Section 15 Network Attacks

Question 1

A logical communication endpoint that exists on a computer or server.

Answer 1

Port

Question 2

A logical communication opening on a server that is listening for a connection from a client.

Answer 2

Inbound Port

Question 3

A logical communication opening created on a client in order to call out to a server that is listening for a connection.

Answer 3

Outbound Port

Question 4

Ports 0 to 1023 are considered well known and are assigned by the Internet Assigned Numbers Authority (IANA).

Answer 4

Well Known Ports

Question 5

Ports 1024 to 49,152 to 65,535 can be used by any application without being registered with IANA.

Answer 5

Registered Ports

Question 6

Any port that is associated with a service or function that is non-essential to the operation of your computer or network.

Answer 6

Unnecessary Port

Question 7

Term used to describe many different types of attacks which attempt to make a computer or server’s resoruces unavailable.

Answer 7

Denial of Service (DoS)

Question 8

A specialized type of DoS which attempts to send more packets to a single server or host than they can handle.

Answer 8

Flood Attack

Question 9

An attacker attempts to flood the server by sending too many ICMP echo request packets (Which are known as pings).

Answer 9

Ping Flood

Question 10

A distributed denial-of-service attack in which large numbers of Internet Control Message Protocol packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address.

Answer 10

Smurf Attack

Question 11

Attacker sends a UDP echo packet to port 7 (ECHO) and port 19 (CHARGEN) to flood a server with UDP packets.

Answer 11

Fraggle Attack

Question 12

Variant on a Denial of Service (DoS) attack where attacker initiates multiple TCP sessions but never completes the 3 way handshake.

Answer 12

SYN Flood

Question 13

A specialized network scan that sets the FIN, PSH, and URG flags and can cause a device to crash reboot.

Answer 13

XMAS Attack

Question 14

An attack that sends an oversized and malformed packet to another computer or server.

Answer 14

Ping of Death

Question 15

Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine.

Answer 15

Teardrop Attack

Question 16

Attack which exploits a security flaw to permanently break a networking deice by reflashing its firmware.

Answer 16

Permanent Denial of Service

Question 17

Attack that creates a large number of processes to use up the available processing power of a computer.

Answer 17

Fork Bombs

Question 18

Attack which relies on the large amount of DNS information that is sent in response to a spoofed query on behalf of the victimized server.

Answer 18

DNS Amplification

Question 19

Identifies any attacking IP addresses and routes all their traffic to a non-existent server through the null interface.

Answer 19

Blackholding or Sinkholding

Question 20

Occurs when an attacker masquerades as another person by falsifying their identity.

Answer 20

Spoofing

Question 21

Exploitation of a computer session in an attempt to gain unauthorized access to data, services, or other resources on a computer or server.

Answer 21

Hijacking

Question 22

Attacker guesses the session ID for a web session, enabling them to takeover the already authorized session of the client.

Answer 22

Session Theft

Question 23

Occurs when an attacker takes over a TCP session between two computers without the need of a cookie or other host access.

Answer 23

TCP/IP Hijacking

Question 24

Occurs when an attacker blindly inject data into the communication stream without being able to see if it is successful or not.

Answer 24

Blind Hijacking

Question 25

Attack that uses multiple transport layers to trick a user into clicking on a button or link on a page when they were intending to click on the actual page.

Answer 25

Clickjacking

Question 26

Attack that causes data to flow through the attacker’s computer where they can intercept or manipulate the data.

Answer 26

Man in the Middle (MITM)

Question 27

Occurs when a Trojan infects a vulnerable web browser and modifies the web pages or transactions being done within the browser.

Answer 27

Man in the Browser (MITB)

Question 28

Network based attack where a valid data transmission is fraudulently or maliciously rebroadcast, repeated, or delayed.

Answer 28

Replay Attack

Question 29

A connection to the windows interprocess communications share (IPC$).

Answer 29

Null Connections

Question 30

Occurs when the name resolution information is modified in the DNS server’s cache.

Answer 30

DNS Poisioning

Question 31

Occurs when an attacker requests replication of the DNS information to their systems for use in planning future attacks.

Answer 31

Unauthorized Zone Transfer

Question 32

Occurs when an attacker modifies the host file to have the client bypass the DNS server and redirects them to an incorrect or malicious website.

Answer 32

Altered Hosts File

Question 33

Occurs when an attacker redirects one website’s traffic to another website that is bogus or malicious.

Answer 33

Pharming

Question 34

Attack that exploits a process in the way a domain name is registered so that the domain name is kept in limbo and cannot be registered by an authenticated buyer.

Answer 34

Domain Name Kiting

Question 35

Protocol for mapping on Internet Protocol address (IP address) to a physical machine address that is recognized in the local network.

Answer 35

ARP

Question 36

Attacks that exploits the IP address to MAC resolution in a network to steal, modify, or redirect frames within the local area network.

Answer 36

ARP Poisoning