Security+ 2 Flashcards
attacker sends echo requests to broadcast addresses of 3rd party servers using a forged source address (forged source address is real IP address of victim), when 3rd party servers receive request they believe the victim and send the victim an echo reply, then victim gets overloaded with requests bringing down their network …
Smurf Attack (DDoS)
attacker chooses requests that have very large responses, then attacker can send very small requests over his or her network that generate very large replies over 3rd party connection … amplification factor : reply/request = amplification –> 512bytes/64bytes = 8x amplification … can mitigate with blocking procedures, ISP and 3rd party DDoS security companies …
Amplification Attack
MITM attack : the attacker tricks the sending system during initial communication, could be done by reconfiguring a network device or using DNS or ARP poisoning. The user then connects directly to the attacker instead of a legitimate server, and the attacker connects to the real server, the user authenticates to the fake server set up by attacker and attacker acts as a relay (MITM) and can view all communications being taken place … the attacker receives requests from user, passes them onto the the server and receives the real responses reads them and then replays them to real user who has no idea whats going on …
*** Man in the Browser Attack : compromising of users web browser or browser plugin to gain access to web communications.
MITM Attack …
Replay Attack : uses previously captured data like encrypted authentication token to create a separate connection to the server that is authenticated but does not involve the real end user … if attacker can resend authentication sequence w/o remote system notice its being replayed the attacker can then use those credentials for his or her own purposes … the attacker typically cant see the actual credentials but has encoded version of them … these attacks can be mitigated using a session token or timestamps and each session should use a new random token and suitable time to which session should last … timestamp can help as well being make system current on time so anything outside of time will be rejected …
Replay attack
Packets carry a data payload and includes header information like source and destination addresses, and also include flags.
Christmas Tree Packet : some systems cant handle all flags being set (DoS) when flags are lit up on a packet …
Packets etc …
DNS/ARP poisoning : attacker inserts incorrect DNS records at any point in the DNS hierarchy, and can redirect traffic to attackers system, the attackers contains web server that closely resembles what user is expecting to visit, then attacker steals users credentials when user logs in. In a well done DNS poisoning attack, attackers passes credentials through to real system and captures all traffic between client and server preventing user from knowing whats going on (MITM) …
only works on a local network, victim system believes another system is gateway and sends traffic to it, that system belongs to attacker engaging in MITM …
DNS/ARP poisoning …
Typosquatting (URL Hijacking) = attack of registering domain names similar to official sites, hoping that users will make a typo and visit their site …
Domain Hijacking attacks : steal a domain registration or alter DNS records, can be done by contacting Domain register and transfer domain name to themselves or do DNS attack which changes DNS records …
Attacks …
anyone with administrative access to a system can change the MAC address … ex : sudo ifconfig en0 ether “altered mac address”
IP spoofing : admins can alter IP addresses difficult to use to reconfigure the network to receive return traffic at spoofed IP address so they are used in DoS where return of info isnt necessary but not commonly in those which require 2 way communication.
password file in /etc/password (linux)
IP Spoofing Etc …
password files use hashes computed using a one way hash function, when user logs in the login process takes password computes hash and compares hash with one stored in file, if matched user is logged in … attacker can have access public hash password file and start guessing passwords offline in brute force attack … secure by removing hashes from public accessible etc/password/ file … but hashes still exist but are stored in /etc/shadow which is accessible to root … hash function is mathematical function that converts a variable length input and translates it into a fixed length output that is collision resistant .. and it must any change in input produces a different output, and difficult to retrieve input from the output, and difficult to find 2 different inputs that generate the same output which is know as a collision …
password files etc …
Birthday Problem : collisions become common with large sample …
Attackers need to guess password, run that guess through hash algorithm and view the results …
Rainbow Table Attacks : precomputing common password hashes and saving a computational step during the attack …
Birthday Problem etc …