Telecommunications & Network Security Flashcards

Question

What is CrossTalk ?

Answer 1

Crosstalk occurs when a signal transmitted over one channel or circuit negatively affects the signal transmitted over another channel or circuit.

Answer 2

Attenuation is the gradual loss of intensity of a wave (for example, electrical or light) while it travels over (or through) a medium. Currently, ten categories of twisted-pair cabling exist, although only four (Cat 3, Cat 5e, Cat 6, and Cat 6a) are currently defined as standards by the TIA/ EIA. Cat 5, Cat 5e, and Cat 6 cable are typically used for networking today.

Answer 3

TEMPEST is a (previously classified) U.S. military term that refers to the study of electromagnetic emissions from computers and related equipment. Cat 7 and Cat 7a cable is available as STP only. In addition to the entire Cat 7 or Cat 7a cable, the individual wire pairs are also shielded.

Answer 4

Fiber-optic cable, the most expensive type of network cabling — but also the most reliable — is typically used in backbone networks and high-availability networks (such as FDDI). Fiber-optic cable carries data as lightsignals, rather than as electrical signals.

Answer 5

A repeater is a non-intelligent device that simply amplifies a signal to compensate for attenuation (signal loss) so that one can extend the length of the cable segment.

Answer 6

A hub (or concentrator) is used to connect multiple LAN devices together, such as servers and workstations. The two basic types of hubs are: Passive - All data is sent to all ports. Active - All data is sent to all ports and is amplified (repeater)

Answer 7

A switch is used to connect multiple LAN devices together. Unlike a hub, a switch doesn’t send outgoing packets to all devices on the network, but instead sends packets only to actual destination devices. A switch typically operates at the Data Link Layer but the physical interfaces (the RJ-45 input connections) are defined at the Physical Layer.

Answer 8

The Data Link Layer ensures that messages are delivered to the proper device across a physical network link. * This layer also defines the networking protocol (for example, Ethernet and token-ring) used to send and receive data between individual devices. * The Data Link Layer formats messages from layers above into frames for transmission, handles point-to-point synchronization and error control, and can perform link encryption. * The Data Link Layer consists of two sub-layers: the Logical Link Control (LLC) and Media Access Control (MAC) sub-layers.

Answer 9

The LLC sub-layer operates between the Network Layer above and the MAC sub-layer below. * Provides an interface for the MAC sub-layer by using Source Service Access Points (SSAPs) and Destination Service Access Points (DSAPs). * Manages the control, sequencing, and acknowledgement of frames being passed up to the Network Layer or down to the Physical Layer. * Responsible for timing and flow control.

Answer 10

The MAC sub-layer operates between the LLC sub-layer above and the Physical Layer below. It’s primarily responsible for framing * performs Error Control (CRC Checks) * Identifies Hardware / MAC Addresses * Controls Media Access Control

Answer 11

The MAC address is a 48-bit address that’s encoded on each device by its manufacturer. The first 24 bits identify the manufacturer or vendor. The second 24 bits uniquely identify the device.

Answer 12

These are LAN Access Protocols: * ArcNet (Token Passing) * Ethernet (CSMA/CD) * Token Ring * FDDI (redundent Token Ring) * ARP * RARP

Answer 13

* ARP (Layer2) maps Network Layer IP addresses to MAC addresses. * ARP discovers physical addresses of attached devices by broadcasting ARP query messages on the network segment. * IP-address-to-MAC-address translations are then maintained in a dynamic table that’s cached on the system.

Answer 14

RARP (layer 2) maps MAC addresses to IP addresses. This process is necessary when a system, such as a diskless machine, needs to discover its IP address. The system broadcasts a RARP message that provides the system’s MAC address and requests to be informed of its IP address. A RARP server replies with the requested information.

Answer 15

* Unicast - Single Source to a Single Destination * Multicast - Single Source to Multiple destinations that are masked with a multi-cast IP Address. * broadcast - Single Source to Every IP Address.

Answer 16

802. 11a 54 Mbps Operates at 5 GHz (less interference than at 2.4 GHz) 802. 11b 11 Mbps Operates at 2.4 GHz (first widely used protocol) 802. 11g 54 Mbps Operates at 2.4 GHz (backward-compatible with 802.11b) 802. 11n 600 Mbps Operates at 5 GHz or 2.4 GHz

Answer 17

This is a point to point link. These links provide a single, pre-established WAN communications path from the customer’s network, across a carrier network (such as a Public Switched Telephone Network [PSTN]), to a remote network.

