Network Fundamentals chapter 13

Questions and Answers

What does the first two octets represent in a Class B address?

Network address (correct)

Router address

Node address

Broadcast address

What is the purpose of the loopback address, 127.0.0.1?

To connect to a private network

To communicate with other machines

To connect to the internet

To refer to the NIC of the machine you are on (correct)

What is the use of private IP addresses?

To connect to the internet

To communicate with computers outside the network

To connect to a router

To communicate within a network (correct)

What is the role of a gateway router in network address translation?

To replace the private IP address with the public IP address

What is the range of private IP addresses that can be used on a private network?

10.0.0.10 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255

What is the purpose of NAT?

To replace the private IP address with the public IP address of the gateway router

What type of IP address is used to communicate with computers outside the network?

Public IP address

What is the class of IP address where the first three octets represent the network and the last octet represents the node?

Class C

What is the purpose of a gateway router?

To perform network address translation

What is the limitation of private IP addresses?

They cannot be routed over the internet

What is the main purpose of subnetting?

To divide a network into smaller portions

What is the minimum value of the first octet of a subnet mask?

255

What is the effect of a subnet mask on the IP address?

It divides the IP address into node and network portions

What is the main difference between traditional subnetting and VLSM?

VLSM uses a variable length subnet mask, while traditional subnetting uses a fixed length subnet mask

What is the result of converting a subnet mask to binary?

Once you hit a zero, the rest are all zeros

What is the significance of the part of the IP address covered with 1s?

It is reserved for the network

How is the IP address and subnet mask combined by the computer?

Using a binary AND operation

What is the purpose of DHCP protocol?

To handle dynamic IP address allocation

What is the significance of an APIPA address?

It indicates that the machine is not capable of communicating with the network

What is the CIDR notation used for?

To represent the IP address and the number of bits for the network

What is the significance of IPv6 using a 128-bit address?

It ensures that IP addresses will never run out in the future.

What is the purpose of the hex-numbering method in IPv6?

To make IPv6 addresses shorter and more readable.

What is the format of IPv6 subnetting?

CIDE format with slash (/) and hexadecimal value.

What does the link/machine-local address in IPv6 indicate?

The device could not obtain an IP address from a DHCP server.

What is the equivalent of IPv4 private IP addresses in IPv6?

Site/network-local addresses.

What is the purpose of the loopback address in IPv6?

To test the network interface.

Why are IPv6 site/network-local addresses not routable on the internet?

They are private and only work on the local network.

What is the primary advantage of using IPv6 over IPv4?

IPv6 uses a 128-bit address, preventing the exhaustion of IP addresses

What is the format of IPv6 addresses?

Hexadecimal, with eight groups separated by colons

What is the purpose of the Managed Address Configuration flag (M flag) in DHCPv6?

To enable DHCPv6 to obtain a stateful IPv6 address

What is the characteristic of IPv6 link/machine-local addresses?

They start with fe80:: and are used when a device cannot obtain a DHCP address

What is the difference between IPv6 site/network-local addresses and IPv4 private addresses?

IPv6 site/network-local addresses are not routable on the internet, while IPv4 private addresses are

What is the purpose of the ::/128 address in IPv6?

It is the IPv6 loopback address

What is the range of IPv6 site/network-local addresses?

FEC to FEF

What is the advantage of using IPv6 over IPv4 in terms of address space?

IPv6 has a much larger address space than IPv4

What is the purpose of the hex-numbering method in IPv6?

To avoid long addresses and make them more readable

What is the difference between IPv6 and IPv4 in terms of subnetting?

IPv6 uses a different subnetting method, but both use CIDR notation

What is the purpose of the 101 message sent to the browser?

To inform the browser that the protocol is changing

What type of messages do error codes 400-499 represent?

Client errors

What does a 301 error code indicate?

The requested resource has permanently moved to a new URL

What type of errors do error codes 500-599 represent?

Server-side errors

What does a 503 error code indicate?

The service requested is down, possibly overloaded

What is the purpose of the HTTP GET message?

To request reading a web page

What is the meaning of HTTP response codes in the range of 100-199?

Informational messages

Which of the following HTTP messages is used to request appending to a page?

POST

What is the purpose of the HTTP HEAD message?

To request reading the head section of a web page

What is the error message displayed when a requested resource is not found?

Error 404: file not found

What is the purpose of the HTTP LINK message?

To connect two existing resources

What is the primary function of the header in a network packet?

To provide information for routing the packet

What is the general structure of a network packet?

