

Occurs when an attacker puts themselves between the victim and the intended destination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Session Hijacking

A

Occurs when an attacker guesses the session ID that is in use between a client/server and takes over the authenticated session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DNS Poisoning

A

Occurs when an attacker manipulates known vulnerabilities within the DNS to reroute traffic from one site to a fake version of that site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DNSSEC

A

Uses encrypted digital signatures when passing DNS info between servers to help protect it from poisoning

Ensure server has the latest security patches/updates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Rogue DHCP Server

A

A DHCP server on a network which is not under the administrative control of network admins

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IP Spoofing

A

Modifying the source address of an IP packet to hide the identity of the sender or impersonate another client (Layer 3)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ARP Spoofing

A

Sending falsified ARP messages over a LAN
Can be used as a precursor to other attacks

To avoid: Set up good VLAN segmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

VLAN Hopping

A

Ability to send traffic from one VLAN to another, bypassing the VLAN segmentation configured (Layer 2)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Double Tagging

A

Connecting to an interface on the switch using access mode with the same VLAN as the native untagged VLAN on the trunk

Attacker tries to reach a different VLAN using the vulnerabilities in the trunk port configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Switch Spoofing

A

Attempting to conduct a DTP (Dynamic Trunking Protocol) negotiation

To avoid: Disable dynamic switchport mode on your switchports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Malware

A

Designed to infiltrate a computer system & possibly damage it without the user’s knowledge/consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Virus

A

Made up of malicious code that is run on a machine without the user’s knowledge & infects it whenever the code is run

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Worm

A

A piece of malicious software that can replicate itself without user interaction

17
Q

RAT

A

Remote Access Trojan:

Provides the attacker with remote control of a victim machine

18
Q

Rootkit

A

Designed to gain admin control over a computer system or network device without being detected

19
Q

Rogue Access Point

A

A WAP that has been installed on a secure network without authorization from a local network admin

20
Q

Shadow IT

A

Use of IT systems/devices/software/apps/services without the explicit approval of the IT department

21
Q

Evil Twin

A

WAP that uses the same name as your own network

22
Q

Deauthentication

A

Attempts to interrupt communication between an ender user and a WAP

23
Q

Hybrid Attack

A

A combination of brute force & dictionary attacks

24
Q

Wireless Interception

A

Captures wireless data packets as they go across the airwaves

25
Q

Spearphishing

A

A more targeted form of phishing

26
Q

Whaling

A

Phishing focused on key executives within an organization

27
Q

Piggybacking

A

Similar to tailgating, but occurs with the employee’s knowledge/consent

28
Q

Logic Bomb

A

A specific type of malware that is tied to either a logical event or specific time