Answer 18

The successor to SLIP. PPP provides router-to-router and host-to-network connections over synchronous and asynchronous circuits. It’s a more robust protocol than SLIP and provides additional built-in security mechanisms. PPP is far more common than SLIP in modern networking environments.

Answer 19

Point-to-Point Tunneling Protocol (PPTP): A tunneling protocol developed by Microsoft and commonly used to implement VPNs, specifically PPP traffic. PPTP doesn’t provide encryption or confidentiality, instead relying on other protocols, such as PAP, CHAP, and EAP, for security.

Answer 20

Serial Line IP (SLIP): The predecessor of Point-to-Point Protocol (PPP), SLIP was originally developed to support TCP/ IP networking over low-speed asynchronous serial lines (such as dial-up modems) for Berkeley UNIX computers.

Answer 21

Digital Subscriber Line (xDSL): xDSL uses existing analog phone lines to deliver high-bandwidth connectivity to remote customers. Table 5-4 describes several types of xDSL lines that are currently available.

Answer 22

Integrated Services Digital Network (ISDN): ISDN is a communications protocol that operates over analog phone lines that have been converted to use digital signaling. ISDN lines are capable of transmitting both voice and data traffic. ISDN defines a B-channel for data, voice, and other services, and a D-channel for control and signaling information.

Answer 23

* Basic Rate Interface (BRI) One 16-Kbps D-channel and two 64-Kbps B-channels (maximum data rate of 128 Kbps) * Primary Rate Interface (PRI) One 64-Kbps D-channel and either 23 64-Kbps B-channels (U.S.) or 30 64-Kbps B-channels (EU), with a maximum data rate of 1.544 Mbps (U.S.) or 2.048 Mbps (EU)

Answer 24

* A packet Switched Network. | * High speed, No Error Correction.

Answer 25

Multi-Protocol Label Switching (MPLS): A packet-switched, high-speed, highly scalable and highly versatile technology used to create fully meshed Virtual Private Networks (VPNs). It can carry IP packets, as well as ATM, SONET (Synchronous Optical Networking), or Ethernet frames. MPLS is specified at both Layer 2 and Layer 3. Disadvantaages: * Loss of visability into the cloud, so does an attacker.

Answer 26

Lable Edge Router - used in MPLS, they label and remove labels, capsulate and unencapsulate data packets as they leave the clouds.

Answer 27

Synchronous Optical Network - used in the USA by telco and energy companies. high speed multiplexed,low latency based on Fibre Optics.

Answer 28

Synchronous Digital Hierarichy - Successor to SONET, used throughout the world, save the USA. high speed multiplexed,low latency based on Fibre Optics.

Answer 29

A Datagram is a self contained unit that is capable of being routed between a source and a destination, commonly used in UDP and AppleTalk. Similar to an IP Packet.

Answer 30

X.25 was the first packet switching network.

Answer 31

Packet Switched Networks are: * ideal for on demand connections that occasionally 'burst' due to high traffic volumes. * They are connectionless orientated * Variable Delays

Answer 32

* data is transmitted serially * it has start and stop bits * communicate at the same speed * parity bits reduce error

Answer 33

* Semi Inteligent Repeater * connects two or more network segments * maintains an ARP Cache * Responsible for broadcast storms - can flood a network with ARP requests.

Answer 34

* intelligent Hub that uses MAC addresses to route traffic. * Can be used to implement VLANS * traditionally layer 2, new switches function at layers 3 and 7.

Answer 35

Data Terminal Equipment, a general term used to classify end devices like workstation.

Answer 36

Data Communications Equipement - It is the physical connection to the network from the DTE devices.

Answer 37

The Network Layer

Answer 38

* Routing between systems on the same or interconnected networks. * RIP, OSPF, BGP, IP, IPX are all defined at this layer.

Answer 39

Static manual routes placed on routers to direct traffic from A to B. If the router is down the network is down. * If two paths are listed for a route there is no congestion control. * only practical in small networks * It does have low bandwidth requirements and built in security.

Answer 40

Dynamic Routing Protocols discover routes to get to another location. * Congestion Aware. * link state aware

Answer 41

It makes routing decisions based on 2 factors distance (hops) and vector (egress router interface).

Answer 42

The time it takes for all routers in a network to update their routing tables. * During Convergence routing information is exchanged and networks slow down considerably.

Answer 43

* Routing Information Protocol. | * It uses Distance - Vector routing protocol that uses hop counting as a routing metric with a hop limit of 15.