Header, payload, and footer

What is the term for the chunks of data sent across a network?

Packets

What is the purpose of capturing network packets in forensic analysis?

To analyze network traffic and gather evidence

What is the difference between various types of network packets?

They have different structures and formats

Why is the header of a network packet important in forensic analysis?

It provides information about the packet's source and destination

Which protocol's header contains the source and destination MAC address?

Ethernet

What information does the IP header contain?

Source and destination IP addresses, and the protocol number of the payload

What is the purpose of the synchronization bits in the TCP header?

To establish and terminate communications between parties

Which type of header lacks a sequence number and synchronization bits?

UDP

What is the significance of the sequence number in the TCP header?

It provides information about the packet's order

What is added to the packet when encryption is used, such as with IPSec or TLS?

An additional header

What is the purpose of the ACK bit in a network packet?

To acknowledge the attempt to synchronize communications

What is the result of sending a packet with the RST bit turned on?

The connection is reset

What is the purpose of the SYN bit in a network packet?

To synchronize sequence numbers

What is the purpose of sending a packet with the FIN bit turned on?

To indicate no more data from the sender

What is the SYN flood DoS attack based on?

Flooding the target with SYN packets

What is the purpose of the IP precedence bits?

To prioritize traffic

What information does the IP header contain?

Source IP address, destination IP address, and protocol number

What is the purpose of the sequence number in the TCP header?

To keep track of the order of packets in a transmission

What type of header is used instead of TCP in certain types of traffic?

UDP header

What information does the Ethernet header contain?

Source and destination MAC addresses

What is added to the packet when encryption is used, such as with IPSec or TLS?

An additional header

What is the significance of the synchronization bits in the TCP header?

They establish and terminate connections between communicating parties

What is the purpose of the URG bit in a network packet?

To mark traffic as urgent

What is the normal sequence of events in a network conversation?

SYN, SYN/ACK, ACK, FIN

What is the purpose of an RST packet in a session hijacking attack?

To reset the connection

What is the purpose of a SYN flood DoS attack?

To flood the target with SYN packets

What is the purpose of the IP precedence bits?

To prioritize traffic when necessary

What is the purpose of the FIN bit in a network packet?

To indicate that no more data will be sent

What is the primary purpose of a port scan?

To identify open ports on a target system

Which type of port scan sends a packet with the FIN flag turned on?

FIN scan

What is the characteristic of a packet sent in a null scan?

All flags are turned off

What is the purpose of a hacker sending a packet with the URG, PUSH, and FIN flags set?

To identify open ports

Why do administrators block incoming ICMP packets?

To prevent port scanning

What is the result of sending a packet with the FIN flag turned on to an open port?

An error message is generated

What is the purpose of a port scanning tool?

To identify open ports

What is the characteristic of a Xmas tree scan?

Alternating flags are turned on and off

Why do hackers use stealthy port scanning techniques?

To avoid detection by administrators

What is the purpose of a hacker performing reconnaissance on a target system?

To gather information about the system

What is the part of a packet that contains the actual information being transmitted?

Payload

What is the purpose of the CRC in an Ethernet frame?

To check for errors in the transmission

What happens when a packet fails the CRC check in Ethernet?

The packet is discarded and the receiver updates an internal counter

What is the function of the trailer in a Layer 2 frame?

To provide error checking and indication of the end of transmission

Which protocol requests a retransmission if a frame does not pass the CRC check?

TCP

What is the purpose of padding in a packet?

To make the packet the right size

What information can be gathered from the headers of an encrypted packet?

The protocol being used

What is the purpose of the sequence number in the TCP header?

To track the sequence of packets in a connection

Which layer of the OSI model does the trailer belong to?

Layer 2

What is the result of a packet not passing the CRC check in Ethernet?

The packet is discarded

What is the primary goal of a hacker performing reconnaissance on a target system?

To gather information about the target system's network architecture

What is the purpose of a port scan?

To identify open ports on a target system

What is the characteristic of a FIN scan?

It sends a packet with the FIN flag turned on

What is the purpose of a Xmas tree scan?

To identify open ports on a target system

What is the result of a null scan?

An error packet is sent, indicating that the port is open

Why do hackers often use stealthy scans?

To avoid detection by intrusion detection systems

What is the primary function of the trailer in a Layer 2 frame?

To provide error checking and indicate the end of transmission

What is the significance of a port scan sending a packet with the FIN flag turned on?

It generates an error message if the port is open

What happens when a receiving device detects an error in a Layer 2 frame?

