common attacks Flashcards
What is a denial of service attack?
An attack that prevents the system from receiving, processing, or responding to legitimate traffic or requests for resources and objects
What is a DDoS attack?
distributed denial of service - An attacker recruits zombie systems ahead of time to simultaneously release a flood of traffic at a specific target.
what is a bot
a machine that is infected used in attacks
what is a botnet
a group of bots
What is an on-path attack?
Formerly known as man-in-the-middle, on path attacks are when your traffic is redirected through a malicious party before being sent to it’s destination
arp spoofing
an on path attack that changed stored mac address to the attacking devices mac address
this cause all traffic to flow through the attacking device
DNS poisoning
changes the DNS records on a system to point to false servers where the data is recorded
VLAN hopping
- You only have access to your VLAN
- Good security best practice
- “Hop” to another VLAN - this shouldn’t happen
- Two primary methods
- Switch spoofing and double tagging
What is Switch Spoofing?
takes advantage of an incorrectly configured trunk port, enabling attackers to send traffic on any vlan from that port.
What is Double-Tagging?
A method by which the attacker tries to reach a different VLAN using the vulnerabilities in the trunk port configuration by first making note of the native VLAN configured on the trunk link connected to the switch ports
what is spoofing
pretending to be something you arnt
how to disable a rogue dhcp
enable dhcp snooping on your switch
Explain the implications of a wireless evil twin?
An on path, wireless attack that basically uses the evil twin as a proxy for traffic viewing everything that happening / phishing for information.
what is malware
bad software used to harm you or your data
What is password hashing?
generating hashes for different passphrases and comparing them to the hash of the password you’re trying to crack for a match. knowing the hash means knowing the password.
