chapter 4

Question 1

SCP?

Answer 1

SCP= Secure Copy: securely transferring files between hosts uses SSH technology.

Question 2

FTP?

Answer 2

FTP= File Transfer Protocol: transfer a file between hosts over a network but all text is shown in plain text over network and is not secure.

Question 3

what is a Network drive?

Answer 3

a HDD/ storage on another computer. depends on permissions but some can only ready, write ,etc.

Question 4

command used to map a remote systems drive is?

Answer 4

net use

Question 5

the command to display a list of the system’s network shares?

Answer 5

Net view

Question 6

CIA?

Answer 6

Confidentiality, Authenticity and Integrety

Question 7

what are the 4 goals to secure a network design?

Answer 7

1. Availability: DOS attacks used, 2. Confidentiality: protecting network design, 3. Functionality: altering how packets are sent/ processed by network devices, 4. Access Control: control of access to systems.

Question 8

Fingerprinting a network?

Answer 8

identify devices within a network based on network traffic information such as port numbers, TTL values, etc. can be passively monitored.

Question 9

what are the 4 goals to secure a network design?

Answer 9

availability, confidentiality, functionality, Access Control

Question 10

death of the perimeter?

Answer 10

the idea that creating a 100 percent secure network is impossible

Question 11

flooding?

Answer 11

DOS attack where tons o website connection requests are made with the intent of using up the servers ram/ cpu till it crashes.

Question 12

spoofing?

Answer 12

attacker hides own ip address by using a fake one but as a result can not receive replies and must monitor progress of attack by sending separate connection requests from a legitimate ip address and seeing if they are able to still connect.

Question 13

Backscatter?

Answer 13

when a victim sends a series of replies to the spoofed IP address and the spoofed address happens to be an unintended user/device. the unintended device then is overwhelmed and losses service.

Question 14

TCP?

Answer 14

transmission control protocol: guarantees delivery of IP packets over the internet.

Question 15

SYN?

Answer 15

Synchronization: 1st part of a 3 way TCP handshake for a network connection

Question 16

SYN-ACK:

Answer 16

Synchronization- Acknowledgement: second part of a 3 way network connection TCP handshake

Question 17

ICMP?

Answer 17

Internet Control Message Protocol: supervisor. protocol mesage to send error messages between computers

Question 18

HTTP?

Answer 18

Hyper text transfer protocol: sending data over the web protocol.

Question 19

Intermediary/ Intermediaries?

Answer 19

Bots: compromised devices running malware are remotely controlled by a bot-master (hacker) to do a DDOS attack.

Question 20

Handler?

Answer 20

a compromised device that is used to remotely control bots (botmaster) while also hiding the identity of the attacker because the hacker is indirectly controlling the bots.

Question 21

peer to peer redirect:

Answer 21

redirects legitamite p2p traffic to a specific host as if its the P2P server. **no bots needed.

Question 22

Reflected attack?

Answer 22

spoofed IP that is the IP of the victim, packets sent to high volume server that is legitimate company that then responds to the spoofed IP causing a DOS.

Question 23

DRDOS?

Answer 23

Distributed Reflected Denial Of Service: uses a botnet and a reflected attack.

Question 24

Smurf Flood:

Answer 24

incorrectly configured router used to flood devices, uses broadcasts from inside the network.

Question 25

what are some methods to stop a DOS attack?

Answer 25

black holing, Validating the handshake, Rate limiting

Question 26

how does the (Validating a Handshake) method work to mitigate DOS attacks on host servers/ devices? (False OPENS)

Answer 26

the border router/ firewall accepts the SYN message only once it has sent out a SYN/ACK back to the sender and has gotten a ACK packet, this legitimizes the sender before... sending the connection onto the internal server. this also stops any spoofed IP SYN messages from going to the internal server b/c a spoofed IP can not reply to a SYN/ACK message.

Question 27

rate limiting?

Answer 27

when a limit is set on a certain type of ip packet from entering a network such as ICMP. This allows other traffic to continue on the network even if all the ICMP slots are taken over by a DOS attack. This can cause a bottleneck at the external network/internet router and cause issues on the internal network.

Question 28

what is the only true way to stop a DDOS attack?

Answer 28

using the ISP and the owners of computers that have been compromised and turned into bots, to fix their devices and stop the attack.

Question 29

ARP poisoning?

Answer 29

attack changes host ARP (MAC) Tables. attacker must have a pc on the LAN and can do a man in the middle attack or DOS. the ARP: Address Resolution Protocol tables on each device on the LAN are altered so that they have incorrect ip and MAC addresses configured. this allows the attacker to send all traffic to themselves as if they are the default gateway (router) stopping all legitimate traffic or they can forward the information to the correct router after intercepting and reading packet streams. **attacker must send a contentious stream of ARP replies otherwise the devices will correct their ARP tales.

Question 30

RA?

Answer 30

Router Advertisements: an IPv6 router when added to the network, tells all hosts its presence and each host uses the SLACC: Stateless Address Auto configuration to derive their addresses.

Question 31

Dual stacked?

Answer 31

when a network device or host has both ipv4 and ipv6 addresses

Question 32

SLAAC?

Answer 32

Stateless Address Auto Configuration: used by ipv6 hosts to make their ip address for the ipv6 router/gateway.

Question 33

SLAAC ATTACK?

Answer 33

a ipv4 network has an ipv6 router installed by attacker. the hosts automatically make their own IPv6 addresses and become dual stacked. The attacker can do a man in the middle attack b/c the ipv6 router becomes the default gateway or they can send all traffic to a false DNS server and to false websites for fraud.