Network Security

Question 1

Network attacks covered

Answer 1

Routing (BGP), Naming (DNS Reflection) [ddos, phishing]

Question 2

Why is internet vulenarable

Answer 2

Designed for simplicy, on by default, Host are insecure, Attacks can look like normal traffic, federated design

Question 3

What type of attacks are packet switch networks vulnerable to?

Answer 3

resource exhaustion

Question 4

Components of security?

Answer 4

Availability, confidentiality, Authenticity, Integrity

Question 5

Example of confidentiality attack

Answer 5

Man-in-the-middle or Eavesdropping

Question 6

How can eavesdropping be cared out in practice?

Answer 6

Someone on the same LAN could put their NIC into promiscuous mode and run a packet sniffer

Question 7

How can eavesdropping be used to execute an Authenticity attack?

Answer 7

Then man in the middle can modify some of the content that was sniffed and then reinject that into the network.

Question 8

What are the negative impacts of attacks against the components of security

Answer 8

Theft of confidential info, Unauthorized Use, False Info, Disruption of service

Question 9

Three types of control plane authentication

Answer 9

Session (point-to-point b/w routers), Path (protects AS path), Origin ensures that as advertising prefix is the owner.

Question 10

A route hijack is an attack on which type of authentecation

Answer 10

Origin

Question 11

How do routing attacks happen?

Answer 11

Config Error, Routers compromised, unscrupulous ISPs

Question 12

Most common routing attack?

Answer 12

Hijack

Question 13

Types of routing attacks

Answer 13

Config / Management s/w, Tamper w/software, Tamper w/routing data

Question 14

How does DNS masquerading work?

Answer 14

An AS advertises the ip to a known DNS server using BGP. This diverts traffic from the real nameserver. The attackers can then send different destination during name resolution

Question 15

MITM

Answer 15

Man in the middle

Question 16

AS poisoning

Answer 16

Allows an AS to become MITM. To get a route back to the origin, the ASs along the path back to the origin are prepended.

Question 17

How does prepending the addresses cause the AS along the path to keep the original path?

Answer 17

They sec (think) they already have the route and do not want to cause a loop

Question 18

How can MITM AS “hide”

Answer 18

Traceroute shows messages from hops when the TTL reaches zero. The routers in the AS never decrement the TTL

Question 19

Two types of session authentication

Answer 19

1. Using TCP’s md5 token m = message; MD5(m, k) shared secret. 2. TTL hack; the two ASs agree to use a TTL of 256. Aythign < 256 is dropped

Question 20

BGPSEC

Answer 20

Secure border gateway protocol

Question 21

Parts of BGPSEC

Answer 21

Origin Attestation: Certification binding prefix to owner signed by trusted party. Path attestation: signatures along the path

Question 22

How does Path attestation avoid replay attacks

Answer 22

They include the origin AS id before encrypting

Question 23

types of attacks path attestation can protect agains

Answer 23

hijacks, shortening, modification

Question 24

Attacks path attestations cannot protect against.

Answer 24

Suppression, Replay (some types), Cannot guarantee the traffic moves along the dedicated path.

Question 25

Why is dns vulnerable

Answer 25

Resolvers trust response, Responses can contain info unrelated to the query. No authentication

Question 26

SOA

Answer 26

Start of Authority

Question 27

How does DNS cache poisoning work

Answer 27

Attacker can send multiple A records with different IDs to the recursive resolver.

Question 28

What is the issue with IDs?

Answer 28

2^16 or 16 bit can easily match due to the birthday paradox

Question 29

Kaminsky Attack

Answer 29

Generate query for 1.google.com, 2.google.com, etc. While sending A records and stuffing in a bogus NS record

Question 30

Defenses to DNS cache poisoning

Answer 30

1. ID randomization, 2. Source port randomization, 3 “0x20 enconding

Question 31

What is 0x20 encoding?

Answer 31

The resolver and server agree on which characters in the domain will be upper or lower case

Question 32

DNS amplification attack?

Answer 32

attackers sends a request to the dns resolver and sets the victim as the source

Question 33

Why are they called amplification attacks?

Answer 33

The response from the dns resolver can be many times larger than the request