Default Ports
Network Attacks & Analysis
Incident Response & Access Control
Packet Capture & Analysis
Network IDS
100

The default port for TFTP

What is 69?

100

Attacker type that hacks using the phone system

What is phreaker?

100

This guide is primarily used for incident response activities within the DoD

What is CJCSM 6510.01B?

100

Type type of network tap provides full-duplex traffic to a single monitoring port.

What is an aggregation tap?

100

This type of event occurs when a malicious attack occurs and the IDS alerts.

What is a true positive?

200

The default for IRC

What is 6667?

200

Indicator type that can't be broken down any further without loosing meaning

What is atomic?
200

These objectives include regaining control of all systems involved and deny intruder access

What is containment?
200

This device is usually used on modern networks for capturing network traffic.

What is a tap?

200

This type of network IDS bypass involves breaking apart TCP/IP's Internet layer to avoid detection.

What is fragmentation?

300

The default well-known port for legacy AIM services

What is 531?

300

Type of attack a firewall is traditionally used to prevent

What is service-side (or server-side)?

300

This type of encryption methodology uses a single key to encrypt and decrypt data.

What is symmetric (or secret)?

300

This mode allows a host to capture network traffic not specifically addressed to it.

What is promiscuous?

300

This type of network IDS bypass involves breaking apart TCP/IP's Transport layer to avoid detection.

What is segmentation?

400

The default NetBIOS name resolution port

What is 137?

400

This analysis and tracking technique includes seven phases

What is the Cyber Kill Chain?

400

This access control type implements authorized user decisions.

What is discretionary?

400

This type of interface is used by tcpdump for capturing and analyzing packets network traffic.

What is command line?

400

This is the most likely reason for disabling zone transfers on a primary DNS server.

What is prevent attacks from exfiltrating data?

500

The well-known default DHCP port for Microsoft servers

What is 67?

500

This type of attack usually requires an end user to take some action

What is client-side?

500

This access control model is the basis for a multilevel security system.

What is Bell-LaPadula?

500

This type of filter is used in Wireshark to narrow down packets from a loaded PCAP file.

What is Display?

500

These three analysis techniques are used to detect attacks in network IDSs.

What are signature, anomaly, and protocol?
M
e
n
u