Answer 44

* Demands that all routers maintain a complete map / routing table of the entire network. * processor intensive to produce. * calculates the most efficient way to data across a networkm calculating factors like: Speed, Delay, Load, relability and cost. Convergence with link state protocols occurs much more quickly than with vector - distance Protocols.

Answer 45

Is similar in concept to a distance vector protocol but without the scalability issues associated with limited hop counts. BGP is an example of this.

Answer 46

Routing loops are when packets get stuck bouncing between various hops. to prevent this RIP implements the following: * Hop limit of 15. * Split Horizon - prevents a router from advertising a route back out through the same interface. * Route Poisoning - Sets the hop count on a bad route to 16. * Holddown Timers - starts a timer when a router receives a router to a destination that is unreachable, untill the timer ends any router updates to that destination are dropped. this prevents flapping. * RIP uses UDP port 520 * Slow Convergance * Poor Security

Answer 47

Open Shortest Path First: * A link state routing protocol * It is considered an Interior Gateway Protocol (IGP) * Encapsulated as IP Datagrams, as oppose to TCP,UDP.

Answer 48

A group of contiguous IP address ranges under the control of a single internet entity.

Answer 49

Autonomous System Number - individual autonomous systems are assigned a 16 ro 32 AS Number that uniquely identifies them on the Internet, these are assigned by IANA.

Answer 50

Internet Assigned Numbers Authourity. | * Assigns 16 or 32 bit unique numbers to autonomous systems on the internet.

Answer 51

Intermediate Systems to Intermediate Systems - A link state routing protocol used to route datagrams through a packet switched network. * It is an Interior Gateway Protocol (IGP) * used in large service provider backbone networks.

Answer 52

Border Gateway Protocol - a Path vector routing protocol used between seperate authonomous systems (AS). * Exterior Gateway Protocol (EGP). * Core Protocol used by ISPs and on large enterprise networks.

Answer 53

External Border Gateway Protocol - when BGP is used between autonomous systems (AS).

Answer 54

Internal Border Gateway Protocol - When BGP runs within an Autonomous System (AS).

Answer 55

Network Layer Protocols that address packets with routing information. * IP, IPX.

Answer 56

* Contains Addressing information that enables it to be routed. * Connectionless, best effort, delivery of datagrams. * Fragmentation and reassembly of datagrams. * IPv4 used 32bit logical IP addresses divided into 4 x 8 bit octets.

