Network Level Attacks and Countermeasures Flashcards
Which of the following protocols distributes, inquiries into, retrieves, and posts news articles using a reliable stream-based transmission of news among the ARPA-Internet community?
NNTP: Network News Transfer Protocol (NNTP) distributes, inquires into, retrieves, and posts news articles using a reliable stream-based transmission of news among the ARPA-Internet community. However, this protocol fails to encrypt the data, which allows attackers to sniff sensitive information.
George, a professional hacker, targeted an organization’s server to cause reputational damage to the organization. For this purpose, he employed an ARP poisoning tool that forges ARP replies from the target server resulting in customers navigating to the attacker-owned host, which contains irrelevant information for the customers.
Which of the following tool helped George in the above scenario to perform an ARP poisoning attack?
Ettercap
is a free and open source network security tool for man-in-the-middle attacks on a LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows.
Which of the following countermeasures helps security teams defend against sniffing attacks?
Use static IP addresses and ARP tables
Rachel, a network pen tester, was inspecting her organization’s network and web applications and was testing whether they were vulnerable to service disruption. She utilized a tool that could perform network stress testing and perform a DoS attack by flooding the server with TCP packets to interrupt the normal services.
Which of the following tools was utilized by Rachel in the above scenario?
Low Orbit Ion Cannon (LOIC)
used for network stress testing, as well as denial of service (DoS) and distributed denial of service (DDoS) attacks.
Which of the following countermeasures helps security teams defend against DoS and DDoS attacks on the network and system?
Prevent the use of unnecessary functions such as gets and strcpy
The strcpy() is a library function available in string library in C. It is used to copy the character array pointed by the source to the location pointed by the destination. Or in easy terms, it copies the source string(character array) to the destination string(character array)
Jack, a professional hacker, has targeted a website that uses linear algorithms to create shorter session IDs for logged-in users. Jack created a forged valid session ID and logged in to other accounts by studying the sequential pattern.
Which of the following weaknesses has Jack exploited in the above scenario to hijack session IDs?
Weak session ID generation
David, a network administrator, was assigned to analyze the network for signatures of a session hijacking attack on an organization. David captured all the network traffic using packet sniffing tools and used various filters to find any repeated ARP update packets.
Which of the following methods has David employed in the above scenario to detect session hijacking attacks?
Manual method
Which of the following techniques does an attacker use to compromise the network switches’ security for sniffing all the traffic passing through it?
MAC flooding: Switches maintain a translation table that maps various MAC addresses to the physical ports on the switch. As a result, they can intelligently route packets from one host to another. However, switches have limited memory. MAC flooding makes use of this limitation to bombard switches with fake MAC addresses until the switches can no longer keep up.
Martin, a hacker, aimed to crash a target system. For this purpose, he spoofed the source IP address with the target’s IP address and sent many ICMP ECHO request packets to an IP broadcast network, causing all the hosts to respond to the received ICMP ECHO requests and ultimately crashing the target machine.
Identify the type of attack performed by Martin in the above scenario.
Smurf Attack - In a Smurf attack, the attacker spoofs the source IP address with the victim’s IP address and sends a large number of ICMP ECHO request packets to an IP broadcast network. This causes all the hosts on the broadcast network to respond to the received ICMP ECHO requests
In which of the following phases of session hijacking does an attacker change the sequence number or acknowledgment number (SEQ/ACK) of the server to halt data transmission to a legitimate user?
Session desynchronization
( Break the connection to the victim’s machine)