Chapter 7 Flashcards
What is spoofing?
Change data to impersonate another system or person. MAC spoofing attacks change the source MAC address and IP spoofing attacks change the source IP address.
What is SYN Flood Attacks?
It is a common attack used against servers on the Internet. They are easy for attackers to launch, difficult to stop, and can cause significant problems because it can disrupt TCP handshake process and prevent legitimate clients from connecting.
What is MITM?
Man in the middle attack is a form of active interception or active eavesdropping. It uses a separate computer that accepts traffic from each party in a conversation and forwards the traffic between the two.
What is ARP poisoning?
Attack that misleads computers or switches about the actual MAC address of a system. The MAC address is the physical address, or hardware address, assigned to NIC. ARP resolves the IP addresses of systems to their hardware address and stores the result in an area of memory known as ARP cache.
What is DNS poisoning?
Attempts to modify or corrupt DNS results. A successful DNS poisoning attack can modify the IP address associated with a domain name and replace it with the IP address of a malicious web site.
What is a pharming attack?
A type of attack that manipulates the DNS name resolution process. It tries to corrupt DNS server or the DNS client. A successful farming attack redirects a user to a different web site.
What is amplification attack?
It is a type of DDoS attack. It typically uses a method that significantly increases the amount of traffic sent to, or requested from, a victim.
- A ping is normally unicast
- Smurf attack sends the ping out as a broadcast.
- Smurf attack spoofs the source IP
What is brute force attack?
It is the attempt to guess all possible character combinations either online or offline.
- Online password attack attempts to discover a password from an online system.
- Offline password attacks attempt to discover passwords from a captured database or captured packet scan.
What is a dictionary attack?
Uses dictionary of words and attempts every word in the dictionary to see if it works.
What are password hash attacks?
Attacking the hash of a password to figure out the password.
What is a Pass the hash attack?
When the attacker discovers the hash of the user’s password and uses it to log on to the system as the user. Any authentication protocol that passes the hash over the network in an unencrypted format is susceptible to this attack.
What is birthday attack?
An attacker creates a password that produces the same hash as the user’s actual password and takes advantage of hash collision which occurs when hashing algorithm creates the same hash from different passwords.
What is rainbow table attacks?
Type of attack that attempts to discover the password from the hash.
What is a salt?
It is a set of random data such as two additional characters.
What is replay attacks?
Attacker replays data that was already part of a communication session. A third party attempts to impersonate a client that is involved in the original session. This can occur on both wired and wireless networks.
What is known plaintext attacks?
An attacker can launch a known plaintext attack if there is samples of both the plaintext and cipher text.
What is typo squatting?
Occurs when someone buys a domain name that is close to a legitimate domain name and when someone auto completes or type the name wrong they will be lead to the malicious website.
What is clickjacking?
Tricks users into clicking something other than what they think they’re clicking.
What is session hijacking?
It takes advantage of session IDs stored in cookies. When a user logs on to a website, the website often returns a small text file with a session ID.
The attacker uses the user’s session ID to impersonate the user. The web server doesn’t know the difference between the original user and the attacker because it is only identifying the user based on session ID.
What is domain hijacking?
An attacker changes the registration of a domain name without permission from the owner.
What is man in the browser attack?
It is a type of proxy Trojan horse that infects vulnerable web browsers. Successful man-in-the-browser attacks can capture browser session data.
What is shimming?
Provides a solution that makes it appear older drivers are compatible.
What is refactoring code?
It is the process of rewriting the internal processing of the code without changing its external behavior.
What is zero-day vulnerability?
It is a weakness or bug that is unknown to trusted sources such as operating system and antivirus vendors.
What is a memory leak?
It is a bug in a computer application that causes the application to consume more and more memory the longer it runs.
What is integer overflow?
It attack attempts to use or create a numeric value that is too big for an application to handle. The result is the application give inaccurate results.
What is a buffer overflow?
When an application receives more input, or different input than it expects. The result is an error that exposes system memory that would otherwise be protected and inaccessible.
Buffer overflow allows access to memory locations beyond application’s buffer.