Section 15: Network Attacks

Question 1

FTP

Answer 1

File Transfer Protocol Port 21

Question 2

SSH, SCP, SFTP

Answer 2

Port 22 Secure Shell

Question 3

23 TCP/UDP

Answer 3

Telnet Unencrypted method to remotely

Question 4

SMTP

Answer 4

Port 25 using TCP

Question 5

DNS

Answer 5

Port 53 TCP/UDP

Question 6

TFTP

Answer 6

Simplified version of FTP Port 69 UDP

Question 7

HTTP

Answer 7

80 TCP

Question 8

Kerberos

Answer 8

88 TCP Used for network authentication using a system of tickets within a Windows domain

Question 9

POP3

Answer 9

110 TCP

Question 10

NNTP

Answer 10

119 TCP Network News Transfer Protocol is used to transport Usenet articles

Question 11

135

Answer 11

RPC/DCOM-scm Remote Procedure Call

Question 12

137-139

Answer 12

NetBIOS

Question 13

143

Answer 13

IMAP Internet Message Access Protocol

Question 14

SNMP

Answer 14

161 UDP

Question 15

SNMPTRAP

Answer 15

162

Question 16

LDAP

Answer 16

389 TCP/UDP

Question 17

HTTPS

Answer 17

443 TCP

Question 18

SMB

Answer 18

Server Message Block 445 TCP

Question 19

SMTP

Answer 19

465/587 TCP

Question 20

Syslog

Answer 20

Syslog is used to conduct computer message logging, especially for routers and firewall logs Port 514 UDP

Question 21

LDAP SSL/TLS

Answer 21

636 TCP/UDP

Question 22

iSCSI

Answer 22

860 TCP

Question 23

FTPS

Answer 23

989/990 YCP

Question 24

IMAP4 with SSL/TLS

Answer 24

993 TCP

Question 25

POP3 SSL/TLS

Answer 25

995

Question 26

Ms-sql-s

Answer 26

1433 TCP

Question 27

RADIUS

Answer 27

1645/1646 UDP

Question 28

L2TP

Answer 28

1701 UDP

Question 29

PPTP

Answer 29

1723 TCP/UDP

Question 30

RADIUS

Answer 30

1812/1813 (default ports)

Question 31

FCIP

Answer 31

3225 TCP.UDP

Question 32

iSCSI Target

Answer 32

3260 TCP

Question 33

RDP

Answer 33

3389 TCP/UDP

Question 34

Diameter

Answer 34

3868 TCP

Question 35

Syslog over TLS

Answer 35

6514 TCP

Question 36

How do you stop using certain ports?

Answer 36

Turn off the service via task manager, command line net stop service, block the ports at the firewall

Question 37

Denial of Service

Answer 37

Any attack to make a computer's resources unavailable

Question 38

Flood attack

Answer 38

sending tons of requests to a server

Question 39

Ping flood

Answer 39

Flooding a server with two many pings

Question 40

Smurf attack

Answer 40

Sends a ping to subnet broadcast address and devices reply that way

Question 41

Fraggle Attack

Answer 41

Attacker sends a UDP echo packet to port 7 (ECHO) and port 19 (CHARGEN) to flood a server with UDP packets - fairly uncommon for today

Question 42

SYN Flood

Answer 42

Variant on a DOS attack with just SYN requests

Question 43

Fork Bomb

Answer 43

Attack that creates a large number of processes to use up the available processing power of a computer

Question 44

DDOS

Answer 44

A group of compromised systems attack a single target simultaneously to create a Denial of Service (DOS)

Question 45

DNS Amplification

Answer 45

Attack which relies on the large amount of DNS information that is sent in response to a spoofed query on behalf of the victimized server

Question 46

How do you stop a DDOS?

Answer 46

Blackholing or Sinkholing - identifies any attacking IP addresses and routes all their traffic to a non-existent server through the null interface; have an elastic cloud structure that scales up when the load gets heavier

Question 47

Replay Attack

Answer 47

Network-based attack where a valid data transmission is fraudulently or maliciously rebroadcast, repeated, or delayed

Question 48

Null Connection

Answer 48

A connection to the Windows interprocess communications share (IPC$)

Question 49

Transitive Attacks

Answer 49

More of a concept; focuses on the idea of trust, if an attacker can get into one network, they can probably get into the other networks that are similar or connected to that one

Question 50

DNS Poisoning

Answer 50

Occurs when the name resolution information is modified in the DNS server's cache

Question 51

DNSSEC

Answer 51

helps protect your cache from poisoning

Question 52

Unauthorized Zone Transfer

Answer 52

Occurs when an attacker requests replication of the DNS information to their systems for use in planning future attacks

Question 53

Altered Hosts Files

Answer 53

Occurs when an attacker modifies the host file to have the client bypass the DNS server and redirects them to an incorrect or malicious website