It discards the frame and updates an internal counter

What is the purpose of a hacker performing a port scan on a target system?

To identify open ports on the target system

What is the purpose of padding in a packet?

To make the packet a fixed length

What is the characteristic of a packet sent in a Xmas tree scan?

It has the URG, PUSH, and FIN flags set

What is the difference between the TCP and UDP protocols in terms of error handling?

TCP requests retransmission, while UDP does not

What is the result of a port scan identifying an open port on a target system?

The hacker can launch further attacks on the port

What is the purpose of the header in a packet?

To specify the source and destination addresses and protocols

What is the significance of the sequence number in the TCP header?

It helps the receiving device reassemble the packets in the correct order

What is the purpose of the cyclic redundancy check (CRC) in an Ethernet frame?

To provide error checking and ensure the integrity of the data

What happens when a packet has a fixed length but the payload is smaller than the fixed length?

The payload is padded with blank information or a specific pattern

What is the difference between the payload and the header in a packet?

The payload is the actual data, while the header is the error-checking mechanism

What is the significance of the MAC address in a Layer 2 frame?

It is used to identify the device at the data link layer

What is the total number of possible ports available for communication?

65,635

What is the primary purpose of port 22?

To remotely and securely log on to a system

What is the difference between port 20 and port 21?

Port 20 is for data and port 21 is for control

Which protocol is commonly used by network administrators to remotely log on to a system?

SSH

What can be determined from the port number of a packet?

The protocol used by the packet

What is the purpose of port 23?

To remotely log on to a system

Why is it important for a forensic analyst to know certain port numbers?

To determine the protocol used by a packet

What is the relationship between ports and channels?

A port is a channel through which communication can occur

How many ports are commonly used by a forensic analyst?

A subset of commonly used ports

What is the purpose of memorizing certain port numbers?

To determine the protocol used by a packet

What is the purpose of SSH?

To provide greater security

What is the function of port 80?

Displays web pages

What is the purpose of Kerberos on port 88?

To authenticate

What is the function of port 443?

To display web pages securely

What is the purpose of capturing traffic on a database server on port 21?

To identify an intruder or insider not adhering to system policy

What is the purpose of an old hacker trick using Telnet on port 23?

To grab the server's banner and determine the operating system

What is the purpose of utilities like Back Orifice?

To give an intruder complete access to the target system

What is the purpose of Timbuktu?

To allow remote access to a system

What is the significance of observing frequent attempts to connect to a web server on port 23?

It is a sign of an intruder or insider not adhering to system policy

What is the purpose of knowing the ports and their uses?

To identify an intruder or insider not adhering to system policy

What is the primary goal of a Denial of Service (DoS) attack?

To prevent legitimate network traffic from passing

What is the typical effect of a Ping of Death attack on a system?

The system crashes or locks up

What is the main target of a network attack?

The network itself

What is the purpose of a firewall in preventing a Ping of Death attack?

To block malformed or improperly sized ICMP packets

What is the typical result of a successful DoS attack?

The network becomes unavailable

What is the primary method used by an attacker in a DoS attack?

Sending malicious packets to the target system

What is the impact of a DoS attack on the target network?

The network becomes unavailable

What is the size of an ICMP echo packet that can cause a system to crash or lock up?

Greater than 84 bytes

What is the intention of an attacker in using a Ping of Death attack?

To crash or lock up the target system

What is the relationship between a DoS attack and the target network?

The DoS attack targets specific machines, which affects the network

What is the primary goal of a teardrop attack?

To crash the target system by fragmenting packets

What is the main issue with SYN flood attacks?

The target system is unable to respond to legitimate requests

How do modern firewalls typically block SYN flood attacks?

By analyzing the entire conversation between client and server

What is the primary difference between a teardrop attack and a SYN flood attack?

The goal of the attack

What is the result of a target system receiving a large number of SYN packets?

The system is overwhelmed with phantom connection requests

Why are SYN flood attacks often blocked by modern firewalls?

Because they are easily detected by analyzing the entire conversation

What is the purpose of the ACK bit in a SYN packet?

To acknowledge the synchronization request

What is the main weakness of a teardrop attack?

It can be blocked by patches released by vendors

What is the primary goal of a SYN request?

To initiate a connection with a target system

What is the consequence of not responding to a SYN request with an ACK packet?

The target system is overwhelmed with connection requests

What is the purpose of Stateful Packet Inspection (SPI) in firewall technology?