Answer 57

``` A - 1 top 126 (large, 16,777,214) B - 128 to 191 (medium, 65,534) C - 192 to 223 (small, 254) MultiCast - 224 to 239 Experimental - 240 - 254 ```

Answer 58

127.0.0.1 - 127.255.255.255 - loopback network used for testing and troubleshooting.

Answer 59

10.0.0.0 - 10.255.255.255

Answer 60

172.16.0.0 - 172.31.0.0

Answer 61

192.168.0.0 - 192.168.255.255

Answer 62

* 128bit logical IP Address Scheme | * backward compatable with IPv4

Answer 63

Internetwork Packet Exchange. * COnnectionless Protocol associated with Netware * part of the IPX / SPX package Suite.

Answer 64

Internet Control Message Protocol. Layer 3. * reports errors and other information back to the source. * Common Terms: Destination Unreachable, Echo Request, Echo Reply, Redirect, Time Exceeded. PING

Answer 65

Simple Key Management for Internet Protocols - A Network layer key management protocol used to share encryption keys. * Bandwidth intensive (size of packet header information due to encrypted packets). * No pre-required session is required.

Answer 66

Router - hardware and software equipment (BGP,OSPF,RIP) | Gateway - Hardware and software appliance that links disparate networks, this can include protocols (IPX <> IP)

Answer 67

The Transport Layer - It provides end to end reliable data transport and and transmission control.

Answer 68

A transport layer function that manages data transmission between devices. Makes sure 1 device does not overload another.

Answer 69

A transport layer function that enables data from multiple applications to be transmitted over a single physical link.

Answer 70

A transport layer function that establishes, maintains and terminates virtual circuits.

Answer 71

A transport layer function that detects for transmission eorrs and takes actions to resolve the errors.

Answer 72

Transmission Control Protocol (Layer 4): * A full duplex connection orientated protcol. * Connection established through a 3-way handshake * Reliable - guarantees delivery by acknowledging packets and re-transmitting / requesting if there is an error. * Slow - due to the overhead (3-way,error checking)

Answer 73

A PC attempting to communicate with another initiates the communication with a SYN (syncronise) Packet. Part 1 of the 3 way TCP Hand Shake.

Answer 74

The PC that has received a SYN packet responds to the original Request with a SYN-ACK (syncronise - acknowledgement) Part 2 of the 3 Way TCP HandShake.

Answer 75

A response to a SYN-ACK packet, this is third part of the TCP 3 Way Hand shake.

Answer 76

User Datagram Protocol: * Connectionless protocol, uses Best effort for delivery. * no delivery guarantee * no packet re-sequencing or error checking.

Answer 77

* suited for data that requires fast delivery that is not sensitive to packet loss or fragmentation. * DNS * SNMP * video and audio streaming.

Answer 78

Sequenced Packet Exchange. * Used to guarantee data delivery on Netware Networks. * Similar to TCP * reliable. * provides for packet re-assembly.

Answer 79

Secure Socket Layer / Transport Layer Security. | * provides session based encryption & authentication.

Answer 80

The Session Layer . This establishes co-ordinates and terminates communication sessions between networked systems.

Answer 81

1) Connection Establishment: Initial Contact between communicating systems is made and the end devices agree on communication parameters. 2) Data Transfer - data is exchanged between end devices. 3) Connection Release - After the data has been communicated end devices end the session.

Answer 82

* Simplex Mode - 1 way communication path, 1 transmits the other receives. Like a Radio. * Half Duplex Mode - Both devices can transmit and receive but not at the same time. Like a 2 way radio. * Full Duplex - Both devices can communicate at the same time (transmit and receive) simultaneously. Life a telephone.

Answer 83

Network Basic Input / Output System. * Layer 5 * microsoft protocol, designed for communication across a LAN. * None routable.

Answer 84

Network File System. * Layer 5. * designed to faciliate remote access to resources for users on a UNIX based system.

Answer 85

Remote Procedure Call * Layer 5 protocol * This is a client | Server network redirection tool.

Answer 86

SecureShell. - An alternative to tellnet. * Layer 5 Protocol. * provides remote access on unix systems.

Answer 87

Session Initiation Protocol: * Layer 5 Protocol * used for managing and terminative real time communications (Video, Audio and Text)

Answer 88

Presentation Layer: Provides coding and conversion functions for data being presented the Application Layer.

Answer 89

* Data Representation * Character Conversion * Data Compression * Data Encryption

Answer 90

American Standard Code for Information Interchange. * Layer 6 * Character encoding system

Answer 91

Application Layer - responsible for identifying and establishing availability of communication partners, determining resource availability and syncronising communications.

Answer 92

File Transfer Protocol. * Layer 7 * copy files from A to B

Answer 93

HyperText Transfer Protocol. * Language of the WWW * Layer 7

Answer 94

HyperText Transfer Protocol Secure. * Language of commerical applications on the WWW * Layer 7 * HTTP + SSL / TLS

Answer 95

Internet Message Access Protocol - Stores and forwards electronic emails. * Layer 7 * User port 143

