Module 4 itn 266

Listing your friend's home in the local classifieds at a low price is equivalent to a ________.

 

P2P redirect

refers to a scenario where traffic is redirected in a peer-to-peer network, often causing unintended consequences or disruptions.

________ is called Port-Based Access Control.

 

802.1X

This protocol is known as Port-Based Access Control and is widely used to manage network access. It ensures that only authenticated devices or users can connect to a network, enhancing security by preventing unauthorized access.

A ________ attack is when a victim is flooded with SYN packets in an attempt to make many half-open TCP connections.

 

SYN flood

type of Denial-of-Service (DoS) attack that exploits the TCP handshake process. Here's how it works:
In a SYN flood attack, the attacker sends a large number of SYN packets to the server but never completes the handshake by sending the final ACK.

________ is the process of obscuring an attackers source IP address.

Spoofing

ARP is used to resolve 48-bit IP addresses into 32-bit local MAC addresses.

False, ARP (Address Resolution Protocol) is actually used to resolve 32-bit IP addresses into 48-bit MAC addresses, not the other way around

An indirect attack occurs when an attacker tries to flood a victim with a stream of packets directly from the attacker's computer.

False, An indirect attack typically involves the attacker using intermediary systems, such as botnets or compromised devices, to flood the victim with packets. This approach obscures the attacker's identity and makes it harder to trace the source of the attack. Direct attacks, on the other hand, originate directly from the attacker's computer.

In regards to network security, ________ is the policy-driven control of access to systems, data, and dialogues.

 

access control

access control refers to the policy-driven management of who can access systems, data, and dialogues. It ensures that only authorized users or entities can interact with specific resources, enhancing security and preventing unauthorized access

Rerouting traffic using ARP poisoning is an attack on ________ of a network.

 

Both functionality and confidentiality

ARP poisoning can disrupt the functionality of a network by rerouting traffic, and it can compromise confidentiality by allowing attackers to intercept sensitive data.

A ________ attack is when a victim is flooded with ICMP packets that appear to be normal supervisory traffic.

Ping Flood. This type of attack involves flooding a victim with ICMP packets, which are typically used for network diagnostics, to overwhelm the target and disrupt its normal operations.

ICMP is Internet Control Message Protocol. It is a network-layer protocol used primarily for error reporting and diagnostic purposes in IP networks.

The authenticator is the ________.

 

workgroup switch

802.1X authentication, the authenticator acts as an intermediary between the supplicant (the device seeking access) and the authentication server (like a RADIUS server). The workgroup switch plays this role by

________ is/are effective method(s) to preventing ARP poisoning attacks.

 

Both Static tables and Limiting local access

Static:
By manually configuring ARP tables with fixed mappings of IP addresses to MAC addresses, you prevent attackers from injecting false ARP entries into the network.

Limiting local access:

Restricting physical and network access to trusted devices reduces the risk of ARP poisoning attacks. By controlling who can connect to the network, you minimize the chances of malicious actors exploiting ARP vulnerabilities.

The ultimate goal of a DoS attack is to ________.

 

cause harm, disrupting and denying service.

In a MITM attack, access to the local network is not required in order to work.

False, access to the local network is typically required to intercept and manipulate traffic between two parties. This is because the attacker needs to position themselves within the network segment where the communication is taking place, often using techniques like ARP poisoning or DNS spoofing

One problem with ARP requests and replies is that they do not require authentication of verification.

True, they lack authentication or verification mechanisms. This means that any device on the same local network can send ARP messages, even malicious ones, to manipulate the ARP table of other devices. This vulnerability is often exploited in ARP poisoning attack.

________ are compromised hosts running malware controlled by the hacker.

Bots, Botnet

In a smurf flood DoS attack, attackers can benefit from a multiplier effect because a single ICMP request is responded to by multiple hosts.

False, In a Smurf flood DoS attack, attackers exploit the multiplier effect by sending ICMP requests with a spoofed source IP address (the victim's address) to an IP broadcast address. This causes all devices on the network to respond to the victim with ICMP Echo Reply packets, overwhelming the victim with traffic. The attack relies on multiple hosts responding to a single ICMP request, creating the multiplier effect.

A DoS attack makes a server or network unavailable by flooding it with attack packets.

True, denial of service, tries to deny service, therefore makes the network unavailable.

SYN-ACK can be best described as the second part of a three-way TCP handshake sent in response to a SYN.

True, its a tcp three way handshake,
1. Syn (sends a synchronize packet)

2. Syn-ack (

3. ACK (ends handshake)

________ is one method of thwarting DoS attacks by dropping all IP packets from an attacker.

Black Holing, This method involves directing all traffic from an attacker to a "black hole," which is essentially a null route or a non-existent server. By doing so, the malicious traffic is effectively dropped

DoS network attacks are fairly uncommon.

False, DoS is common.