Sniffing and Network Attacks
A fake online bank site sits between a user and the real bank, secretly passing messages back and forth while reading everything
What is a man-in-the-middle (MITM) attack?
A single computer sends nonstop requests to a website until it crashes and becomes unavailable
What is a Denial-of-Service (DoS) attack?
A hacker is detected while attacking a system, which triggers an immediate alert
What is a true positive?
A simple, fake login page is set up to lure attackers and collect basic information
What is a low level honeypot?
A security tool that can be physical or virtual and is designed to lure attackers away from real systems by acting as a target
What is a honeypot?
Wireshark, TCPDump, Cain and Abel, and Ettercap
What are sniffing tools?
Thousands of infected computers suddenly all spam a gaming server at the same time until it goes offline
What is a Distributed Denial-of-Service (DDoS) attack?
A hacker successfully breaks into the system but the security tools do not detect anything unusual
What is a false negative?
Repeated login attempts, unknown IP addresses, unusual traffic
What are network intrusion signs?
An attacker sends fake ARP messages to link their MAC to a legitimate IP address
What is ARP poisoning?
A fake traffic surge overwhelms an online store by using massive amounts of data all at once
What is a volumetric attack?
A user is trying to access a website but the system mistakenly blocks it thinking it is an attack
What is a false positive?
A fully real-looking company server is set up so that an attacker believes they have full control, but every action they take is secretly recorded and analyzed in detail
What is a high level honeypot?
The first step of a session hijacking attempt, where an attacker captures communication between a client and server
What is sniffing the traffic?
A malicious update is sent to a device and permanently damages its system so it no longer works
What is phlashing?
A security system spots a unusual login attempt because it matches a known hacker pattern already stored in its database
What is signature-based detection?
A firewall feature that validates traffic based on connection state
What is stateful inspection?
A tool performs DNS spoofing attacks but first requires ARP poisoning to intercept network traffic
What is Ettercap?
An attack protection method that drops malicious traffic in a designated network area
What is black hole filtering?
A network system raises an alert because traffic suddenly looks very different from normal student activity patterns
What is anomaly-based detection?
A security tester sends various TCP and UDP packets to a firewall and studies how it responds
What is firewalking?
An attacker hides malicious communication inside normal web or network traffic so it blends in with allowed data and avoids security detection at the firewall
What is tunneling?