Threats and Vulnerabilities Flashcards
DOS (Denial of Service)
attack that attempts to make a computers resources unavailable
Flood Attack
specialized type of denial of service that attempts to send more packets to a server or host than it can handle
ping flood
type of flood attack in which too many ICMP echo requests are being sent
syn flood
type of flood attack in which attacker initiates multiple tcp sessions but never completes threeway handshake
How Can flood attacks be mitigated
Flood Guards- detect syn floods and block requests, Timeouts- timeout on a half open request, IPS (intrusion prevention systems)
Permanent Denial of Service (PDOS)
exploits a security flaw to permanently break a networking device, rebooting wont fix the break , reflashes firmware
fork bomb/rabbit attack
attack that creates many processes to use up available processing power of a computer, not a worm, only spread out inside processors cache on a single computer
DDOS (distributed Denial of Service)
use lots of machines to attack a server to create denial of service
DNS Amplification
allows attacker to send packets to flood victims website to initiate DNS requests from a spoof version of targets IP address
How to mitigate or beat DDOS?
blackwhole/sinkhole- reroutes attacking IP addresses and routes them to a nonexistent server through null interface
IPS- identify and respond to small scale DDOS attacks
Elastic Cloud infrastructure- scale up when demand increases
spoofing
when attacker masquerades as another person by falsifing their identity
IP Spoofing
modifies source address of an IP packet to hide the identity of sender or impersonate another client or both, layer 3 of the OSI model
MAC Address Spoofing
changing mac address to pretend the use of a different NIC Or device, layer 2 of the OSI model
On path attack
AKA man in the middle attack, attackers put themselves logically between the victim and the intended destination
ARP poisoning
on path attack on local IP subnet in which the attacker sends their own mac addresss instead of intended mac address so that you are communicating with them and not the device that you though you were
DNS Poisoning
similar to ARP poisoning but with DNS
Rogue WAP
types of on path attack
Rogue Switch or hub
type of on path attack
replay
valid data is captured by the attacker and is then repeated immediately or delated and then repeated
relay
attacker inserts themselves in between two hosts, attacker becomes proxy between the two hosts, attacker can read and modify communications
SSL stripping
attacker tricks encryption application into presenting the user with a http connection instead of a https connection
downgrade attack
attacker attempts to have a client or server abandon a high security mode in favor for a lower security mode
SQL injection
attack where insertion of an SQL query via input data from client to web application
cross site scripting (XXS)
attacker embeds malicious scripting commands on a trusted website, attacker is trying to elevate privileges, steal information from victims cookies or gain information stored by victims web browser,
