S15-Network Attacks

Question 1

Denial of Service (DoS) Attack

Answer 1

Occurs when one machine is continually flooding a victim with requests for services

Question 2

What do attackers typically use to conduct a DoS attack?

Answer 2

• TCP SYN Flood
• Smurf Attack (ICMP Flood)

Question 3

TCP SYN Flood

Answer 3

denial-of-service (DoS) attack that exploits the TCP handshake process to overload a server.

Question 4

How does a TCP SYN Flood Overload a Server?

Answer 4

Attackers send a large number of SYN packets to the server, but they don’t complete the handshake by sending the final ACK packet creating half-open connections

Question 5

Smurf Attack (ICMP Flood)

Answer 5

type of Distributed Denial-of-Service (DDoS) attack that floods a victim server with ICMP echo request packets.

Question 6

How does a Smurf Attack Overload a server?

Answer 6

The attacker sends ICMP echo request packets with a spoofed source IP address to the target network’s broadcast address.
Each device on the network responds by sending an ICMP echo reply packet to the spoofed source IP overwhelming the target server with ICMP echo reply packets.

Question 7

Distributed Denial of Service (DDoS) Attack

Answer 7

An attacker uses many computers to make requests to a single server at once

Question 8

Botnet

Answer 8

Collection of compromised computers

Question 9

MAC Flooding

Answer 9

MAC flooding is a network attack that exploits a switch’s ability to learn MAC addresses by sending a large number of fake MAC addresses to overwhelm its memory (Mac Table) causing the Switch to behave like a hub and broadcast traffic on all ports.

Question 10

Why would an attacker want to conduct a MAC flooding attack?

Answer 10

• Data Snooping
• Disrupting Services
• Bypassing security measures

Question 11

Data Snooping (Mac Flooding)

Answer 11

Attacker captures sensitive data by forcing the switch to broadcast traffic

Question 12

Disrupting Services (Mac Flooding)

Answer 12

A Broadcasting switch resulting from a MAC flood attack can overwhelm a network with excessive traffic

Question 13

Bypassing security measures (Mac Flooding)

Answer 13

MAC flooding can bypass security measures like MAC address filtering

Question 14

What measures can you take to defend against MAC Flooding

Answer 14

• Use anomaly-based intrusion detection system (IDS)
• Employ Network monitoring Tools
• Limit MAC addresses per port through Port security config
• Set MAC address limits per switchport
• Use VLANs to segregate traffic

Question 15

Address Resolution Protocol (ARP)

Answer 15

Protocol that is used to map an IP address to a MAC address on a LAN

Question 16

ARP Spoofing

Answer 16

An attacker sends false ARP messages over a LAN in an attempt to associate their MAC address with a target IP address

Question 17

ARP Poisoning

Answer 17

Attack that corrupts the ARP cache (ARP table) in the network Targeting all devices in a LAN

Question 18

What techniques attackers use to conduct ARP attacks?

Answer 18

IP-MAC Scanning:
- Scan for IP-MAC pairs, utilize software to send fake ARP responses

ARP Flood:
- Conduct Arp poisoning through an ARP flood

Question 19

How can you prevent ARP attacks?

Answer 19

• Static ARP Entries
• Dynamic ARP inspection
• Network Segmentation
• VPNs or Encryption Tech.

Question 20

Static ARP Entries (ARP attacks)

Answer 20

Manually inputting ARP mappings to prevent spoofing
- Not scalable

Question 21

Dynamic ARP inspection (ARP Attacks)

Answer 21

Switches inspect ARP packets, dropping suspicious mappings based on trusted MAC-IP pairs
- Dynamic ARP inspection (DAI) is a feature on most modern switches

Question 22

Network Segmentation (ARP Attacks)

Answer 22

Dividing the network into smaller segments limits the impact of ARP attacks

Question 23

VPNs & Encryption Tech. (ARP Attacks)

Answer 23

Safeguard Data against Alterations from successful ARP spoofing

Question 24

VLAN

Answer 24

Used to Partition and isolate a broadcast domain at the Data Link Layer (L2)

Question 25

VLAN Hopping

Answer 25

Technique that exploits a misconfiguration to direct traffic to a different VLAN without proper Authorization

Question 26

What techniques are used to accomplish VLAN hopping?

Answer 26

- Double Tagging - Switch Spoofing - MAC Table Overflow Attack

Question 27

Double Tagging

Answer 27

Attacker tries to reach a different VLAN using Vulnerabilities in the trunk port configuration.

Question 28

Switch Spoofing

Answer 28

Attackers attempts to use Dynamic Trunking Protocol (DTP) to negotiate a trunk port with a switch

Question 29

MAC Table Overflow Attack

Answer 29

Allows VLANSs to no longer be enforced

Question 30

What two 802.q tags are sent by an attacker in a Double Tagging attack?

Answer 30

Inner Tag - Contains True destination Outer tag - Contains Native VLAN

Question 31

T/F Double tagged Frames represent a one-way trip

Answer 31

True, the destination does not double-tag returned data

Question 32

Why would an attacker want to send double tagging data into a VLAN without receiving a response?

