quiz Flashcards
Subnet Spoofing
Generate random addresses within a given address space
Random Spoofing
Generate 32-bit numbers and stamp packets with them
Fixed Spoofing
The spoofed address is the address of the target
Server Application DOS attack
The attack is targeted to a specific application on a server
Network Access DOS attack
The attack is used to overload or crash the communication mechanism of a network
Infrastructure DOS attack
The motivation of this attack is a crucial service of a global internet operation, for example core router
Random Scanning
Each compromised computer probes random addresses
Permutation Scanning
All compromised computers share a common pseudo-random permutation of the IP address space
Signpost Scanning
Uses the communication patterns of the compromised computer to find new target
Hitlist Scanning
A portion of a list of targets is supplied to a compromised computer
Which of these are the reasons why the UDP-based NTP protocol is particularly vulnerable to amplification attacks?
A small command can generate a large response.
Vulnerable to source IP spoofing.
It is difficult to ensure computers communicate only with legitimateNTP servers
The server must reject all TCP options because the server discards the SYN queue entry. T or F?
True
With regards to a UDP flood attack, which of the following statements are true
Attackers can spoof the IP address of their UDP packets. Firewalls cannot stop a flood because the firewall is susceptible to flooding
Client puzzles should be stateless. T/F
True
Puzzle complexity should increase as the strength of the attack increases. TF
True
Which of the folloiwing are assumptions that can be made about Traceback?
Attackers may work alone or in groups
Select all the statements that are true for the edge sampling:
Multiple attackers can be identified since edge identifies splits in reverse path.
Requires space in IP packet header
Self defense against reflector attacks should incorporate:
Server redundancy- servers should be located in multiple networks and locations.
Traffic limiting - traffic from a name server should be limited to reasonable tresholds
Deep web
It is not indexed by standard search engines
Dark web
Web content that exists on darknets
Surface web
Readily available to the public, and searchable with standard search engines
Doorway pages
A webpage that lists many keywords, in hopes of increasing search engine ranking. Scripts on the page redirect to the attackers page.
Crypters
A program that hides malicious code from anti virus software
Blackhat search engine optimizer
It increases traffic to the attacker’s site by manipulating search engine
Trojan download manager
Software that allows an attacker to update or install malware on a victim’s computer
What are the two defining characteristics of the internet spam?
Inappropriate or irrelevant
Large number of recipients
Name the top three countries where spam directed visitors added items to their shopping cart
US
Canada
Philippines
Which events should trigger a penetration test
Apps are addred or modified
End user policies are changed
Security patches are installed
Infrastructure is added or modified
List the steps attackers use to access RSA adobe flash software
Identify employees are vulneralbe
Craft an email subject line that entices an employee to open it
Hide an executable file in the email that will install onto the victim’s computer when email is opened
Flash or CD autoplay attack
A flash is created that has a program that creates a connection to the exploit server
Reverse shell applet attack
A signed JAVA applet is sent to the user, if they accept it, a shell is sent back to the exploit server
Click logger attack
Used to determine which users click on links in emails
Download connection attack
An email contains an attachment, when the attackment is downloaded an connection is made to the exploit server
ON the pie chart, what are the top 3 industries that were targets in 2016?
