Network Attacks

Question 1

DoS: TCP SYN Flood

Answer 1

Occurs when an attacker initiates multiple TCP sessions, but never completes them

Question 2

DoS: Smurf Attack (ICMP Flood)

Answer 2

Occurs when an attacker sends a ping to a subnet broadcast address with the source IP spoofed to be that of the victim server

Question 3

DDoS Attack

Answer 3

Occurs when an attacker uses multiple computers to ask for access to the same server at the same time.

(Ex: Botnet/Zombies)

Question 4

On-Path/Man-in-the-Middle Attack

Answer 4

Occurs when an attacker puts themselves between the victim and the intended destination

Question 5

Session Hijacking

Answer 5

Occurs when an attacker guesses the session ID that is in use between a client/server and takes over the authenticated session

Question 6

DNS Poisoning

Answer 6

Occurs when an attacker manipulates known vulnerabilities within the DNS to reroute traffic from one site to a fake version of that site

Question 7

DNSSEC

Answer 7

Uses encrypted digital signatures when passing DNS info between servers to help protect it from poisoning

Ensure server has the latest security patches/updates

Question 8

Rogue DHCP Server

Answer 8

A DHCP server on a network which is not under the administrative control of network admins

Question 9

IP Spoofing

Answer 9

Modifying the source address of an IP packet to hide the identity of the sender or impersonate another client (Layer 3)

Question 10

ARP Spoofing

Answer 10

Sending falsified ARP messages over a LAN
Can be used as a precursor to other attacks

To avoid: Set up good VLAN segmentation

Question 11

VLAN Hopping

Answer 11

Ability to send traffic from one VLAN to another, bypassing the VLAN segmentation configured (Layer 2)

Question 12

Double Tagging

Answer 12

Connecting to an interface on the switch using access mode with the same VLAN as the native untagged VLAN on the trunk

Attacker tries to reach a different VLAN using the vulnerabilities in the trunk port configuration

Question 13

Switch Spoofing

Answer 13

Attempting to conduct a DTP (Dynamic Trunking Protocol) negotiation

To avoid: Disable dynamic switchport mode on your switchports

Question 14

Malware

Answer 14

Designed to infiltrate a computer system & possibly damage it without the user’s knowledge/consent

Question 15

Virus

Answer 15

Made up of malicious code that is run on a machine without the user’s knowledge & infects it whenever the code is run

Question 16

Worm

Answer 16

A piece of malicious software that can replicate itself without user interaction

Question 17

RAT

Answer 17

Remote Access Trojan:

Provides the attacker with remote control of a victim machine

Question 18

Rootkit

Answer 18

Designed to gain admin control over a computer system or network device without being detected

Question 19

Rogue Access Point

Answer 19

A WAP that has been installed on a secure network without authorization from a local network admin

Question 20

Shadow IT

Answer 20

Use of IT systems/devices/software/apps/services without the explicit approval of the IT department

Question 21

Evil Twin

Answer 21

WAP that uses the same name as your own network

Question 22

Deauthentication

Answer 22

Attempts to interrupt communication between an ender user and a WAP

Question 23

Hybrid Attack

Answer 23

A combination of brute force & dictionary attacks

Question 24

Wireless Interception

Answer 24

Captures wireless data packets as they go across the airwaves

Question 25

Spearphishing

Answer 25

A more targeted form of phishing

Question 26

Whaling

Answer 26

Phishing focused on key executives within an organization

Question 27

Piggybacking

Answer 27

Similar to tailgating, but occurs with the employee’s knowledge/consent

Question 28

Logic Bomb

Answer 28

A specific type of malware that is tied to either a logical event or specific time