To block SYN flood attacks

What is the effect of a Land Attack on a target computer?

It tricks the computer into thinking it is sending messages to itself

What is the result of a Fraggle attack on a target network?

It causes a traffic jam in the target network

What is the goal of a DHCP Starvation attack?

To exhaust the address space allocated by the DHCP servers

What is the effect of an HTTP Post Attack on a web server?

It hangs the web server waiting for a message to complete

What is the purpose of a PDoS attack?

To damage the system so badly that it needs an operating system reinstall

What is the effect of a Login DoS attack on a website?

It makes the login process unavailable or unreasonably slow to respond

What is the result of a packet mistreating attack on a network?

It results in congestion in a part of the network

What is the purpose of a Smurf attack?

To generate a large number of ICMP echo requests

What is the characteristic of a Fraggle attack?

It uses spoofed UDP packets

What is the primary purpose of an IDS?

To analyze logs and detect possible incidents

What type of logs show accounts related to a particular event and the authenticated user’s IP address?

Authentication logs

What is the primary record of a person’s activities on a system or network?

A person’s log files

What type of devices produce logs that can be used as evidence in an investigation?

Routers, VPNs, and other network devices

What is the purpose of examining live traffic or logs in network traffic analysis?

To determine if a crime has been or is being committed

What do application logs record?

The date and time the user started the application and how long it was used

What is the focus of an end-to-end investigation?

The entire attack, from start to finish

What is the purpose of network security devices such as firewalls and IDS?

To block malicious traffic and prevent hacking

What type of information is contained in a device’s log files?

The primary records of a person’s activities on a system or network

What type of events do operating systems typically log?

Use of devices, errors, and reboots

What can be achieved by analyzing logs from servers and Windows security event logs?

Attributing activities to a specific user account

What is a limitation of using log files for analysis?

They can be easily altered by hackers

What is the purpose of an intrusion detection system (IDS)?

To record events that match known attack signatures

What can be discovered by configuring an IDS to capture all network traffic associated with a specific event?

What commands an attacker ran and what files they accessed

What type of logs provide information about activities on a network?

Network device logs

What can be achieved by coordinating and synchronizing logs from different systems?

Creating a more complete picture of an attack

What is a challenge of using log files as evidence?

They are easily lost or altered

What can log files show about an attack?

How an attacker entered a network

What is the indoor range of 802.11g wireless networks?

125 feet

What is the bandwidth of 802.11n wireless networks?

100 to 140 mbps

What technology uses multiple-input multiple-output (MIMO) to coherently resolve more information than is possible using a single antenna?

802.11n

What is the throughput of 802.11ac wireless networks?

1 gbps

Which wireless standard is also referred to as 'White-Fi' and 'Super Wi-Fi'?

802.11af

What is the maximum data transmission rate of 802.11ad wireless networks?

7 gbps

What is the frequency range of 802.11af wireless networks?

54 MHz to 790 MHz

What is the rebranded version of 802.11ad for use in the 45-GHz unlicensed spectrum available in some regions of the world?

802.11aj

What is the maximum bandwidth of 802.11n-2009 wireless networks with the use of four spatial streams at a channel width of 40 MHz?

600 mbps

What is the primary benefit of using wireless connections?

Ease of connection without cables

What is the standard for wireless networking?

IEEE 802.11

What is the frequency of operation for IEEE 802.11a?

5 GHz

What is the bandwidth of IEEE 802.11b?

11 megabits per second (mbps)

What is the indoor range of IEEE 802.11b?

125 feet

What is a new security feature of WPA3?

Encryption of individual traffic even on open networks

Where is wireless internet widely available?

In many public locations including fast-food restaurants, coffee shops, and retail stores

What is Wi-Fi?

A type of wireless network

What is the primary purpose of the initialization vector (IV) in WEP?

To prevent repetition of the same key

What is the encryption method used in WPA2 to provide data confidentiality, origin authentication, and integrity?

AES using CBC-MAC

What is the main advantage of WPA3 over its predecessors?

Making it harder and time-consuming to crack

What is the key size used in WEP-40?

64-bit

What is the purpose of TKIP in WPA?

To dynamically generate a new key for each packet

What is the main weakness of WEP?

IV reuse and related key attacks

What is the main function of ZigBee?

For mainly residential applications of wireless devices

What is the purpose of Wi-Fi Easy Connect?

To connect devices by scanning a QR code

What is the primary use of ANT+?

Bio-sensor data transmission

What is the name of the wireless protocol used primarily for home automation?