Answer 96

Post Office Protocol version 3 (POP3) * Layer 7 * An Email retrieval protocol * uses port 110 * Insecure auth over plain text.

Answer 97

Secure Multi Purpose Internet Mail Extension * layer 7 * allowed users to send email with a web browser.

Answer 98

Simple Mail Transfer Protocol * Layer 7 * used to send and receive email across the internet. * Runs on Port 25.

Answer 99

A communication model based on TCP/IP that predates the OSI Model. 4 layers: Application (App, Presentation,Session: OSI) Transport (Transport : OSI) Internet (Network: OSI) Network (Link) Layer: (Data Link, Physical: OSI)

Answer 100

A hardware and Software appliance that controls traffic flow.

Answer 101

* denies / permits traffic based on TCP, UDP, ICMP and IP headers of individual packets. * Cheap * Uses pre-defined access rules (ACLs) * Fast, Efficient. * Transparent. * No protection from IP or DNS spoofing * Doesn't strong user encryption * limited logging

Answer 102

A FireWall that controls access by maintaining state information about established connections. When the session is created (layer 5) between 2 hosts packets flow freely between them. * Speed (after a connection is made individual packets aren't analysed) * support for many protocols * easy maintenance * dependence on trustworthy connections * limited logging.

Answer 103

* A circuit level gateway that captures network layer packets and then queues and analyses them.

Answer 104

* operates at the Application (Layer 7) of the OSI model. * Proxy Server * Processes and inspects data packets for specific IP Applications. * No data is directly sent between the two hosts, the proxy server accepts the packets, inspects the packets and sends on a copy. * masks network internals and designs * Can implement strong user authentication * reduced network performance * Must be tailored to specific applications.

Answer 105

* A Basic type of firewall architecture * A router that is placed between a trusted and untrusted network that uses an ACL secruity policy. * Device is transparent * Simple and inexpensive * has issues with certain types of traffic * limited / no logging * no user authentication * Single point of failure * Is not really a firewall (no choke point strategy)

Answer 106

* A common FireWall Architecture * Called a Bastion Host. (sacrifical lamb) * Systems with 2x NICS that sits between 2 networks * A hardened system that employs robust security mechanisms. * Proxys connections between NICS * Can have a fail safe option. * internal network structure is masked. * Inconvenient to Users * can cause slower network performance (bottleneck)

Answer 107

* A type of firewall architecture that employs both a bastion host as well as a screening router. * The screening router makes the bastion the single point of ingress / egress between the two networks. * provides distributed secruity between 2 devices * transparent outbound * restricted inbound * bastion host could be bypassed by the screened router Masking the internal network structure is difficult * multiple single points of failure.

Answer 108

* A secure Firewall Architecture * uses an exterrnal screening router * dual homed host with a second screening router (DMZ) * Transparent to end users * Flexible * provides defense in depth * internal network structure can be masked. * expensive, difficult to maintain and configure * tough to troubleshoot.

Answer 109

Provides realtime monitoring and analysis of network traffic.

Answer 110

* This is an IPS, it can block suspected attacks. * Must be placed inline * single point of failure * could be used to DoS a company

Answer 111

* Or just a plain old IDS * monitors and alerts. * Not neccesarily inline.

Answer 112

Is an a network device / appliance with an NIC card configured in promiscious mode, can sniff all traffic.

Answer 113

Is a system with host applications or agents that are installed on hosts and alert the IDS when triggers occur.

Answer 114

This type of IDS references a database of previous attack profiles. * Low false positive rate * alerts are more standardised. * signature based must be continually maintained * new attacks may have not been classified and thus not be detected.

Answer 115

* this references a baseline or learned pattern * deviations from the baseline or pattern trigger an alarm. * less dependent on identifying specific OS vulns. * dynamically adapt to new, unique, original attacks. * High false positive rate * cannot adapt to legitimate usage patterns.

Answer 116

Access is granted or restricted based on the user's IP Address.

Answer 117

Access is granted or restricted based on the user's phone number.

Answer 118

This requires a remote access user to authenticate to a RAS Server, the RAS then disconnects and calls the user back at a preconfigured phone number. * Easily defeated with call forwarding.

Answer 119

Remote Access Service - they utilise PPP to encapsulate IP packets and establish a dial-in connection.

Answer 120

VIrtual Private Network. - A secure tunnel over a public network such as the Internet.

Answer 121

Client to VPN Concentrator Client to Client Firewall to firewall router to router

Answer 122

Point-to-Point Tunneling Protocol: * Developed by Microsoft. * tunnels the Point to Point Protocol through a public network. * uses native PPP authentication & encryption services.

Answer 123

