Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security > 3 - Network- & Transport-Layer Security (Eavesdropping) > Flashcards

3 - Network- & Transport-Layer Security (Eavesdropping) Flashcards

1
Q

Describe the Man-in-the-Middle attack based on ARP.

A

ARP messages are kept in ARP cache of hosts.

  1. Alice broadcasts an ARP request to find Bob.
  2. Attacker respond to Alice saying it is Bob, but giving its own MAC.
  3. Alice updates her ARP cache and send messages to attacker.
  4. Attacker redirects Alice’s and Bob’s messages using ARP spoofing.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

MitM attack is not a thread because the attacker must be inside the local network. Explain why this is false.

A

It is false because an external attacker must only find a single vulnerable host within the local network to become an insider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are other attacks based on ARP?

A

ARP Cache Overflow: flood host with ARP replies.
ARP Storm: poison the caches with broadcast addresses (bring network performance down).
DoS: update ARP cache for all hosts with non-existing MAC addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the defenses against ARP poisoning?

A

Switches can use IP-MAC-Port binding, accepting only fixed MAC addresses with fixed IPs at fixed Ethernet ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions