Section 15: Network Attacks Flashcards
FTP
File Transfer Protocol Port 21
SSH, SCP, SFTP
Port 22 Secure Shell
23 TCP/UDP
Telnet Unencrypted method to remotely
SMTP
Port 25 using TCP
DNS
Port 53 TCP/UDP
TFTP
Simplified version of FTP Port 69 UDP
HTTP
80 TCP
Kerberos
88 TCP Used for network authentication using a system of tickets within a Windows domain
POP3
110 TCP
NNTP
119 TCP Network News Transfer Protocol is used to transport Usenet articles
135
RPC/DCOM-scm Remote Procedure Call
137-139
NetBIOS
143
IMAP Internet Message Access Protocol
SNMP
161 UDP
SNMPTRAP
162
LDAP
389 TCP/UDP
HTTPS
443 TCP
SMB
Server Message Block 445 TCP
SMTP
465/587 TCP
Syslog
Syslog is used to conduct computer message logging, especially for routers and firewall logs Port 514 UDP
LDAP SSL/TLS
636 TCP/UDP
iSCSI
860 TCP
FTPS
989/990 YCP
IMAP4 with SSL/TLS
993 TCP
POP3 SSL/TLS
995
Ms-sql-s
1433 TCP
RADIUS
1645/1646 UDP
L2TP
1701 UDP
PPTP
1723 TCP/UDP
RADIUS
1812/1813 (default ports)
FCIP
3225 TCP.UDP
iSCSI Target
3260 TCP
RDP
3389 TCP/UDP
Diameter
3868 TCP
Syslog over TLS
6514 TCP
How do you stop using certain ports?
Turn off the service via task manager, command line net stop service, block the ports at the firewall
Denial of Service
Any attack to make a computer’s resources unavailable
Flood attack
sending tons of requests to a server
Ping flood
Flooding a server with two many pings
Smurf attack
Sends a ping to subnet broadcast address and devices reply that way
Fraggle Attack
Attacker sends a UDP echo packet to port 7 (ECHO) and port 19 (CHARGEN) to flood a server with UDP packets - fairly uncommon for today
SYN Flood
Variant on a DOS attack with just SYN requests
Fork Bomb
Attack that creates a large number of processes to use up the available processing power of a computer
DDOS
A group of compromised systems attack a single target simultaneously to create a Denial of Service (DOS)
DNS Amplification
Attack which relies on the large amount of DNS information that is sent in response to a spoofed query on behalf of the victimized server
How do you stop a DDOS?
Blackholing or Sinkholing - identifies any attacking IP addresses and routes all their traffic to a non-existent server through the null interface; have an elastic cloud structure that scales up when the load gets heavier
Replay Attack
Network-based attack where a valid data transmission is fraudulently or maliciously rebroadcast, repeated, or delayed
Null Connection
A connection to the Windows interprocess communications share (IPC$)
Transitive Attacks
More of a concept; focuses on the idea of trust, if an attacker can get into one network, they can probably get into the other networks that are similar or connected to that one
DNS Poisoning
Occurs when the name resolution information is modified in the DNS server’s cache
DNSSEC
helps protect your cache from poisoning
Unauthorized Zone Transfer
Occurs when an attacker requests replication of the DNS information to their systems for use in planning future attacks
Altered Hosts Files
Occurs when an attacker modifies the host file to have the client bypass the DNS server and redirects them to an incorrect or malicious website