Wireless CNO Flashcards
(22 cards)
analysts source & survey as much intel as possible from all available databases and sources
Initial Intel Dump
Target nomination; Collect as able to maintain tgt awareness, but no action at this time
Continue Collection
Target nomination; Active & Passive operations to gain access to tgt information systems
Conduct CNE
Target nomination; DISRUPTING, DENYING, DEGRADING target systems and their ability to communicate result in a denial of service that will disrupt future collection efforts, and may alert the target that they are being targeted
Conduct CNA
Target nomination; final part of the Find/Fix/Finish picture. POL efforts must be used to ensure time/location when units conduct kill/capture
Kill/Capture
Places attacker in the flow of communications with the ability to view, modify, or drop frames in real-time
man in the middle attack
Fake Wi-Fi network that looks like a legitimate access point to steal victims sensitive details;
Attackers can initiate a DEAUTHENTICATION to get victims to associate with the new rogue AP;
KARMA is the took kit to do this & only works on unencrypted networks
Rogue AP-Evil Twin Attack
creation of Internet Protocol (IP) packets which have a modified source address to hide sender or impersonate another computer system;
Technique to invoke DDoS attacks against a target device or surrounding infra
IP Spoofing
What is the final part of the Find/Fix/Finish picture?
Kill/Capture
What is an analyst’s responsibilities?
where, when, what, identify
linking an attackers MAC address with the IP address of a legitimate user on a local area network using fake ARP messages;
User data is sent transmitted to attacker
ARP Spoofing
infiltrating a DNS server and altering a websites address record;
users attempting to access the site are sent by the altered DNS record to the attackers site
DNS Spoofing/DNS cache poisoning
DENY, DEGRADE, DISRUPT, or DESTROY a targets ability to transmit data on a network
Computer Network Attack CNA
limit or totally block the availability of network resources;
affects stations other than the intended targets
denial of service
exploits the RTS/CTS protocol in 802.11 by either sending spoofed CTS frames OR an sending repeated RTS frames to an AP forcing the AP to send CTS commands;
Affects all devices operating on channel, and networks within the RF range
CTS attack
pushes deauthentication frames as broadcast or unicast to cause clients to attempt to re-authenticate/reassociate with their AP
Deauthentication attack
intentional use of RF energy to deny or degrade wireless communication
jamming
unintentional degrading of a frequency by devices that emit RF energy within a given frequency
interference
conducted in support of a Kill/Capture Operation;
Good analytics + geolocating a device
Find/fix operations
identifies the direction from which it is receiving the most RF energy from a signal on a frequency;
LOBs (no distance associated)
antenna array
use algorithms to compute a location of the emitter, usually expressed in 10 digit MGRS;
include Time of arrival, time difference of arrival, and/or frequency difference of arrival with the geolocation systems GPS coordinates & clock as a reference point
Geo location
What type of an attack exploits the RTS/CTS protocol in 802.11?
CTS attack
