Section 15 Network Attacks Flashcards
A logical communication endpoint that exists on a computer or server.
Port
A logical communication opening on a server that is listening for a connection from a client.
Inbound Port
A logical communication opening created on a client in order to call out to a server that is listening for a connection.
Outbound Port
Ports 0 to 1023 are considered well known and are assigned by the Internet Assigned Numbers Authority (IANA).
Well Known Ports
Ports 1024 to 49,152 to 65,535 can be used by any application without being registered with IANA.
Registered Ports
Any port that is associated with a service or function that is non-essential to the operation of your computer or network.
Unnecessary Port
Term used to describe many different types of attacks which attempt to make a computer or server’s resoruces unavailable.
Denial of Service (DoS)
A specialized type of DoS which attempts to send more packets to a single server or host than they can handle.
Flood Attack
An attacker attempts to flood the server by sending too many ICMP echo request packets (Which are known as pings).
Ping Flood
A distributed denial-of-service attack in which large numbers of Internet Control Message Protocol packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address.
Smurf Attack
Attacker sends a UDP echo packet to port 7 (ECHO) and port 19 (CHARGEN) to flood a server with UDP packets.
Fraggle Attack
Variant on a Denial of Service (DoS) attack where attacker initiates multiple TCP sessions but never completes the 3 way handshake.
SYN Flood
A specialized network scan that sets the FIN, PSH, and URG flags and can cause a device to crash reboot.
XMAS Attack
An attack that sends an oversized and malformed packet to another computer or server.
Ping of Death
Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine.
Teardrop Attack
Attack which exploits a security flaw to permanently break a networking deice by reflashing its firmware.
Permanent Denial of Service
Attack that creates a large number of processes to use up the available processing power of a computer.
Fork Bombs
Attack which relies on the large amount of DNS information that is sent in response to a spoofed query on behalf of the victimized server.
DNS Amplification
Identifies any attacking IP addresses and routes all their traffic to a non-existent server through the null interface.
Blackholding or Sinkholding
Occurs when an attacker masquerades as another person by falsifying their identity.
Spoofing
Exploitation of a computer session in an attempt to gain unauthorized access to data, services, or other resources on a computer or server.
Hijacking
Attacker guesses the session ID for a web session, enabling them to takeover the already authorized session of the client.
Session Theft
Occurs when an attacker takes over a TCP session between two computers without the need of a cookie or other host access.
TCP/IP Hijacking
Occurs when an attacker blindly inject data into the communication stream without being able to see if it is successful or not.
Blind Hijacking
