DENIAL OF SERVICE AND SESSION HIJACKING

Exercise

Get Started. It's Free
or sign up with your email address
Rocket clouds
DENIAL OF SERVICE AND SESSION HIJACKING by Mind Map: DENIAL OF SERVICE AND SESSION HIJACKING

1. Question 1 : B

1.1. Any Traffic coming from unused or reversed IP Addresses is bogus and should be filtering at the ISP before enters the Internet link.

2. Question 2 : A

2.1. A zombie known as Bots. Bots are software applications that run automated tasks over the Internet , perform simple repetitive task and used by malicious hackers to launch DoS attacks.

3. Question 3 : C

3.1. Trinoo is an attack tool that performs using UDP protocol. Trinoo's master component is capable of broadcasting many UDP packets to a designated or targeted computer.

4. Question 4 : A

4.1. The first phase of the DDoS attack is 'Intrusion' into remote systems to turn them into 'zombies'.

5. Question 5 : C

5.1. Targa can run 8 different DoS attacks. Targa can launch DoS attack in all possible types of DoS attacks. I

6. Question 6 : A

6.1. A Smurf attack is a resource consumption attack using ICMP Echo as the mechanism. Smurf exploits ICMP by sending a spoofed ping packet addressed to the network broadcast address and has the source address listed as the victim.

7. Question 7 : B

7.1. In a DoS land (Local Area Network Denial) attack, the attacker sends a TCP SYN spoofed packet to victim IP Address, enter a loop and repeatedly replies to itself.

8. Question 8 : A

8.1. Ping of Death is a type of DoS attack in which an attacker attempts to crash or freeze the victim comp or service by sending oversized packets using a simple ping command.

9. Question 9 : C

9.1. DoS is an attack on a computer or network that reduce,restricts or prevents accessibility of system or service to its legitimate users.

10. Question 10 : B

10.1. Incapacitate a system or network

11. Question 12 : A

11.1. Sequence number indicates where the packets is located in the data stream so the receiving station can reassemble the data

12. Question 13 : A,B,C

12.1. All data can be gather in a session-hijacking attack. Authentication information is not accessible because session hijacking occurs after the user has authenticated

13. Question 14: C

13.1. This hijacking method requires the attacker to guess the sequence numbers of data packets sent between the victim’s computer and server.

14. Question 15: A

14.1. Juggernaut is a Linux based tool.

15. Question 16: B

15.1. Encryption make any informtion the hacker gathers during a session hijacking attempt unreadable

16. Question 17: B

16.1. Sniffing used to locate the sequence number to initiate a session-hijacking attack

17. Question 18 : D

17.1. Hijacking is a type of network security attack in which the attacker takes control of a TCP sessions

18. Question 20 : B

18.1. ISN is Initial sequence numbers refers to unique 32-bit sequence number assigned to each new connection on a TCP based data communication

19. Question 19 : D

19.1. FIN and RST. Because RST causes immediate connection termination, while in FIN you get a confirmation.

20. Question 11 : D

20.1. TTYWatcher works only on Sun Solaris Systems.