network attacks

DoS attack

makes a resource unavailable for legit use

• sends a huge number of requests to a server

• requires a massive amount of bandwidth

• is easy to block

DDoS

denial of service attack that leverages botnets

amplification factor of DDoS attack

• the degree to which the attack increases in size

• reply/request = amplification

• 512 bytes/64 bytes= 8x amplification

eavesdropping attack

• rely on a compromised communications path:

  • network device tapping

  • DNS poisoning

  • ARP poisoning

on path attacks

attacks like man in the middle and man in the browser because the attacker is on path between the user and service

• On-Path Attack - intercepts a session

  • End Result: 1 active session, but hackerman is intercepting "good" traffic and replacing it with "bad" traffic

replay attack

uses previously captured data such as an encrypted authentication token to create a seperate connection the server that’s authenticated, but does not involve the real end user

-Replay Attack - copies a session

• End Result: 2 active session, one "good" and one "evil"

preventing replay attacks

include a unique characteristic: token, timestamp

prevent reuse of captured credentials

SSL stripping

tricks browsers into using unencrypted communications

DNS poisoning

inserts incorrect DNS records to redirect traffic to the attacker’s system

typosquatting

an attack that consists of registering domain names similar to official sites, hoping that users will make a typo and visit their site

domain hijacking

an attack where the attacker gains control of an organization’s domain registration

URL redirection

attacker places redirects on a trusted site to content hosted on a malicious site

domain reputation

threat intelligence capablity that scores domains as either benign or malicious

address resolution protocol (ARP)

translates logical IP addresses into the hardware MAC addresses on local area networks

ARP poisoining

involves sending malicious ARP packets to a default gateway on a LAN in order to change the pairings in its IP to MAC address table. ARP Protocol translates IP addresses into MAC addresses. a successful attack allows an attacker to alter routing on a network, effectively allowing for a man in the middle attack

MAC flooding

• switches maintain MAC address tables in memory, MAC flooding attacks attempt to overwhelm this table

• rapidly cycles addresses on a single system, and causes switches to forget where systems are located. Switches respond by broadcasting traffic

• can be prevented by using port security

MAC spoofing/cloning

alters the assigned hardware address of a system to assume a false identity or engage in a MAC flooding attack

IP spoofing

alters the IP address of a system, normally cant be used for two way communication

anti spoofing controls

• ingress filtering- blocks inbound traffic that contains spoofed source addresses

• egress filtering- blocks outbound traffic that contans spoofed source addresses

Wifi Protected Setup (WPS)

allows for quick setup of devices

• should be disabled because its insecure, the pin is easily cracked

jamming and interference attacks

DoS attacks are easy on wireless

• radio spectrum is open

• loudest signal always wins

wardriving attack

attackers cruise areas using tools to capture info about WiFi networks

rogue access point

• bypasses authentication and can cause interference

• can be detected with intrusion detection capabilities

evil twin

fake access point

disassociation

wireless access points may forse a wireless device to immediately disconnect from the network

• can be used by attackers to gather authentication info or conduct DoS attacks

bluejacking

attacker sends bluetooth spam to user device, attacker tries to entice user to take some action

bluesnarfing

exploits firmware flaw in older BT devices, the attacker forced pairing between devices and the connection granted access to the device

What command may be used to change the MAC address of a Linux system?

ifconfig

What type of packet do participating systems send during a Smurf attack?

ICMP echo request