Chapter 7
On which TCP/UDP port does Telnet operate?
23
daemon
A UNIX program (i.e., service) that is usually initiated at startup and runs in the background until required.
Open Systems Interconnection reference model (OSI/RM)
A layered network architecture model of communication developed by the ISO. Defines seven layers of network functions.
DNS Security Extensions (DNSSEC)
A set of extensions to DNS designed to protect DNS clients from attacks. Uses digital signatures to ensure data integrity and authenticity.
Denial-of-service (DOS) attack
A type of attack waged by a single system aimed at crashing the target system
distributed denial-of-service (DDOS) attack
A type of attack waged by multiple systems aimed at crashing the target system
Types of File Transfer Protocol (FTP)
Active Passive
BIND
Berkeley Internet Name Daemon. The most widely used daemon used to resolve names to IP addresses.
A protocol analyzer can "blank" and "blank" to learn about network activity.
Capture packets Analyze information
In which type of attack does a hacker inject false data into a zone transfer?
DNS poisoning
Which of the following UNIX programs is triggered at startup and runs in the background until required?
Daemon
A "blank" can block any or all of these message types.
Firewall
Physical
Layer 1 Associated with transmission of unstructured bitstreams (electrical impulses, light or radio signals) over a physical link (such as copper wire or fiber-optic cable). This layer controls how data is transmitted and received across the media. Bit
Data link
Layer 2 Defines how data is formatted for transmission and how access to the network is controlled. This layer prepares the information so it can be placed on the transmission medium, such as a copper wire. In the IEEE 802 series of LAN standards, the data link layer is divided into two sublayers: the Logical Link Control (LLC) layer and the Media Access Control (MAC) layer. Frame
Network
Layer 3 Responsible for logical addressing. Organizes data into packets. IP packet
Transport
Layer 4 Provides reliable, transparent transport between endpoints (the source and destination hosts). Also supports end-to-end error recovery and flow control. This layer is responsible for the accuracy of data transmission. TCP or UDP segment, encased in an IP packet
Session
Layer 5 Responsible for describing how protocols build up and tear down connections (or sessions). Also adds traffic flow and synchronization information.
Presentation
Layer 6 Provides useful transformations on data to support a standardized application interface and general communications services. Encryption occurs at this layer.
Application
Layer 7 Provides the interface to the user in a networking environment. Networking applications such as file transfer and e-mail function here.
Testing network connections, devices and cables
Network analyzers can send test packets over the network. The packets can be traced to discover faulty components or cables.
IP-based communication has the following weaknesses:
Packets are not signed — As a result, IPv4 provides no authentication; there is no way to determine exactly where a packet originated. Packets are not encrypted — Information is not encrypted by default in IPv4 as it passes across the network wire. Thus, IPv4 does not guarantee confidentiality. Packets can be manipulated easily — For example, it is possible to use a special application to forge IP headers so that packets generated by one host appear to come from another.
Identifying network problems and sending alert messages
Problems (such as traffic exceeding a given parameter) can be predefined by the network administrator.
Identifying specific problems
Problems might include error messages generated by a network device, which can then be repaired.
RealServer and RealPlayer
RealServer uses Port 80 by default, unless a Web server is installed. Then, it will use Port 8080 by default. RealPlayer uses an ephemeral port to attach to a RealServer port. Both UDP and TCP are supported, though newer versions of RealServer default to using TCP.
The transport layer in the TCP/IP model corresponds to which of the following layers of the OSI model?
Session Transport
the TCP handshake
SyN: Synchronizes the sequence numbers FIN: Signals that no more data will be transmitted from the sender ACK: Identifies acknowledgment information in the packet
What is another name that hackers use for TCP/IP?
TCP/IP stack
TCP/IP protocol stack
The hierarchy of protocol levels established according to the Open Systems Interconnection (OSI) model. The stack is the portion of the operating system that transmits and receives information on a network.
Monitoring network traffic to identify network trends
This practice helps establish a network baseline. For example, you may notice that network traffic is heaviest in the morning when all users start their computers.
What are the two transport layer protocols of the TCP/IP stack?
Transmission Control Protocol and User Datagram Protocol
TCP
a connection-oriented protocol. TCP is the protocol used by most internet services, including HTTP (the World Wide Web), FTP, and SMTP (email).
UDP
a connectionless protocol. UDP is often used to conduct scans of systems.
Illicit zone transfers
a hacker imitates a DNS server and obtains the entire DNS database.
DNS poisoning
a hacker injects false data into a zone transfer. The result of DNS poisoning is that the DNS server cache becomes populated with false name-to-IP-address pairings
ICQ
an instant messaging program, uses TCP Port 4000.
Although internet service is usually provided through ____________ transmissions, signals between nodes on the internal network are ______________.
baseband broadband
Which ICMP message type is issued when the ping command is used?
echo request
ACK
identifies acknowledgment information in the packet
Header information is
protocol-specific
The "blank" must understand the physical layout of all segments of the network that he or she is protecting.
security administrator
FIN
signals that no more data will be transmitted from the sender
SYN
synchronizes the sequence numbers
In a single system, each OSI layer has _____________ with which it interacts.
the layer above and the layer below it one or two adjacent layers
Post Office Protocol 3 (POP3)
uses TCP Port 110.
H.225 call signaling
uses TCP Port 1720.
Simple Mail Transfer Protocol (SMTP)
uses TCP Port 25.
Network Information System (NIS)
uses TCP Port 901.
Internet Relay Chat (IRC)
uses TCP Ports 194 and 6667, and UDP Ports 194 and 6667.
Sun Remote Procedure Call (RPC)
uses TCP and UDP Port 111.
Network File System (NFS)
uses UDP Port 2049.
Session Initiation Protocol (SIP)
uses UDP Port 5060 by default. SIP will use TCP Port 5060 if a UDP attempt fails. You can also specify to use a non-standard port.
