chp 9 & 11
In what type of attack does the attacker take over an established session between two parties and then interact with the remaining party as if the attacker were the party that has been disconnected?
Active session hijacking
Which of the following refers to using many systems to attack another system?
Distributed denial of service (DDoS) attacks
Most networks and protocols are inherently secure making them difficult to sniff.
False
Typically, a computer system can see all communications, whether they are addressed to the listening station or not.
False
Which of the following statements is NOT true regarding passive session hijacking?
In passive session hijacking, the attacker assumes the role of the party he has displaced.
Which of the following is NOT one of the steps an attacker must perform to conduct a successful session hijacking?
Inject packets into the network prior to the authentication process.
Which of the following statements is NOT true regarding Address Resolution Protocol (ARP) poisoning?
It cannot be used to alter data in transmission or tap Voice over IP (VoIP) phone calls.
Countermeasures that can be used to defeat sniffing include all of the following EXCEPT
Media Access Control (MAC) flooding.
Which of the following statements is NOT true regarding passive sniffing?
Passive sniffing works only when the traffic you wish to observe and the station that will do the sniffing are in different collision domains.
Which of the following statements is NOT true regarding distributed denial of service (DDoS) attacks?
The attack is easily tracked back to its true source.
A lookup table is used to track which Media Access Control (MAC) addresses are present on which ports on the switch.
True
Content addressable memory (CAM) is the memory present on a switch that is used to look up the Media Access Control (MAC) address to port mappings that are present on a network.
True
Content addressable memory (CAM) is used to build a lookup table.
True
Promiscuous mode is a special mode that a network card can be switched to that will allow the card to observe all traffic that passes by on the network.
True
What type of sniffing takes place on networks that have connectivity hardware that is "smarter" or more advanced, such as those with a switch?
active sniffing
A group of infected systems that are used to collectively attack another system is called a:
botnet
With a hub connectivity device in place, all traffic can be seen by all other stations, which can be also referred to as all stations being on the same:
collision domain
Consumption of bandwidth, consumption of resources, and exploitation of programming defects are the three broad categories of:
denial of service (DoS) attacks.
All of the following actions can be helpful in thwarting session hijacking attacks EXCEPT
employing operating systems that create predictable sets of sequence numbers.
A denial of service (DoS) attack can be considered an "upgraded" and advanced version of a distributed denial of service (DDoS) attack.
false
A denial of service (DoS) attack is typically the first action an attacker will take in an attempt to access a system.
false
A distributed denial of service (DDoS) attack can be performed using only a software component; no hardware component is necessary.
false
Fail-open state results in closed and completely restricted access or communication.
false
It is easy for an attacker to predict the sequence numbers of the packets in order to hijack a session successfully.
false
Over the past few years, the use of denial of service (DoS) attacks to commit crimes such as extortion has decreased.
false
Session hijacking is the process of assisting two parties in establishing a new session.
false
Sniffers are fundamentally evil because they are only used to steal information.
false
Media Access Control (MAC) flooding and Address Resolution Protocol (ARP) poisoning are:
methods of bypassing a switch to perform sniffing.
Botnets are used to perform all of the following attacks EXCEPT:
passive session hijacking
What type of sniffing takes place on networks such as those that have a hub as the connectivity device?
passive sniffing
The primary difference between denial of service (DoS) attacks and distributed denial of service (DDoS) attacks is:
scale
All of the following are commonly used tools to perform session hijacking EXCEPT
smurf
An application or device that is designed to capture network traffic as it moves across the network itself is referred to as a:
sniffer
A device used to break a network into logical network segments known as collision domains is called a:
switch
A denial of service (DoS) attack is designed to deny legitimate users the use of a system or service through the systematic overloading of its resources
true
Active session hijacking takes sniffing to the next level by moving from listening to interacting.
true
Active sniffing introduces traffic onto the network, meaning that the user's presence is now detectable by anyone or anything that may be looking.
true
Both denial of service (DoS) and distributed denial of service (DDoS) attacks seek to overwhelm a victim with requests designed to lock up, slow down, or crash a system.
true
In the first wave of a distributed denial of service (DDoS) attack, the targets that will be the "foot soldiers" are infected with the implements that will be used to attack the ultimate victim.
true
Wireshark, Tcpdump, Windump, and Omnipeek are popular sniffing tools.
true
