Sniffing Attack
answer
DoS & DDoS
answer
Poisoning Attack
answer
OSI (Open Systems Interconnection) model
answer
TCP (Transmission Control Protocol)
- provides connection-oriented traffic
- guaranteed delivery
- uses 3-way handshake
- SYN : SYN/ACK : ACK
Guaranteed delivery via 3- way handshake
- (vs best effort /connectionless UDP)
UDP (User Datagram Protocol)
- connectionless sessions (w/out 3-way handshake)
- best effort to deliver traffic (w/out extra traffic to ensure delivery
- ICMP traffic such as ping, audio/video, network based DoS
Best effort / connectionless
- (vs guaranteed delivery via 3- way handshake for TCP)
IP (Internet Protocol)
- identifies hosts in a TCP/IP network
- delivers traffic from one host to another using IP addressed
- IPv4 (32 bit dotted decimal)
- IPv6 (128 bit hexadecimal)
IP (Internet Protocol)
ICMP (Internet Control Message Protocol)
- used for testing basic connectivity
- tools include ping, pathping, tracert
- blocking ICMP prevents many DoS attacks
ICMP (Internet Control Message Protocol)
ARP (Address Resolution Protocol)
- resolves IPv4 addresses to MAC (Media Access Control) addresses
- ARP poisoning attacks redirect or interrupt network traffic
ARP (Address Resolution Protocol)
RTP (Real Time Transport Protocol)
- delivers audio & video over IP networks
- includes VoIP (Voice over Internet Protocol), streaming media, video teleconferencing etc
- unsecure
RTP (Real Time Transport Protocol)
SRTP (Secure Real-time Transport Protocol)
- provides encryption
- provides message authentication
- provides integrity
- protects against Replay Attacks
- can be used for both unicast and multicast transmissions
SRTP (Secure Real-time Transport Protocol)
SIP (Session Initiation Protocol)
- used to initiate, maintain, and terminate voice, video, and messaging sessions
- use request and response messages when establishing a session
- are text so easy to read if captured
- contain metadata about sessions (not data)
SIP (Session Initiation Protocol)
FTP (File Transfer Protocol)
- uploads and downloads large files to and from an FTP server
- by default transmits data in clear text
(Gibson 601; Chapter 3, pg 324)
TCP port 20/21
- TCP port 21 (for CONTROL SIGNALS)
— (both ACTIVE & PASSIVE MODE)
- TCP port 20 (for DATA in ACTIVE MODE)
- Passive (PASV) uses random DATA port
(Transmission Control Protocol)
TFTP (Trivial File Transfer Protocol)
- used to transfer smaller amounts data
– i.e. when communicating with network devices
- not essential protocol on most networks
- commonly disabled
(Gibson 601; Chapter 3, pg 324)
UDP port 69
SSH (Secure Shell)
- encrypts traffic in transit
- SSH + FTP = SFTP (Secure File Transfer Protocol)
- can also encrypt TCP Wrappers
— (TCP Wrappers are a type of access control list (ACL) used on Linux systems to filter traffic)
- Secure Copy (SCP) is based on SSH
(Gibson 601; Chapter 3, pg 324)
TCP port 22
SSL (Secure Sockets Layer)
primary encryption for HTTP (Hypertext Transfer Protocol)
compromised, replaced by TLS
TLS (Transport Layer Security)
replacement for SSL
IPSec (Internet Protocol security)
- used to encrypt IP traffic
- native to IPv6, also works with IPv4
- encapsulates and encrypts IP packet payloads
- uses Tunnel mode to protect VPN (virtual private network) traffic
- two main components
– AH (Authentication Header)
—-[protocol ID number 51)
– ESP (Encapsulating Security Payload)
—-[protocol number 50)
- uses IKE (Internet Key Exhange) over UDP 500
UDP port 500
SFTP (Secure File Transfer Protocol)
- secure implementation of FTP
- is an extension of Secure Shell (SSH)
- uses SSH to transmit the files in an encrypted format
(Gibson 601; Chapter 3, pg 325)
TCP port 22
FTPS (File Transfer Protocol Secure)
- an extension of FTP
- uses TLS (Transport Layer Security) to encrypt FTP traffic
- difference between FTPS & SFTP is TLS vs SSH
TCP ports 989/990
(some) TCP ports 20/21
(Transmission Control Protocol)
SMTP (Simple Mail Transfer Protocol)
SMTP (Simple Mail Transfer Protocol)
POP3 (Post Office Protocol v3)
POP3 (Post Office Protocol v3)
IMAP4 (Internet Message Access Protocol v4)
IMAP4 (Internet Message Access Protocol v4)
HTTP (Hypertext Transfer Protocol)
HTTP (Hypertext Transfer Protocol)
