Ethical Hacking Chapter 1-4
When a sniffer captures data from a network, it stores the data in a(n) ____________________—a dynamic area of RAM that holds specified data.
buffer
The ____ captures the network traffic from the Ethernet connection.
capture driver
The profession of ____ is emerging from a chaotic set of conflicting ethics from both the hobbyist and student communities and those on the information technology career track.
network security
A(n) ____ scan demonstrates whether a remote host is active by sending ICMP echo request packets to that host.
ping
There are two ping utilities available for a Linux or Unix machine: ping and ____________________.
ping6
A(n) ____________________ examines and reports upon the condition (open or closed) of a port as well as the application listening on that port, if possible.
port scanner
A NIC can be set up to retrieve any data packet being transferred throughout the Ethernet network segment. This mode is known as _________________________.
promiscuous mode
A(n) ____________________ is a software tool that examines and reports about vulnerabilities on local and remote hosts.
scanner
A(n) ____________________ is an application that monitors, filters, and captures data packets transferred over a network.
sniffer packet sniffer
A ____ is a script that tells the modem to dial a range of phone numbers defined by the user, and then identifies those numbers that connect to remote computers.
war dialer
____________________ is the act of locating targets and developing the methods necessary to attack those targets successfully.
Reconnaissance
____, the precursor to the Internet, appeared in ____.
ARPANET, 1969
SHORT ANSWER What are some of the most popular scanner tools?
Although the earliest scanners were based on UNIX platforms, they are currently available for Windows and Macintosh platforms. Some popular scanners that can be easily found are: * Nessus * Network Mapper (Nmap) * Security Auditor's Research Assistant (SARA) * Security Administrator's Integrated Network Tool (SAINT) * Strobe * Cheops
T/F: Nessus is a remote security scanner designed to be run on Linux, BSD, Solaris, and other versions of Unix.
TRUE
T/F: Scanners were originally developed to aid security professionals and system administrators in examining networks for security vulnerabilities.
TRUE
T/F: Sniffers look only at the traffic passing through the network interface adapter on the machine where the application is resident.
TRUE
T/F: The three types of sniffer are bundled, commercial, and free.
TRUE
SHORT ANSWER Briefly describe the main characteristics of Cheops.
Cheops, a port scanner for Linux operating systems, was developed for the GNOME interface by using the GTK+ kit. The most important differentiating feature of Cheops is its graphical nature. This application uses a dramatically large percentage of cpu cycles and slows all other applications to a crawl, which probably has something to do with the complexity of its graphical interface. This is a popular application, but Nessus and Nmap do more useful work without this beautiful GUI. This program can be downloaded from ftp://ftp.marko.net/pub/cheops.
T/F: Information traveling across a network is typically in human-readable format.
FALSE
T/F: Snort logs packets only into the American Standard Code for Information Interchange (ASCII) format.
FALSE
T/F: Breaking CD-ROMs is sufficient to destroy their data, as data cannot be recovered from broken disks.
False
T/F: Making money is a rare motive among all classes of hacker.
False
T/F: The strongest link in any security scheme is the user.
False
T/F: Viruses are indiscriminate in their damaging effects, but only expert hackers can set one loose.
False
____ is a method of achieving access to information by actually joining the organization as an employee or a consultant.
Deception
A(n) ____________________ is a security professional who applies his or her hacking skills for defensive purposes.
Ethical Hacker
T/F: A user needs root privileges to perform TCP connect scanning.
FALSE
T/F: In the early 1980s, the majority of servers ran on Windows platforms.
FALSE
____________________ scanning is TCP connection scanning, but it does not complete the connections.
Half-open
T/F: The protection of data provided to organizations or stored on personal computers is a high priority.
True
____________________ was developed by Alexandre Sagala and is a GUI for Nmap, to be used with the KDE desktop environment.
KNmap
In order to identify a particular computer on a network, computers are assigned a unique identifier called a(n) ______________________________ address.
Media Access Control (MAC) Media Access Control MAC
With ____, a user is tricked into giving private information about his or her account with a known large organization.
Phishing
SHORT ANSWER What are some of the hackers' motivations?
Regardless of the hacker's profile, knowledge or skills, they are all powerfully motivated by something: * Curiosity * Love of puzzles * Desire for recognition or fame * Revenge * Financial gain * Patriotism or politics
____ is a third-generation network security analysis tool developed by Advanced Research Corporation
SARA
SHORT ANSWER Where are sniffers normally placed?
Sniffers are normally placed on: * Computers * Cable connections * Routers * Network segments connected to the Internet * Network segments connected to servers that receive passwords
SHORT ANSWER What are the most important types of scanning?
The most important types of scanning are the following: * Transmission Control Protocol (TCP) connect scanning * Half-open scanning * User Datagram Protocol (UDP) scanning * IP protocol scanning * Ping scanning * Stealth scanning
______________________________ is based on the principle that distance can be measured by computing the time required for reflected energy to be measured at the source.
Time domain reflectometry (TDR) Time domain reflectometry TDR
____ is an Internet tool that aids in retrieving domain name-specific information from the NSI Registrar database.
WHOIS
The ____ model is derived from old Western genre movies where the "good guys" always wore white hats and the "bad guys" always wore black hats.
