CYBR7200

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

6 phases of ethical hacking

1. Reconnaissance 2. Scanning 3. Gaining access 4. Maintaining access 5. Clearing tracks 6. Reporting

subnet mask

A 32-bit number that masks and IP address and divides the IP address into network addresses and host addresses.

Cyberkit

A graphical tool that allows an attacker to use whois, single ping, traceroute and port scanners

Sam spade

A graphical tool which allows you to do DNS interrogation, among other things

User Datagram Protocol (UDP)

A protocol for sending packets quickly with minimal error-checking and no resending of dropped packets. One-to one or One-to-many, connectionless.

Transmission Control Protocol (TCP)

A protocol for sending packets that does error-checking to ensure all packets are received and properly ordered

Server Message Block (SMB)

A protocol used by Windows to share files and printers on a network.

Whois tool

A query and response protocol that is widely used for querying databases that store the registered users of assignees of an internet resource, such as a domain name, an IP address block, or an autonomous system

HTTP Methods

A set of commands that help your browser communicate with Web servers.

Internet Protocol (IP)

A set of rules responsible for disassembling, delivering, and reassembling packets over the Internet.

Spoofing

A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.

Telnet

A terminal emulation protocol used to log on to remote hosts using the TCP/IP protocol.

hping3

A tool that can map the network topology and help locate firewall vulnerabilities

IP spoofing attack

A type of software attack where an attacker creates IP packets with a forged source IP address and uses those packets to gain access to a remote system.

IP Address (Internet Protocol Address)

A unique number identifying every computer on the Internet (like 197.123.22.240). Network layer, analogous to a street address for a building. Includes a network ID and a host ID. consists of 32 bits.

polymorphic virus

A virus that can change its own code or periodically rewrites itself to avoid detection

Cavity virus

A virus that looks for a program with a large amount of free space and, if large enough, stores themselves there

Appending Virus

Adds coding to the end of the file of a host program. Not intended to destroy the host program just aims to modify the code

hping

An enhanced Ping utility for crafting TCP and UDP packets to be used in port-scanning activities

Wireshark

Application that captures and analyzes network packets

Class B IP Address

Assigned to medium-sized networks. Two high-order bits are set to binary 1 0. Next 14 bits complete the network ID, remaining 16 bits are the Host ID.

Class A IP Address

Assigned to networks with very large number of hosts. Higher order but set to zero, next seven are network ID. Remaining 24 bits are the host ID.

Bootsector Virus

Attaches itself to the first part of the hard disk that is read by the computer during the boot up process.

Bouncing

Attack technique wherein an attacker bounces their scan through services running on other computers that allow commands to pass through, in effect covering the attackers tracks.

Teardrop Attack

Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine

Decoying

Attack using a set of spoofed IPs which are sent to the server during a port scan

Fragmentation

Attack using small IP packets to evade firewalls and packet filters

Routing Attacks

Attack where routing information protocol (RIP) is used to distribute routing info w/in networks and advertising routs out from the local network.

Tcdump

Data-network packet analyzer that runs under a command line interface. Allows user to display TCP/IPand other packets being transmitted or received over a network to which the computer is attached.

Traceroute

Displays the path a packet took to its destination. Can be used to map a network. Uses a combination of TTL and ICMP replies to map out a network route. Shows every hop along the way.

Null scan

Does not set any bits (TCP flag header is 0). Everything is turned off. And if the port being scanned is closed, it will receive a RST response. If the port is opened, no response will be provided.

Dumb scan

Involves the use of a third party computer that receives little or no traffic. Attacker sends repetitive ICMP ping to the dumb host w ID number of +1. Attacker sends a spoofed SYN packet to host w dumb host's IP Address in place of their own. If a port is open on the target computer, the the ID number will increase. If it is closed, the ID will remain at +1

ARP spoofing

More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked.

Xplico

Open Source network forensic analysis tool (NFAT) that extracts applications data contained from an internet traffic capture. Example--- from a pcap file it would extract all email, HTTP contents, VOIP calls, FTP, etc...