Z-Wave

What is the IEEE standard for Bluetooth?

IEEE 802.15.1

What is the significance of Harald Bluetooth in the context of wireless protocols?

He united the tribes of Denmark

What is the purpose of discovering wireless networks?

To identify potential security threats

What is the primary concern when it comes to wireless networks in terms of forensic analysis?

Data theft through direct network attacks

What is the purpose of tools like NetStumbler, MacStumbler, and iStumbler?

To discover and scan for wireless networks

What is a common mistake people make when setting up wireless devices?

Not changing the default settings

What is the significance of the MAC address in a packet?

It is used to determine the packet's destination

What is the main difference between a switch and a router?

A switch can only connect computers on the same LAN, while a router can connect different logical networks

What is the purpose of a router's routing table?

To determine the path of outgoing packets

What is the main advantage of modern routers over older routers?

They can learn new routes automatically

What is the main advantage of a switch over a hub?

It prevents traffic jams by ensuring data goes straight to its destination

What is the primary function of a router?

To send packets to their destinations along thousands of pathways

What is the primary function of a router in a network?

To forward data packets to a destination network

What type of memory may contain the router's operating system?

Flash memory

What is the main difference between a hub and a router?

A hub sends packets to every port except the one it received the packet from, while a router directs packets to their destination network

What is the primary function of a network interface card (NIC)?

To handle media access control and data encapsulation

What type of information does a router contain?

All of the above

What is the primary difference between a switch and a router?

A switch is used to connect computers on a single network, while a router is used to connect multiple networks

What is the primary goal of a router table poisoning attack?

To allow an attacker to access data in the compromised network

Why is it important to not shut down the router when conducting forensic analysis?

Because it will potentially lose valuable evidence

What is the function of Hyperterminal in router forensics?

To connect to and interact with the router

What is the significance of documenting the process when conducting router forensics?

To record everything that is done to the router

What is the result of altering the routing data update packets in a router table poisoning attack?

Incorrect entries are made in the routing table

What is the primary challenge of conducting router forensics?

Being careful not to alter anything

What information does the show version command provide about the router?

The platform, operating system version, system image file, and interfaces

What is the primary purpose of comparing the startup and running configurations?

To identify potential hacker modifications to the system

What is the primary purpose of the show ip route command?

To display the routing table

What is the significance of the show running-config command?

It displays the currently executing configuration

What is the primary way that hackers infiltrate routers, according to the text?

By altering the routing table

What is the purpose of the show startup-config command?

To display the system's startup configurations

What type of firewall is also referred to as a screened firewall?

Packet Filer

What is the primary benefit of using Stateful Packet Inspection firewalls over Packet Filer firewalls?

They are less susceptible to ping floods, SYN floods, and spoofing

What is the purpose of examining firewall logs in network forensic analysis?

To identify potential security threats

What is the fundamental part of network forensic analysis that involves examining the firewall?

Examining the firewall

What is the characteristic of a connection in firewall forensics?

It is all the traffic going through the firewall

What is the primary difference between Packet Filer and Stateful Packet Inspection firewalls?

The context in which they filter packets

What is the range of well-known ports?

0 through 1024

What is the purpose of analyzing TTL fields in packet responses?

To detect decoy scans and spoofed addresses

What is the term for the concatenation of an IP address and a port number?

Socket

What is the purpose of a decoy scan strategy?

To hide the attacker's IP address among decoy machines

What should you carefully check in the firewall logs?

Connections or attempted connections on common ports

What is the significance of the TTL field in a packet?

It indicates the number of routers between a source and destination

Study Notes

IPv6

• IPv6 uses a 128-bit address, which prevents IP address exhaustion
• IPv6 uses a hexadecimal numbering method to avoid long addresses
• IPv6 uses the CIDE format for subnetting (e.g. /48, /64)
• The loopback address for IPv6 is ::/128
• Link/machine-local IPv6 addresses start with fe80::
• Site/network-local IPv6 addresses start with FE and have C to F as the third hexadecimal digit (e.g. FEC, FED, FEE, FEF)

Firewall Forensics

• Firewalls are a crucial part of network forensic analysis
• Firewall logs contain valuable evidence of network activity
• There are two types of firewalls:
  • Packet Filter: filters incoming packets based on set rules
  • Stateful Packet Inspection (SPI): examines packets in context of the entire conversation

Collecting Data

• A connection consists of two IP addresses and two port numbers
• A socket is the combination of an IP address and a port number
• There are three ranges of port numbers:
  • Well-known ports: 0-1023
  • Registered ports: 1024-49151
  • Dynamic ports: 49152-65535