``` Layer 2 forwarding protocol: * designed by Cisco * similar to PPTP * Data link layer (Layer 2) permits tunneling of WAN Protcols (HDLC,SLIP) ```

Answer 124

Layer 2 Tunneling Protocol * combination of L2F and PPTP * Transparent (requires no additional software) * Robust Authentication (PPP,RADIUS,TACACS) * Local addressing (assigned by VPN not ISP) * Authorisation - managed server side * Accounting - Both the ISP and USER perform AAA accounting

Answer 125

Internet Protocol Security. * Layer 3 IETF open standard. * Ensures confidentiality, integrity and authenticity

Answer 126

Only data is encrypted.

Answer 127

The entire packet is encrypted.

Answer 128

IP-SEC protocol - Authentication Header, provides integrity, authentication, and non-repudiation.

Answer 129

``` IP-SEC Protocol - Encapsulated Security Payload. Provides confidentiality (encryption) and limited authentication. ```

Answer 130

A component of IPSEC. * A 1 way connection between 2 communicating parties. * Thus you need two SAs between 2 parties * Each SA only supports ESP or AH.

Answer 131

* Security Parameter Index (SPI) - 32bit string used by receiving stations to differentiate between SAs. * Destination IP Address - (Unicast address) * Security Protocol ID - The Security Protocol ID must be either an AH or ESP association.

Answer 132

Internet key Exchange . * Key Management in IP Sec. * a combination of 3 other protocols: ISAKMP, SKEME and OKE protocol.

Answer 133

Secure Socket Layer - Layer 4 Transport Protocol. * Low Cost , Easy to use. * Transparent - no special software is required to use it. * Provides granular access control. * Not all applications are SSL aware.

Answer 134

* Omni-Directional: send and receive signals equally in all directions. * Parabolic: Also known as dish antenna, extend wireless ranges. * Sectorized: direct signals in a 60 to 120 degree pattern provides additional range and decreases interference. * Yagi: Used for long distances in P2P or P2MP wireless apps.

Answer 135

* default access point setup. | * The AP is directly connected to the wired Network and bridges the two networks.

Answer 136

* The access point provides an upstream link to another AP effectively extending the range.

Answer 137

* The Wireless Access Point functions as a bridge between two seperate wireless networks.

Answer 138

A WLAN architecture that has no Access Points. Device communicate directly with each other in a peer to peer network.

Answer 139

32 Character name that identifies a wireless network.

Answer 140

Wired Equivalent Privacy (WEP). Gen 1 wireless security protocol. * RC4 stream cipher * CRC-32 checksum for integrity * uses a 40 or 104 bit key with a 24-bit initialisation vector (IV) to form a 64 or 128 bit key.

Answer 141

Open System Authentication - no wireless client required. | Shared Key Authentication - uses a 4 way handshake to auth and associate the wireless client with the access point.

Answer 142

You can tunnel IPSec and SSH over WEP to increase Security.

Answer 143

WiFi Protected Access (WPA/WPA2) * WPA uses the Temporal Key Integrity Protocol (TKIP) to address some encryption issues. TKEP = secret root key + initialisation vector. * Support for EAP Extensions (EAP-TLS, EAP-TTLS, Protected EAP).

Answer 144

Wifi Protected |Access (WPA2) WPA 1 + security enhancements * WPA2 uses AES-based algorithm counter mode /w Cipher block chaining message authenitication Code.

Answer 145

* Open Relay be default (bad)

Answer 146

* A realtime blackhole list | * A frequently updated list of IP addresses with open relay.

Answer 147

Victims are lured to an online site and asked to validate personal data. (Mostly banking type sites)

Answer 148

Spam Over Instant Messaging

Answer 149

Spam Over Internet Telephony

Answer 150

* HTTP - Hypertext Transport Protocol | * HTML - Hypertext Markup Language

Answer 151

An attempt to inject scripting language commands into a web form. * This is an attempt to fool the web server into sending the contents of the back-end databases to the hacker.

Answer 152

* An attempt to send machine language instructions as part of a query to a web server in an attempt to get the server to run the commands.

Answer 153

Sending huge numbers of queries to a web server in an attempt to clog inputs and make it unavailable.

Answer 154

* Use Cover pages * Place fax machines in secure areas. * Using secure phone lines. * Encrypting fax data.

Answer 155

* Audit call logs | * publish and enforce corporate telephone use policies.

Answer 156

* Use a calling card * Use a caller id service * blocking caller id * reconfigure your telephoen switch * VoIP

Answer 157

sending anonymous unsolicted messages to bluetooth enabled devices.

Answer 158

stealing personal data from a bluetooth enabled device.

Answer 159

a UDP echo (port 7) flood attack

Answer 160

A large number of ICMP (echo requests) are sent to the target network in an attempt to consume resources (bandwidth)

Answer 161

IP Spoofing involves altering a TCP packet so that it appears to be coming from a known good / trusted source.

Answer 162

A large number of ICMP (echo requests) are sent to the target network in an attempt to consume resources (bandwidth). However in this attack the packets are sent to the broadcast address of the target network from a spoofed ip address on the target network. * To counter you could drop ICMP at the router.

Answer 163

* TCP packets with a spoofed source address request a connection (syn bit set) to the target network. * target network responds with a syn-ack packet, but the spoofed source never responds. * broken three way packets over whealm the system and it crashes.

Answer 164

* Enable tcp intercept on the router * Enable committed access rate (CAR) which would rate limit the bandwidth. * Checkpoint has a syn defender function * reduce the time out period on networked systems * change the default max. number of half open TCP connections.

Answer 165

A tear drop attack occurs when a change has been made to the length and fragmentation offset fields of sequential IP packets, which causes the target system to to become confused and crashed.

Answer 166

* In a UDP Flood large numbers of UDP packets are sent to the target network to consume available bandwdith and shut the network down due to congestion. * A counter for this would be to drop unneccessary UDP packets at the router.