Defense contractor
restaurant
software
Tier one
A network can reach every other network through peering
Tier 2
A network that peers some of its network access and purchases some of it
Tier 3
A netowkr that purchases all transit from other networks
ip PROVIDES ONLY BEST EFFORT DELIVERY, ITS NOT GUARANTEED
True
Due the connectionless nature of IP, data corruption, packet loss, dupelication, and out of order delivery can occur
True
Network layer controls can protect data within the packets as well as the IP info for each packet
True
IP information cannot be protected by transport layer controls
True
Address resolution protocol (ARP)
Protocol designed to map IP network addresses to the hardware address used by a data link protocol
Open shortest path first (OSPF)
protocol uses a link state routing algorithm and falls into the group of interior routing protocols
Border gateway protocol (BGP)
protocol designed to exchange routing and reachability information among autonomous system(AS)
Denial of service
Create a false route or kill a legitimate one
Sniffing
The attacker must control a device along the victim’s commuinication path
Routing to endpoints in malicious networks
The first step is to hijack traffic from a legitimate host
Creating route instabilities
Not yet used by hackers because damage cannot be contained. it can blockback to the attacker
Revelation of network topologies
Unmasking the AS relationships by hacking the routing table
Domain name
A name in the DNS format
DNS zone
A set of names under the same authority (ie “.com”)
Delegation
Transfer of authority for/to a subdomain
changing a domain name into an IP address involves a large number of steps. To save time, the records are <> on a local server for reuse later
Cached
Each record hs a <> that states how long a record can be kept for future use
TTL
All domain names and IP addresses are stored at the central registry
True
It can take several days for information to propagete to all DNS servers
TRUE
The attacker’s server responds with a short TTL record, the attacker needs to register a domain and delegate it to a server under his control. The attacker exploits the smae origin policy
True
Using components with known vulnerabilities
Uses unpatched third party components
Missing function level access control
Privileage functionality is hidden rather than enforced through access controls
Sensitive data exposure
Abuses lack of data encryption
Insecure direct object references
Attacker modify file names
Security misconfiguration
exploits misconfigured servers
cross site scripting
insert javascript into trusted sites
Broken authentication and session
program flaws allow bypass of authentication methods
Injection
modifies back end statement through user input
Given the list of attributes, which 2 should not be combined? put a check next to the 2 attributes that should not be combined in sandbox
allow same origin
allow scripts
CSP will allow third party widgets( eg Google +1 button) to be embedded on your site
True
If you have thrid party forum software that has inline script, CSP cannot be used
False
CORS allows cross-domain communication from the brwoser
CORS requires coordination between server and client
True
CORS is not widely supported by browsers
The cors header can be used to secure resources on a website
false
The token must be stored somewhere
Tokens expire, but there should be mechanisms to revoke them if necessary
true
Active session hijacking involves disconnecting the user from the server once that user is logged on. Social engineering is required to perform this type of hijacking
true
Select all the items that can be encrypted by HTTPS
Request URL
Query paramaters
Headers
Cookies
Which of the following are real disadvantages to useing HTTPS
You need to buy an SSL cert
Mixed modes issue-loading insecure content on a secure site
proxy cahcing problems - prublic caching cannot occur
According to Wikipedia, which of these devices is a mobile device
Smart phone held by person
Self driving car
robot
list 4 areas of the C based toolchain where ahrdening can occur
Configuration
Preprocessor
Compiler
Linker
Which of these behaviors are indiciative of botnets
Linking to an extablished C&C server
Generating Internet relay chat (IRC) traffic using specific range of ports
Generating SMTP emails /traffic
Reducing/ Generating simultaneous identical DNS requests is suspicious
what can botnets to evade C-plane clustering
Manipulate communication patterns. Introduce noise (in the form of random packets) to reduce similarity between C&C flows
What can botnets do to evade A plane monitoring
Perform slow spamming
Use undetectable activities (spam sent with Gmail, download exe from https server)
Which of the information should be considered in order to identify the source (perp) of an APT attack?
Source IP address of TCP-based attack packets
Coding syle of malware
Inclusion of special libraries with known authors
motives of the attack
language encoding
Footprinting (FP)
The attacker gathers information about a target.
The kind of information gathered is DNS, email, servers, and the IP address range
Scanning (S)
The attacker uses the internet ot obtain information on specific IP addresses. The kind of information gathered is OS, Services, and architecture of the target system
Enumeration (E)
The attacker gathers information on the network user and group names, routing tables, and simple network management protocol.
Which protocl is used to break data into packets? which protocol reassembles the data packets?
TCP
Which protocol is used to mobve packets from router to router
IP
why does ZMap find more hosts than nmap
Statelessness leads to both higher performance and increased coverage
With regard to computing, what is entropy?
Randomness for use in cryptgraphy or other applications that require random data
what are the two sources of entropy?
Hardware sources and randomness generators.
A lack of entropy will have a negative impact on performance and security
True
NoBL DNSBL level
This IP address does not send spam, and should not be blacklisted. But it is not fully trustworty
GREY DNSBL level
This ip address is not directly involved in spamming but is associated with spam like behaviours
Yellow DNSBL level
THis ip address is known to produce spam and non spam email
Botnets
Short lived domains
Spyware
Anonymously registered domains
Adware
Disposable domains
List the types of characters a malicuious domain name detection program should look in for a domain name
Number of characters, hyphens, digits
Network based features
Quantities such as the total nubmer of IPs historically assicoated with the diversity of their geographical locations, the number of distinct autonomous systems
