4.4 Common Networking attacks

Question 1

Denial of Service (DoS)

Answer 1

force a service to fail - overload the system

Question 2

“friendly” DoS

Answer 2

unintentional failure of service often done by accident

Question 3

Distributed DoS (DDoS)

Answer 3

launch an arm (botnets) of computers to bring down a service

use all the bandwidths or resources - traffic spike

Question 4

DDoS Amplification

Answer 4

turn a small attack into a big attack often reflected off another device or service

-uses protocols with little to no authentication checks
NTP, DNS, ICMP

Question 5

Social engineering principles

Answer 5

1. Authority - act as someone in charge
2. Intimidation - bad things might happen if you don’t help
3. Consensus/ Social proof -convincing you to do something b/c apparently someone else did it for them
4. Scarcity - acting like there is an expiry date to a certain task
5. Urgency - work alongside scarcity/ act quick don’t think
6. Familiarity/Liking - act like you know the same person
7. Trust - convinces you there are trustable because say a job (it professional/cop)

Question 6

Insider threats

Answer 6

having information that others do not have access too

Question 7

Logic Bomb

Answer 7

a piece of often-malicious code that is intentionally inserted into software

Question 8

Rouge Access Points

Answer 8

is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker.

Question 9

Wireless Evil Twins

Answer 9

When you configure an AP the exact same way as another then overpower the AP that is the target

Question 10

Wardriving

Answer 10

is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone

Question 11

Phishing

Answer 11

act of disguising a communication from an unknown source as being from a known

Social engineering with a touch of spoof

ususally done through: email/span

Question 12

Vishing

Answer 12

information obtain via phone

Question 13

Spear Phishing

Answer 13

a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim

Question 14

Ransomware

Answer 14

when someone takes control of personal information or data and asks for money in return

Question 15

DNS poisoning

Answer 15

a hacker technique that manipulates known vulnerabilities within the domain name system (DNS)

Question 16

Spoofing

Answer 16

pretending to be something you aren’t

MAC spoofing
IP address spoofing

Question 17

Wireless de-authentication

Answer 17

a significant wireless DoS attack - someone constantly turning off the wireless access

Question 18

Brute force attack

Answer 18

an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.

Question 19

VLAN hopping

Answer 19

a method of attacking a network by sending packets to a port that is not normally accessible from a given end system.