Stateful firewall

Packet filtering, also inspect the state of a connection associated with an incoming IP packet

Ping Flood Attack

Ping utility used to send large number of echo request messages and overwhelms server

Slow scan

Port scanner set to scan a host with an elongated time between scans so as not to have multiple, quick scans in succession which will be easier to see on a log

Half-Open-Scan

This technique is often referred to as TCP SYN, because you don't open a full TCP connection. You send a SYN packet, as if you are going to open a real connection and wait for a response. A SYN|ACK indicates the port is listening. A RST is indicative of a non- listener. If a SYN|ACK is received, you immediately send a RST to tear down the connection.

ICMP Attacks

Threat actors use Internet Control Message Protocol (ICMP) echo packets (pings) to discover subnets and hosts on a protected network, to generate DoS flood attacks, and to alter host routing tables.

Ping of Death Attack

Type of attack in which a large ICMP packet is sent to overflow the remote host's buffer. This usually causes the remote host to reboot or hang.

Class C IP Address

Used for small networks. Three high-order bits are set to 1 1 0. Next 21 bits complete the network ID. Remaining 8 bits are the host ID

dnsenum

Utility that is used for DNS enumeration to locate all DNS servers and DNS entries for a given organization

Metamorphic virus

Virus that is able to rewrite itself entirely before it attempts to infect a file (advanced version of polymorphic virus)

multipartite virus

designed to infect multiple file types in an effort to fool the antivirus software that is looking for it

Internet layer

responsible for addressing, packaging, and routing messages on the Internet. (3rd layer down on TCP/IP, equivalent to Network layer in OSI)

Network interface layer

responsible for placing packets on and receiving them from the network medium. (Bottom layer in TCP/IP, equivalent to physical and data-link layers in OSI)

Transport layer

responsible for providing communication with the application by acknowledging and sequencing the packets to and from the application. (2nd layer down in TCP/IP)

Address Resolution Protocol (ARP)

responsible for resolving IP addresses to network interface layer addresses, including hardware addresses

Internet Group Management Protocol (IGMP)

responsible for the management of IP multicast groups

dig command

send domain name query packets to name servers for debugging or testing

FIN scan

sends TCP packets to a device without first going through the normal TCP handshaking, thus preventing non-active TCP sessions from being formally closed

Footprinting

the process of systematically identifying the network and its security posture (usually a passive process)

SOA record (Start of Authority)

used to store important information about a domain or zone. Every domain must have a [Answer] at the cutover point where the domain is delegated from its parent domain.

DNS zone transfers

Process where a DNS server passes a copy of or part of its database (which is called a zone) to another DNS server. Enables more than one DNS server to answer queries about a particular zone.

Application layer

Provides applications the ability to access the services of the other layers and defines the protocols that applications use to exchange data. Top layer of TCP/IP, equivalent to the application, presentation, and session layers in OSI

Class D IP Address

Reserved for multicast addresses. Four high-order bits are set to 1 1 1 0. Remaining bits are for the address that interested hosts recognize.

nslookup

Resolves a fully qualified domain name to an IP address.

Internet Control Message Protocol (ICMP)

Responsible for providing diagnostic functions and reporting errors due to the unsuccessful delivery of IP packets

UDP scan

Sends UDP requests to a target port. If no replies the port is assumed open, Destination Unreachable port is closed

Christmas tree scan

Sends a TCP packet to the target with the URG, PUSH, and FIN flags set

Inverse mapping

The process of identifying live network hosts (mapping internal network layout) positioned behind a filtering device by probing for addresses known not to be in use.

Stateless firewall

The source is the originating IP address and port number tuple, and the destination is also an IP address and port number tuple. Possible rules include accept and drop


Kaugnay na mga set ng pag-aaral

Exam AI-900: Microsoft Azure AI Fundamentals

View Set

Computer Science Fundamental Concepts

View Set

Pediatrics Exam 3 (Ch. 43, 44, 53, 46, 47, 48, 45)

View Set

Quiz 12 Chapter 16 "Product Distribution"

View Set