White Hat/Black Hat
____________________ is a DNS feature that lets a DNS server update its database with the list of domain names in another DNS server.
Zone transfer
____ is bundled with the Solaris operating systems. It captures packets from the network and displays their contents.
Snoop
____ uses influence and persuasion to deceive people by convincing them that the social engineer is someone he isn't, or by manipulation.
Social Engineering
____________________ are the principles of conduct that govern individuals, groups, and professions.
Ethics
____ hackers act as mentors to new hackers. They write scripts and tools that others use.
Coders
SHORT ANSWER What are the main characteristics of commercial sniffers?
Commercial sniffers observe, monitor, and maintain information on a network. Some companies use sniffer programs to detect network problems. Commercial sniffers can be used for both fault analysis, which detects network problems, and performance analysis, which detects bottlenecks.
The first password hacks were a response to the ___________________________________, developed in the early 1960s and first loaded on an IBM mainframe at MIT.
Compatible Time Sharing System (CTSS) Compatible Time Sharing System CTSS
Computer ____________________ is the term for illegally hacking into a computer system without the permission of the system's owner.
Cracking
NmapFE is an nmap graphic interface for the ____________________ Linux Desktop.
GNOME
"____" hackers are evidence that the dichotomy of good and evil is NOT a very good fit to the real world.
Gray Hat
SHORT ANSWER Explain "love for puzzles" as a motivation for hackers.
Hackers gain great satisfaction in finding the solutions to complicated puzzles.There are many variables that have to be controlled and techniques that have to be mastered to successfully crack systems. These are the same challenges that motivate locksmiths and cat burglars in the physical security realm. Strong passwords, such as "Tr34$>1drU,"(tr) can be devised that block most attack attempts, and locks can be keyed with "024642" pin combinations which are almost unpickable. Think of the fun when you figure out how to solve these difficult puzzles!
SHORT ANSWER How does IP protocol scanning work?
IP protocol scanning examines a target host for supported IP protocols. In this method, the scanner transmits IP packets to each protocol on the target host. If a protocol on the target host replies with an ICMP unreachable message to the scanner, then the target host does not use that protocol. If there is no reply, then the hacker assumes that the target host supports that protocol. Unfortunately for the hacker, firewalls and computers that run operating systems such as Digital UNIX (now replaced with Compaq Tru64 Operating System) and HP-UX do not send any ICMP unreachable messages. Consequently, the IP protocols supported by such hosts cannot be determined by using IP protocol scanning. Fortunately for the script kiddie population, the number of Digital UNIX,Tru64, and HP-UX servers is relatively small.
SHORT ANSWER Describe some legal reconnaissance activities.
Looking up all of the information about a company available on the Internet, including published phone numbers, office hours, and addresses, is completely legal. Calling with a problem requiring customer service assistance is completely legal (even if it is a made-up problem). Interviewing a member of the staff for a school project is legal. Physical entry of a facility, including attending a tour of the facility, is entirely legal. Making friends with somebody who works there or used to work there is also legal. It would be exceptionally paranoid for company representatives to refuse to answer the phone"just in case it is a hacker performing recon."All of these methods and many others are completely legal and done for various reasons all the time.
SHORT ANSWER What are the issues with copying, downloading, and using proprietary software and other copyrighted works?
Many hackers find it tempting to copy, download, and use proprietary software and other copyrighted works. While hackers typically consider this a harmless activity, it is often illegal (based upon the license with which the software is distributed). There is a philosophical discourse as to whether free access to information is more or less important than a creator's right to protect his or her creations. This is the same sort of debate as that over copyright law, the regulations which govern the distribution and modification of written works.Many feel that proprietary software is a form of elitism that inhibits progress. The argument is that every person has the right to hear, read, see, or learn anything that is available. Proponents of strong intellectual property rights argue that there would be no creation at all if there was not some method of ensuring remuneration or royalty for reproduction of that intellectual property.
____ comes bundled with Windows. Network Monitor, a component of Microsoft Systems Management Server (SMS), enables you to detect and troubleshoot problems on LANs,WANs, and serial links running the Microsoft Remote Access Server (RAS).
Network Monitor
____________________ is the process of identifying domain names as well as other resources on the target network.
Network enumeration
____ hackers have limited computer and programming skills, and rely on toolkits to conduct their attacks.
Novice
In the 1970s, phone phreaks, a new sort of hacker, appeared. They used various methods, collectively called ____________________, to access telephone networks to make free calls from payphones.
Phreaking
SHORT ANSWER What are the components of a sniffer?
Sniffers use the following components to capture data from a network: * Hardware * Capture driver * Buffer * Decoder * Packet Analysis
SHORT ANSWER How do scanners work?
Scanners automate the process of examining network weaknesses. Scanners are not heuristic; they do not discover new vulnerabilities but check for known vulnerabilities and open ports. A scanner performs these functions: * Connects to a target host(s) * Examines the target host for the services running on it * Examines each service for any known vulnerability Scanners can be set to target either a single IP address,and search for vulnerabilities on the target host, or a range of IP addresses. In either mode, the scanner attempts to connect with the target (or targets) to find open ports and possible vulnerabilities present on the target host(s).
