Network Attacks

Question 1

Network Attacks

Answer 1

o Denial of Service
o Spoofing
o Hijacking
o Replay
o Transitive Attacks
o DNS attacks
o ARP Poisoning

Question 2

Port

Answer 2

A logical communication endpoint that exists on a computer or server

Question 3

Inbound Port

Answer 3

A logical communication opening on a server that is listening for a connection from a client

Question 4

Outbound Port

Answer 4

A logical communication opening created on a client in order to call out to a server that is listening for a connection

Question 5

Ports can be any number between

Answer 5

0 and 65,535

Question 6

Well-Known Ports

Answer 6

Ports 0 to 1023 are considered well-known and are assigned by the Internet Assigned Numbers Authority (IANA)

Question 7

Registered Ports

Answer 7

Ports 1024 to 49,151 are considered registered and are usually assigned to proprietary protocols

Question 8

Dynamic or Private Ports

Answer 8

Ports 49,152 to 65,535 can be used by any application without being registered with IANA

Question 9

Denial of Service

Answer 9

Attacks which attempt to make a computer or server’s resources unavailable

• Flood Attacks
• Ping of Death
• Teardrop Attack
• Permanent DoS
• Fork Bomb

Question 10

Flood Attack

Answer 10

A specialized type of DoS which attempts to send more packets to a single server or host than they can handle

Question 11

Ping Flood

Answer 11

An attacker attempts to flood the server by sending too many ICMP echo request packets (which are known as pings)

Question 12

Smurf Attack

Answer 12

Attacker sends a ping to subnet broadcast address and devices reply to spoofed IP (victim server), using up bandwidth and processing

Question 13

Fraggle Attack

Answer 13

Attacker sends a UDP echo packet to port 7 (ECHO) and port 19 (CHARGEN) to flood a server with UDP packets

Question 14

SYN Flood

Answer 14

Variant on a Denial of Service (DOS) attack where attacker initiates multiple TCP sessions but never completes the 3-way handshake
Flood guards, time outs, and an IPS can prevent SYN Floods

Question 15

XMAS Attack

Answer 15

A specialized network scan that sets the FIN, PSH, and URG flags set and can cause a device to crash or reboot

Question 16

Ping of Death

Answer 16

An attack that sends an oversized and malformed packet to another computer or server

Question 17

Teardrop Attack

Answer 17

Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine

Question 18

Permanent Denial of Service

Answer 18

Attack which exploits a security flaw to permanently break a networking device by reflashing its firmware

Question 19

Fork Bomb

Answer 19

Attack that creates a large number of processes to use up the available processing power of a computer

Question 20

Distributed Denial of Service (DDoS)

Answer 20

A group of compromised systems attack simultaneously a single target to create a Denial of Service (DOS)

Question 21

DNS Amplification

Answer 21

Attack which relies on the large amount of DNS information that is sent in response to a spoofed query on behalf of the victimized server

Question 22

Blackholing or Sinkholing

Stopping a DDoS

Answer 22

Identifies any attacking IP addresses and routes all their traffic to a nonexistent server through the null interface

Question 23

Spoofing

Answer 23

§ Occurs when an attacker masquerades as another person by falsifying their identity
§ Anything that uniquely identifies a user or system can be spoofed
§ Proper authentication is used to detect and prevent spoofing

Question 24

Hijacking

Answer 24

§ Exploitation of a computer session in an attempt to gain unauthorized access to data, services, or other resources on a computer or server

Question 25

Types of Hijacking

Answer 25

§ Session theft
§ TCP/IP hijacking
§ Blind hijacking
§ Clickjacking
§ Man-in-the-Middle
§ Man-in-the-Browser
§ Watering hole
§ Cross-site scripting

Question 26

Session Theft

Answer 26

Attacker guesses the session ID for a web session, enabling them to take over the already authorized session of the client

Question 27

TCP/IP Hijacking

Answer 27

Occurs when an attacker takes over a TCP session between two computers without the need of a cookie or other host access

Question 28

Blind Hijacking

Answer 28

Occurs when an attacker blindly injects data into the communication stream without being able to see if it is successful or not

Question 29

Clickjacking

Answer 29

Attack that uses multiple transparent layers to trick a user into clicking on a button or link on a page when they were intending to click on the actual page

Question 30

Man-in-the-Middle (MITM)

Answer 30

Attack that causes data to flow through the attacker’s computer where
they can intercept or manipulate the data

Question 31

Man-in-the-Browser (MITB)

Answer 31

Occurs when a Trojan infects a vulnerable web browser and modifies the web pages or transactions being done within the browser

Question 32

Watering Hole

Answer 32

Occurs when malware is placed on a website that the attacker knows his potential victims will access

Question 33

Replay Attack

Answer 33

§ Network-based attack where a valid data transmission is fraudulently or malicious rebroadcast, repeated, or delayed
§ Multi-factor authentication can help prevent successful replay attacks

Question 34

DNS Poisoning

Answer 34

§ Occurs when the name resolution information is modified in the DNS server’s cache
§ If the cache is poisoned, then the user can be redirected to a malicious website

Question 35

Unauthorized Zone Transfer

Answer 35

Occurs when an attacker requests replication of the DNS information to their systems for use in planning future attacks

Question 36

Altered Hosts File

Answer 36

Occurs when an attacker modifies the host file to have the client bypass the DNS server and redirects them to an incorrect or malicious website

Question 37

Pharming

Answer 37

Occurs when an attacker redirects one website’s traffic to another website that is bogus or malicious

Question 38

Domain Name Kiting

Answer 38

Attack that exploits a process in the registration process for a domain name that keeps the domain name in limbo and cannot be registered by an authenticated buyer

Question 39

ARP Poisoning

Answer 39

§ Attack that exploits the IP address to MAC resolution in a network to steal, modify, or redirect frames within the local area network
§ Allows an attacker to essentially take over any sessions within the LAN
§ ARP Poisoning is prevented by VLAN segmentation and DHCP snooping