Security Threats Flashcards
What is a smuf attack?
When an attacker sends a packet with the destination address set as the broadcast address and the source address as the victims IP.
How do you prevent a smuf attack?
no “ip directed-broadcast” command on any L3 interface.
What is an ICMP based MiTM attack?
An attack that uses either the ICMP redirect or router discovery message to redirect traffic to a compromised host.
What is ICMP tunneling?
Where data is injected into the payload of an ICMP echo or echo reply packet.
How do you mitigate an ICMP MiTM attack?
Disable ICMP redirects on all L3 interfaces
How do you mitigate an ICMP tunneling attack?
By blocking ICMP traffic.
What is ICMP fingerprinting?
A method to determine the OS of a machine based on ICMP packets.
With ICMP fingerprinting what value dictates a windows machine?
A value of 128 in the TTL field.
With ICMP fingerprinting what value dictates a Linux machine?
A value of 64 in the TTL field.
How do you mitigate an ICMP fingerprinting attack?
By blocking ICMP traffic.
How do you recognize an ICMP fingerprinting attack?
By observing a large amount of ICMP traffic hitting multiple IP addresses.
How do you recognize an smuf attack?
By observing a large number of ICMP echo replies being directed to a single host. Or ICMP echo packets with a destination address equalling the braodcast address.
How do you recognize ICMP MiTM attacks?
By observing ICMP redirects on a network directing hosts to send traffic to a different destination.
How do you recognize and ICMP tunneling attack?
Requires a stateful Firewall that can inspect ICMP by looking into the payload to detect tunneled data.
