Network Security Attacks Flashcards
What are the Areas of Network Vulnerability
Ports
Routers
Servers
Communication Channels
What are Port Scanning attacks
A process which checks which ports are open and which are open, and listen to data arriving and leaving the port.
Name 3 Types of Port Scanning:
Vanilla
Scanner tries to connect to all I/O ports.
Strobe
Specialized scan looking for specific services.
Stealth Scanning
Fragmented packets can sometimes make it through filters in the firewall.
What are Router attacks and give an example
Router attacks can take advantage of vulnerabilities in protocols, inconsistencies in router software and weak authentication.
Wardriving - Drive around a neighbourhood to try and find unprotected wifi hotspots.
Physical Access to the router
Name 3 Denial Of Service (DOS) attacks
Bandwidth flood
Service request flood
SYN flood
describe a SYN flood attack
SYN are the synchronization packets used in TCP connections.
SYN flood attacks exploit the 3 way handshake for TCP connections, by sending multiple SYN packets to the destination, but never replying to the acknowledgement received.
This means the server will assume the acknowledgements did not arrive, thus will resend them again and again.
If packets are seen by the server as being lost, depending on the protocol in use, the system might even slow down if it thinks the network is congested (due to the packet loss). This will further slow down the system, increasing the effect of the DOS attack.
Name 3 aspects of Distributed Denial of Service (DDOS) attacks
Bot - A type of malicious software that gives the attacker full control over the computer.
Zombie - An internet connected computer infected with Bot.
Botnet- A collection of Zombies that together can be used to perform a DDOS attack.
Packet Sniffing
The attacker can snoop through packets going through the network.
Can overload switches and put them in a “promiscuous mode”.
Man in the Middle (MITM) attacks
The attacker intercepts the network communication from the server and the clients.
Spoofing attacks
ARP maps IP addresses to MAC addresses
In a spoofing attack, the attacker will map the IP address of the victim to their MAC address. This will redirect packets that were meant for the victim, to be delivered to the attacker instead.
In a LAN - Address Resolution Protocol
On the internet - DNS Protocol
Replay attack
Attacker “replays” a stream of communication to one of the parties.
This can be done for example to retrieve the password and username from the user, by “replaying” the communication that pertained to log in details.