Network Attacks Flashcards
(39 cards)
What is a Denial of Service (DoS) Attack?
Occurs when one machine overwhelms a victim system with continuous service requests, leading to resource exhaustion.
What does a TCP SYN Flood attack involve?
Initiating multiple TCP sessions without completing them, leading to half-open connections and resource exhaustion.
What is the TCP Handshake process?
Involves SYN, SYN/ACK, and ACK packets.
How does a SMURF Attack work?
Attacker sends a ping to a subnet broadcast address with a spoofed source IP, causing all devices to respond to the victim server.
What is a Distributed Denial of Service (DDoS) Attack?
Involves multiple machines simultaneously overwhelming a single server.
What is a Botnet?
A collection of compromised computers under the control of a Command and Control (C2) server.
Define ‘Zombie’ in the context of DDoS attacks.
Individually compromised computers within a botnet.
What challenges do cloud-based resources present during DDoS attacks?
They can horizontally scale to handle increased demand but may incur substantial costs for illegitimate traffic.
What is MAC Flooding?
A network attack technique aimed at compromising a switch’s security by overflowing its MAC table.
What is the normal operation of a switch?
Utilizes MAC tables to associate MAC addresses with switchports for efficient data forwarding.
What is the implication of Data Snooping in MAC Flooding?
Attackers can capture sensitive data by forcing the switch into hub mode.
What is ARP Spoofing?
Occurs when an attacker sends falsified ARP messages, linking their MAC address with a legitimate IP.
What is the difference between ARP Spoofing and ARP Poisoning?
ARP Spoofing targets a single host’s traffic, while ARP Poisoning affects all hosts in a LAN.
What does VLAN Hopping exploit?
Misconfigurations to gain unauthorized access to different VLANs.
What is DNS Cache Poisoning?
Corrupting DNS resolver cache with false information to redirect traffic.
What is a common method for mitigating DNS Amplification Attacks?
Limit the size of DNS responses or rate limit DNS response traffic.
What is an On-Path Attack?
An attack where the penetration tester places their workstation between two hosts to capture, monitor, and relay communications.
What is a Replay Attack?
Occurs when an attacker captures valid data and repeats it either immediately or with a delay.
What is a Relay Attack?
An attack where the attacker becomes a proxy between two hosts, intercepting and potentially modifying communications.
What are Rogue Devices?
Unauthorized devices or services on a network that allow unauthorized individuals to connect.
What is a common method for detecting Rogue Systems?
Visual Inspection, Network Mapping, and Host Discovery.
What is Social Engineering?
Any attempt to manipulate users into revealing confidential information or performing actions detrimental to security.
What is Phishing?
Sending deceptive emails to trick users into revealing sensitive information.
What is the purpose of Dumpster Diving?
Scavenging for personal or confidential information in trash or recycling.
