Network Attacks (4.2) Flashcards
Denial of Service (DoS) Attack
o Occurs when one machine continually floods a victim with requests for services
TCP SYN Flood
TCP SYN Flood
▪ Occurs when an attacker initiates multiple TCP sessions, but never
completes them
Smurf Attack (ICMP Flood)
▪ Occurs when an attacker sends a ping to a subnet broadcast address with
the source IP spoofed to be that of the victim server
Distributed Denial of Service (DDoS) Attack
▪ Occurs when an attacker uses multiple computers to ask for access to the
same server at the same time
Botnet
o A collection of compromised computers under the control
of a master node
Zombie
o Any of the individually compromised computers
On-Path/ Man-in-the-Middle (MITM) Attack
▪ Occurs when an attacker puts themselves between the victim and the
intended destination
Session Hijacking
▪ Occurs when an attacker guesses the session ID that is in use between a
client and a server and takes over the authenticated session
DNS Poisoning
▪ Occurs when an attacker manipulates known vulnerabilities within the
DNS to reroute traffic from one site to a fake version of that site
DNSSEC
▪ Uses encrypted digital signatures when passing DNS information between
servers to help protect it from poisoning
▪ Ensure server has the latest security patches and updates
Rogue DHCP Server
▪ A DHCP server on a network which is not under the administrative
control of the network administrators
Spoofing
▪ Occurs when an attacker masquerades as another person by falsifying
their identity
IP Spoofing
▪ Modifying the source address of an IP packet to hide the identity of the
sender or impersonate another client
▪ IP spoofing is focused at Layer 3 of the OSI model
MAC Spoofing
▪ Changing the MAC address to pretend the use of a different network
interface card or device
MAC Filtering
▪ Relies on a list of all known and authorized MAC addresses
ARP Spoofing
▪ Sending falsified ARP messages over a local area network
▪ ARP spoofing attack can be used as a precursor to other attacks
▪ Set up good VLAN segmentation within your network
VLAN Hopping
▪ Ability to send traffic from one VLAN into another, bypassing the VLAN
segmentation you have configured within your Layer 2 networks
Double Tagging
▪ Connecting to an interface on the switch using access mode with the
same VLAN as the native untagged VLAN on the trunk
Switch Spoofing
▪ Attempting to conduct a Dynamic Trunking Protocol (DTP) negotiation
▪ Disable dynamic switchport mode on your switchports
Malware
▪ Designed to infiltrate a computer system and possibly damage it without
the user’s knowledge or consent
Virus
▪ Made up of malicious code that is run on a machine without the user’s
knowledge and infects it whenever that code is run
Worm
▪ A piece of malicious software that can replicate itself without user
interaction
Trojan Horse
▪ A piece of malicious software disguised as a piece of harmless or
desirable software
Remote Access Trojan (RAT)
▪ Provides the attacker with remote control of a victim machine
Ransomware
▪ Restricts access to a victim’s computer system or files until a ransom or
payment is received
Spyware
▪ Gathers information about you without your consent
Key Logger
▪ Captures any key strokes made on the victim machine
Rootkit
▪ Designed to gain administrative control over a computer system or
network device without being detected
Rogue Access Point
▪ A wireless access point that has been installed on a secure network
without authorization from a local network administrator
Shadow IT
▪ Use of IT systems, devices, software, applications, or services without the
explicit approval of the IT department
Evil Twin
▪ Wireless access point that uses the same name as your own network
Deauthentication
▪ Attempts to interrupt communication between an end user and the
wireless access point
Dictionary Attack
▪ Guesses the password by attempting to check every single word or
phrase contained within a word list, called a dictionary
▪ Do not use anything that looks like a regular word
Brute Force Attack
▪ Tries every possible combination until they figure out the password
▪ Use a longer and more complicated password
Hybrid Attack
▪ Combination of dictionary and brute force attacks
Wireless Interception
▪ Captures wireless data packets as they go across the airwaves
Wireless Interception
▪ Captures wireless data packets as they go across the airwaves
Social Engineering
▪ Any attempt to manipulate users to reveal confidential information or
perform actions detrimental to a system’s security
▪ The weakest link is our end users and employees
Phishing
▪ Sending an email in an attempt to get a user to click a link
▪ Sending out emails to capture the most people and doesn’t really target
any particular person or group
Spearphishing
▪ More targeted form of phishing
Whaling
▪ Focused on key executives within an organization or other key leaders,
executives, and managers in the company
Tailgating
▪ Entering a secure portion of the organization’s building by following an
authorized person into the area without their knowledge or consent
Piggybacking
▪ Similar to tailgating, but occurs with the employee’s knowledge or
consent
Shoulder Surfing
▪ Coming up behind an employee and trying to use direct observation
to obtain information
Dumpster Diving
▪ Scavenging for personal or confidential information in garbage or
recycling containers
Insider Threat
o An employee or other trusted insider who uses their authorized network access
in unauthorized ways to harm the company
Logic Bomb
o A specific type of malware that is tied to either a logical event or a specific time
