Section 15 Network Attacks Flashcards
A logical communication endpoint that exists on a computer or server.
Port
A logical communication opening on a server that is listening for a connection from a client.
Inbound Port
A logical communication opening created on a client in order to call out to a server that is listening for a connection.
Outbound Port
Ports 0 to 1023 are considered well known and are assigned by the Internet Assigned Numbers Authority (IANA).
Well Known Ports
Ports 1024 to 49,152 to 65,535 can be used by any application without being registered with IANA.
Registered Ports
Any port that is associated with a service or function that is non-essential to the operation of your computer or network.
Unnecessary Port
Term used to describe many different types of attacks which attempt to make a computer or server’s resoruces unavailable.
Denial of Service (DoS)
A specialized type of DoS which attempts to send more packets to a single server or host than they can handle.
Flood Attack
An attacker attempts to flood the server by sending too many ICMP echo request packets (Which are known as pings).
Ping Flood
A distributed denial-of-service attack in which large numbers of Internet Control Message Protocol packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address.
Smurf Attack
Attacker sends a UDP echo packet to port 7 (ECHO) and port 19 (CHARGEN) to flood a server with UDP packets.
Fraggle Attack
Variant on a Denial of Service (DoS) attack where attacker initiates multiple TCP sessions but never completes the 3 way handshake.
SYN Flood
A specialized network scan that sets the FIN, PSH, and URG flags and can cause a device to crash reboot.
XMAS Attack
An attack that sends an oversized and malformed packet to another computer or server.
Ping of Death
Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine.
Teardrop Attack
Attack which exploits a security flaw to permanently break a networking deice by reflashing its firmware.
Permanent Denial of Service
Attack that creates a large number of processes to use up the available processing power of a computer.
Fork Bombs
Attack which relies on the large amount of DNS information that is sent in response to a spoofed query on behalf of the victimized server.
DNS Amplification
Identifies any attacking IP addresses and routes all their traffic to a non-existent server through the null interface.
Blackholding or Sinkholding
Occurs when an attacker masquerades as another person by falsifying their identity.
Spoofing
Exploitation of a computer session in an attempt to gain unauthorized access to data, services, or other resources on a computer or server.
Hijacking
Attacker guesses the session ID for a web session, enabling them to takeover the already authorized session of the client.
Session Theft
Occurs when an attacker takes over a TCP session between two computers without the need of a cookie or other host access.
TCP/IP Hijacking
Occurs when an attacker blindly inject data into the communication stream without being able to see if it is successful or not.
Blind Hijacking
Attack that uses multiple transport layers to trick a user into clicking on a button or link on a page when they were intending to click on the actual page.
Clickjacking
Attack that causes data to flow through the attacker’s computer where they can intercept or manipulate the data.
Man in the Middle (MITM)
Occurs when a Trojan infects a vulnerable web browser and modifies the web pages or transactions being done within the browser.
Man in the Browser (MITB)
Network based attack where a valid data transmission is fraudulently or maliciously rebroadcast, repeated, or delayed.
Replay Attack
A connection to the windows interprocess communications share (IPC$).
Null Connections
Occurs when the name resolution information is modified in the DNS server’s cache.
DNS Poisioning
Occurs when an attacker requests replication of the DNS information to their systems for use in planning future attacks.
Unauthorized Zone Transfer
Occurs when an attacker modifies the host file to have the client bypass the DNS server and redirects them to an incorrect or malicious website.
Altered Hosts File
Occurs when an attacker redirects one website’s traffic to another website that is bogus or malicious.
Pharming
Attack that exploits a process in the way a domain name is registered so that the domain name is kept in limbo and cannot be registered by an authenticated buyer.
Domain Name Kiting
Protocol for mapping on Internet Protocol address (IP address) to a physical machine address that is recognized in the local network.
ARP
Attacks that exploits the IP address to MAC resolution in a network to steal, modify, or redirect frames within the local area network.
ARP Poisoning