Answer 32

- To conduct a Blind Attack - As part of a DoS or Stress Testing Attack

Question 33

Blind Attack

Answer 33

Commands are sent to the victim, but the attacker or pentester does not get to see any of the responses

Question 34

How can you prevent a Double Tagging attack?

Answer 34

- Change default native VLAN ID - Avoid adding user devices to the native VLAN

Question 35

How can you prevent Switch Spoofing?

Answer 35

Configure switches with Dynamic switch port modes disabled by default

Question 36

What are some DNS attacks?

Answer 36

- DNS Cache Poisoning - DNS Amplification attacks - DNS Tunneling - Domain Hijacking - DNS Zone transfer attacks

Question 37

DNS Cache Poisoning

Answer 37

Corrupting DNS resolver cache with false information to redirect traffic

Question 38

DNS Amplification Attacks

Answer 38

Attacker exploits the DNS resolution process to overwhelm a target system with DNS response traffic

Question 39

DNS Tunneling

Answer 39

Using DNS protocol to encapsulate non-DNS traffic to attempt to bypass the organization's firewall rules

Question 40

Domain Hijacking

Answer 40

Changing the registration of a domain name without the permission of the original registrant

Question 41

DNS Zone Transfer Attacks

Answer 41

Attacker tries to get a copy of the entire DNZ zone data by pretending to be an authorized system

Question 42

Protect against DNS cache Poisoning

Answer 42

- Use (DNSSEC) - Implement secure network config & Firewalls

Question 43

Protect against DNS Amplification

Answer 43

- Limit size of DNS responses

Question 44

Protect against DNS Tunneling

Answer 44

- Regularly monitor DNS logs

Question 45

Protect against Domain Hijacking

Answer 45

- Regular updates - Ensure account registration information is secure - Use Domain Registry lock services

Question 46

On-path Attack

Answer 46

attacker positions themselves between two devices (often a user and a server) to intercept or modify communications between them

Question 47

What are 2 types of On-Path attacks?

Answer 47

- Replay - Relay

Question 48

Replay Attack (MITM)

Answer 48

Attacker Captures Valid data and repeats it either immediately or with a delay

Question 49

What another name for an On path attack?

Answer 49

Man In The MIddle Attack (MITM)

Question 50

Relay Attack (MITM)

Answer 50

Attacker is able to insert themselves between two hosts and become part of the conversation

Question 51

SSL Stripping

Answer 51

Redirecting HTTPS requests to HTTP in an attempt to trick the encryption app

Question 52

Downgrade Attack

Answer 52

Attacker attempts to have a client or server abandon its higher security mode in favor of a lower security mode

Question 53

Rogue Devices

Answer 53

Unauthorized Device or Service on a corporate or private network that allows unauthorized individuals to connect to that network

Question 54

What different forms do Rogue systems come in?

Answer 54

- Network Taps - Wireless Access Points (WAP) - Servers - Wired And Wireless Clients - Software - Virtual Machines - Smart Appliances

Question 55

Network Tap

Answer 55

Physical Device attached to cabling to record packets passing over the network segment

Question 56

What are ways to detect rogue devices?

Answer 56

- Visual Inspection - Monthly/ Quarterly Inventories - Network mapping & host discovery - Wireless Monitoring - Packet Sniffing and Traffic Flow - NAC and intrusion detection

Question 57

Social Engineering

Answer 57

Attempt to manipulate users to reveal confidential information or perform actions that can compromise a system's security

Question 58

What are some Social Engineering attacks?

Answer 58

- Phishing - Tailgating - Piggybacking - Shoulder Surfing - Eavesdropping - Dumpster Divng

Question 59

Phishing

Answer 59

Sending an email in an attempt to get a user to click a link

Question 60

Spear Phishing

Answer 60

Targeted Phishing

Question 61

Whaling

Answer 61

Focused on key executives within an organization

Question 62

Tailgating

Answer 62

Entering a secure portion of a building by following authorized personal without their knowledge or consent

Question 63

Piggybacking

Answer 63

like tailgating but with the employee's knowledge or consent

Question 64

Shoulder Surfing

Answer 64

Coming up behind an employee and trying to use direct observation to obtain information

Question 65

Dumpster Diving

Answer 65

Scavenging for personal or confidential information

Question 66

Malware

Answer 66

Malicious Software designed to infiltrate a computer system and do damage and/or extract sensitive data.

Question 67

What are some types of Malware?

Answer 67

- Virus - Worm - Trojan - Ransomware - Spyware - Rootkit

Question 68

Virus

Answer 68

Malicious code that is run on a machine without the user's knowledge and is triggered through user action

Question 69

Worm

Answer 69

A piece of malicious software that can replicate itself without user interaction

Question 70

Trojan

Answer 70

Malicious software disguised as legitimate software

Question 71

Ransomware

Answer 71

Malware that restricts access to a victim's computer or their files until a ransom is payed.

Question 72

Spyware

Answer 72

Information gathering malware, that captures user data without their consent

Question 73

Rootkit

Answer 73

Malware designed to gain admin level control over a computer system or network device without detection

Question 74

Remote Access Trojan (RAT)

Answer 74

Provides the attacker with remote control of a victim machine