Network Attacks

Question 1

What are the two ways of achieving a DoS attack?

Answer 1

1. TCP SYN Flood: Initiating a flood of unfinished TCP handshakes
2. Smurf Attack (ICMP Flood): Sending ICMP ping to a subnet broadcast address from the spoofed IP of the server to attack, now the whole subnet answers back to the server.

Question 2

What are the 3 goals of a MAC Flooding attack?

Answer 2

Through the MAC Flooding, the switch falls back to work as a hub, that allows eavesdropping that otherwise wouldnt be possible.

• Data Snooping
• Disrupting Services
• Bypassing Security Measures (MAC Filtering)

Question 3

What can be done to prevent MAC flooding (5 things)?

Answer 3

• Use IDS
• Network monitoring
• Use Port Security
• Limit MAC addresses per port
• Implement VLANs to segregate traffic

Question 4

What is ARP Spoofing/Poisoning and what are the 3 goals?

Answer 4

ARP Spoofing: The attacker sends falsified ARP messages over a LAN to associate his MAC address with a legitimate IP to get the traffic.

ARP Poisoning: Similar but aims to corrupt the whole ARP cache and attack more than one device.

The goals can be:
- Data interception
- On-Path Attacks
- Network disruption

Question 5

What can be done to prevent ARP attacks (4 things)?

Answer 5

• Static ARP entries (only viable in smaller networks)
• Dynamic ARP Inspection
• Network Segmentation
• VPNs or Encryption Technologies

Question 6

What is VLAN Hopping and how to achieve it (3 ways)?

Answer 6

VLAN Hopping is an attack where the attacker wants to direct traffic to a different VLAN than the one he is currently in.
There are 3 ways to achieve this:
1. Double Tagging
2. Switch Spoofing (Uses Dynamic Trunking Protocol)
3. MAC Table Overflow (VLANs stop being enforced)

Question 7

What are the 5 most important types of DNS Attacks?

Answer 7

1. DNS Cache Poisoning (to redirect traffic to a fake site)
2. DNS Amplification Attacks (Overwhem the server)
3. DNS Tunneling (Hide other traffic in DNS traffic)
4. Domain Hijacking
5. DNS Zone Transfer Attacks (Steal all DNS entries for a domain)

Question 8

What are the 2 forms of On-Path attacks?

Answer 8

Replay Attack: Attacker intercepts the data and repeats it to send it to the real destination.

Relay Attack: Here the attacker is able to insert himself into the conversation and read & modify all traffic.

Question 9

What is SSL Stripping and a Downgrade Attack?

Answer 9

SSL Stripping tries to redirect HTTPS requests to HTTP to get around the encryption.

A downgrade attack is the alternative if SSL Stripping is not possible. There you try to have the client or server abandon the higher security mode in favor of a lower security mode.

Question 10

What are 5 detection mechanisms to detect rogue devices?

Answer 10

1. Visual Inspection of ports/switches
2. Network mapping & host discovery
3. Wireless monitoring
4. Packet sniffing & traffic flow
5. NAC & IDS

Question 11

What are the 4
types of social engineering?

Answer 11

• Phishing: Regular Phishing, Spear Fishing, Whaling & Vishing
• Tailgating: Regular Tailgating, Piggy Backing & Shoulder Surfing
• Dumpster Diving
• Eavesdropping

Question 12

What are the 6 types of malware?

Answer 12

• Virus: Malicious code thats run without the users knowledge
• Worms: Malware replicating itself through vulnerability exploitation
• Trojans: Virus disguised as something harmless. Used to get full control over a device
• Ransomware: Type of malware that encrypts all data and requests a ransom to get the key to decrypt the data
• Spyware/Adware: Used to collect information without users knowledge like passwords, but in case of adware also behavior data
• Rootkit: Virus to get root level access over a machine, often sitting on kernel level