In ____, the target host transmits connection-succeeded messages for active ports and host-unreachable messages for inactive ports.
TCP connect scanning
SHORT ANSWER What are the network interfaces supported by TCP/IP?
TCP/IP supports the following types of network interfaces: * Standard Ethernet Version 2 * IEEE 802.3 * Token-ring * Serial Line Internet Protocol (SLIP) * Loopback * FDDI * Serial Optical * ATM * Point-to-Point Protocol (PPP)
T/F: SARA was designed to complement and interface with other security tools, such as Nmap.
TRUE
T/F: When you transmit information in a data packet to a computer on a network, the request is sent to every computer on that network that uses the same Ethernet cable or wireless LAN.
TRUE
____, the most commonly bundled sniffer with Linux distros, is also widely used as a free network diagnostic and analytic tool for UNIX and UNIX-like operating systems.
Tcpdump
SHORT ANSWER Describe physical intrusion as a social engineering technique.
The foremost traditional technique of social engineering is physical intrusion, whereby social engineers physically enter the premises of an organization or the workstations of employees for the sole purpose of collecting information. Any unauthorized entry plan uses the same kinds of research and reconnaissance. "Casing the joint" before a physical intrusion usually includes: * Learning the schedules of the organization * Knowing the floor plan of the building or buildings * "Baselining" the security procedures
SHORT ANSWER What is the importance of proper discarding of refuse?
The security policy must carefully address what is sensitive information and what isn't, and decide how to treat refuse. Some documents may not be considered sensitive, like employee handbooks and company policy statements. But these can often tell hackers what physical and network security to expect when doing intrusion. The best solution to theft of trash paper is to crosscut-shred it and keep it in locked trash receptacles. Old hardware cannot be shredded and takes up space; thus, these items are frequently thrown out, or given to employees to take home.Hackers search for outdated hardware, such as tapes, CD-ROMs, and hard disks. There are various tools available to hackers, such as forensics programs, that can restore data from damaged data-storage devices.
SHORT ANSWER What are the major differences between commercial sniffers and free sniffers?
The two major differences between commercial and free sniffers are: * Commercial sniffers generally cost money, but typically come with support. * Support on free sniffers has the reputation of being scant, meaning it is difficult to find anyone who will offer support; incomplete, meaning that the information was never recorded; or fiendishly expensive, compared to support for commercial products. This reputation is not always deserved.
SHORT ANSWER Describe some illegal reconnaissance activities.
There are a number of plainly illegal reconnaissance techniques. Developing a "front" company and acting as a representative of that company, specifically for the purpose of robbing or defrauding the target company, is probably illegal. Furthermore, being expensive and time consuming, this is probably reserved for the professional intel agencies. Stealing garbage is illegal in many locales. Entering a home or office to look for information is also illegal, but this often goes undetected as no valuables are being removed. Dropping a keylogger—a tool that records users' keystrokes—on a vulnerable machine is illegal. Leaving a sniffer, which can intercept and read data packets, on a network is illegal.
SHORT ANSWER How are hackers commonly categorized?
There are distinct groups of hackers; however, the membership between groups is fluid. There are two ways commonly used to categorize them: * The first is the simplest —White Hat good hackers vs. Black Hat bad hackers. * The second is based loosely on psychological profiling and is a more complicated and more useful way to understand the motivations of hackers.
SHORT ANSWER Describe conformity as a social engineering technique.
This method hinges on the general tendency of people to believe that an apparent similarity between themselves and another (unknown) person is an actual similarity. The hacker convinces the victim that they have a lot in common and that they share the same values. The hacker becomes the victim's good friend by appearing honest,trustworthy,and friendly. This is a person in whom one may truly confide. Once the information is garnered, the "good friend" just disengages.
T/F: Hacking requires that the practitioner be intimately familiar with the techniques of the perpetrator or opponent.
True
T/F: Internet footprinting is a technical method of reconnaissance, which interests budding hackers and network security specialists alike.
True
T/F: Most social engineering attacks are opportunistic: the hacker uses whatever technique he or she thinks fits the situation.
True
T/F: Reconnaissance is not by definition illegal, and many reconnaissance techniques are completely legal.
True
T/F: The reading and techniques used by both ethical and malicious hackers are identical.
True
Newsgroups are part of an online bulletin board system called ____, which contains groups covering a huge variety of subjects.
USENET
SHORT ANSWER What is the problem with using bandwidth without permission?
Using bandwidth without permission may seem harmless, but what if accidental damage happens to a system or if alteration to processing information and codes occurs? If the network has been hacked, it doesn't much matter whether the hacker directly caused the error or mischief, they will be blamed for any loss or damage. In many states, unauthorized use of a computer system is a crime, in addition to being unethical.
Previously known as Ethereal, ____ is probably the best-known and most powerful free network protocol analyzer for UNIX/Linux and Windows.
Wireshark
The Linux command ____________________ shows you where the files appear in your PATH.
whereis