CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

b,d

b

a

e

a,d,e

b

e

b

a,c

a

What is an IP spoofing attack?

In an IP spoofing attack, an attacker attempts to gain access to a restricted resource by disguising the IP address of her system. The system being spoofed by the attacker has access to the restricted resource, and that restriction is based solely on the source IP address of the communication.

How can an attacker receive packets if he is spoofing the IP address of his system to attack the target?

To receive packets at the spoofing computer, the attacker must control the routing tables on the target network and set static routes in the routing tables to redirect the packets for the spoofed IP address to the attacker's system.

How do packet sniffers work?

A packet sniffer is a software application that works by placing a network adapter card in promiscuous mode. In promiscuous mode, the network card is able to receive all packets on the physical network wire and pass those packets up to an application.

What kind of information can packet sniffers capture?

Packet sniffers can be used to capture sensitive information such as usernames and passwords as they are transmitted in clear text over such applications as SNMP, Telnet, FTP, and HTTP between the client and the server. Additionally, packet sniffers can capture potentially sensitive data in unencrypted e-mail.

What is a brute-force password attack?

A brute-force password attack is a low-tech attack in which the attacker connects to the system and tries various account names and common default passwords for that account.

Once attackers have cracked an account through password attacks, what can they do?

Once attackers have cracked an account through password attacks, they can then access the system with the same privilege level as the compromised user. If the account has administrative privileges, the attacker can create back doors for future access to the system.

What is a man-in-the-middle attack?

In a man-in-the-middle attack, the attacker is able to intercept packets crossing a network, modify or falsify the information in those packets, and reinject the modified packets into the network.

What is a port redirection attack?

In a port redirection attack, an attacker uses a compromised host to relay traffic passed through an open port on a firewall or in a router's ACLs that would normally be denied. The attacker tunnels the traffic through the compromised host.

What are two software packages that an attacker can use to execute a port redirection attack?

Netcat and httptunnel

What is a virus?

Viruses are small pieces of mobile code that attach to other programs or documents and can infect a computer when the program is executed or the document is opened.

What is a Trojan-horse application?

Trojan horses are applications that appear to be benign but contain potentially malicious code that can be used to attack the system it is run on.