Network threats Flashcards
What are the common Network Attacks?
DOS
Spoofing
Session Hijacking
Replay Attacks
Transitive Attacks
DNS Attacks
ARP Poisoning
What is a port?
Logical communication endpoint that exists on a computer or server
What is an inbound port
A logical communication opening on a serve that is listening for a connection from a client
What is an outbound port
Logical communication opening on a client that is used to send requests and data to another devices listening inbound port
What are the well known ports
0-1023 They are designated by IANA
What are the registered ports
1024-49,151 | Considered registered and assigned to proprietary protocols
What are the Dynamic\private ports
49,152 to 65,535 These can be used by any application without being registered by IANA
What is a DOS attack and the 5 main methods?
An attack with the intention of rendering a server or computer un-usable |
Common Methods:
Flood Attack
Fork Bomb
Ping of death
TearDrop
Permanent DOS
What are the different methods of flood attacks
Pingflood
Smurf Attachk
Fraggle Attack
SYN Attack
XMAS Attack
Describe a Smurf Attack
Attacker sends a ping to the subnet broadcast address, and devices reply with their IP, causing increase in bandwidth usage
Describe a Fraggle Attack
Attacker sends a UDP echo packet to port 7 and 19 to flood a server with UDP packets
SYN Attackes
Attacker iniciates multiple TCP session, but never completes the 3 way handshake
What is a Ping of death
Attack that sends an oversized and malformed packet to another computer or server
What is a Tear Drop Attack
Packets are broken into IP fragments, modified with overlapping and oversized payloads, and then sent to a vitcim
PDOS - what is it?
An attack which exploits a security flaw to permanently breaking a network device by flashing its firmware with unsigned software
Fork Bomb Attack
Attack that creates a large number of processes to consume processing resources on a PC. This is not a worm as it does not use the network to spread or infect programs
How do you stop a DOS or DDOS
Make use of blackholing \ Sinkholing through identifying ip routes and traffic to non-existent server through null interface. IPS can also help to prevent small-scale DDOS. Having an elastic cloud network infrastrutre can also aid in limiting success of DDOS
What is hijacking
Exploitation of a computer session in an attempt to gain unauthorized access to data, services or other resources.
What are the 8 forms of session hijacking
Session theft,
TCP\IP Hijacking,
Blind Hijacking,
Click Jacking,
MITM
Man in the Browser
Waterholing
XSS - Cross Site Scripting
What is Session Theft
Attacker guesses the session ID belonging to a web session. This enables them to take over the already active and authenticated session.
what is TCP\IP Hijacking
When an attacker takes over a TCP Session beyween two PCs without the need of a cookie or other host access.
TCP sessions only authenticate once durring the initial 3 way handshake. If the attacker can guess the next number in the packet sequence, they can jack the session.
What is blind hijacking
When an attacker blindly injects data into a communication stream without being able to see if the hijack was successful or not.
What is clickjacking
Attack that uses multiple transparent web layers to trick a user into clicking on a button or link on a website, while the user thinks what they are clicking on is legit
What is MITM
An attack that causes data to flow through the attackers computer where they can intercept and manipulate data
What is MITB
