Sniffing and Evasion Flashcards
What is ARP Spoofing/Poisoning?
Any of the following is correct:
1. Changes the cache of machines so that packets are sent to you instead of the intended
target.
2. A Man in the Middle (MitM) attack that allows attackers to intercept communication between network devices.
What type of attack is IP Spoofing?
Man-in-the-Middle.
What does MAC stand for?
Media Access Control
Which Layer does MAC operate at?
Data Link Layer (Layer 2)
How long is a MAC address?
48 bits
Which mode do you need enabled to be able to look at all frames passing through?
Promiscuous mode
What is a CAM Table?
Table on a switch that stores which MAC address is on which port.
What is DHCP Starvation attack?
Attempt to exhaust all available addresses from the server
What is a Circuit-Level Gateway?
Type of firewall that operates at the Session Layer (Layer 5)
List 4 evasion techniques
- Slow Down Scans
- Flooding the network devices (Distracting IDS from real attack with alerts)
- Fragmentation - Split up packets
- Unicode Encoding
What is firewalking?
Going through every port on a firewall to determine what is open.
Can TCP-Over-DNS evade Firewall Inspection?
True.
What type of tool is Kismet?
Wireless device detector, wardriving tool, sniffer and WIDS (Wireless Intrusion Detection)
What is SSL Stripping Attack?
Man-in-the-middle technique to redirect victims to HTTP sites instead of HTTPS and remove TLS/SSL connections.
What is Ettercap?
Man-in-the-middle tool and packet sniffer.