Port Scanning

• Port scanning is a common reconnaissance technique used by hackers
• There are several types of port scans:
  • FIN scan: sends a packet with the FIN flag set to test if a port is open
  • Xmas tree scan: sends a packet with multiple flags set to test if a port is open
  • Null scan: sends a packet with no flags set to test if a port is open
• These scans can be detected by analyzing packet headers and flags

Packet Structure

• A packet consists of a header, payload, and trailer
• The header contains information about the packet's protocol, source, and destination
• The payload is the actual content being transmitted
• The trailer is used for error checking and contains a Cyclic Redundancy Check (CRC)

Ports and Protocols

• There are 65,635 possible ports, but some are used more often than others
• Certain ports are associated with specific protocols:
  • FTP: 20, 21
  • SSH: 22
  • Telnet: 23
  • SMTP: 25
  • DNS: 53
  • HTTP: 80
  • HTTPS: 443
  • NetBIOS: 137-139
  • SNMP: 161, 162
  • Kerberos: 88, 464
  • LDAP: 389
  • IMAP: 220

Utilities and Tools

• Some ports are associated with malicious utilities and tools:
  • Back Orifice: 31337
  • B02K: 54320/54321
  • Beast: 6666
  • Donald Dick: 23476/23477
  • Reachout: 43188
  • Timbuktu: 407### Network Basics
• IP Addresses:
  • IPv4 address: a series of four decimal numbers between 0 and 255, each representing 8 bits (an octet)
  • 32-bit address, allowing for over 4.2 billion possible addresses
• Converting decimal to binary: divide by 2, using remainders, until you get to 1

IP Address Classes

• Class A: 0-126 (extremely large networks, all addresses have been assigned)
• Class B: 128-191 (large corporate and government networks, all addresses have been assigned)
• Class C: 192-223 (most common group of IP addresses, often used by ISPs)
• Reserved IP addresses: 127.x.x.x (testing, loopback address: 127.0.0.1)

Private IP Addresses

• Cannot be routed over the internet
• Used on private networks
• Three specific ranges: 10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, 192.168.0.0 to 192.168.255.255

Network Address Translation (NAT)

• Translates private IP addresses to public IP addresses for internet communication
• Used by ISPs to assign public IP addresses to customers

Network Traffic Analysis

• Analyzing logs to determine if a crime has been committed and to gather evidence
• Uses logs from devices, firewalls, and intrusion detection systems
• Can help identify patterns of activity and unusual events

Denial of Service (DoS) Attacks

• Attacks that target the network itself
• Types of DoS attacks:
  • Ping of Death: sends a large ICMP echo packet to crash the target machine
  • Teardrop Attack: sends fragmented packets with bad values to crash the target system
  • SYN Flood Attacks: sends unlimited SYN requests to overwhelm the target system
  • Land Attack: sends a fake TCP SYN packet with the same source and destination IP addresses
  • Smurf Attack: generates a large number of ICMP echo requests to cause a traffic jam
  • Fraggle Attack: similar to Smurf attack, but uses spoofed UDP packets
  • DHCP Starvation: exhausting the address space allocated by DHCP servers
  • HTTP Post Attack: sends a legitimate HTTP post message with a slow message body
  • PDoS (Permanent Denial of Service): damages the system so badly that it needs an OS reinstall or new hardware
  • Login DoS: overloads the login process with repeated requests
  • Packet Mistreating Attacks: compromised router mishandles packets, causing congestion### HTTP Messages
• HTTP messages can be classified into five categories based on their response codes:
  • 100-199: Informational messages, informing the browser of the protocol change
  • 200-299: Success messages, indicating successful processing of the request
  • 300-399: Redirect messages, redirecting the browser to another URL
  • 400-499: Client error messages, indicating errors on the client-side
  • 500-599: Server error messages, indicating errors on the server-side

HTTP Request Methods

• GET: Request to read a web page
• HEAD: Request to read the head section of a web page
• PUT: Request to write a web page
• POST: Request to append to a web page
• DELETE: Remove the web page
• LINK: Connects two existing resources
• UNLINK: Breaks an existing connection between two resources

Network Packets

• A packet is divided into three sections: header, payload, and footer
• The header contains information on the packet's source and destination
• The payload carries the actual data being transmitted
• The footer contains error-checking data

TCP Header

• The TCP header contains the following information:
  • Source and destination port numbers
  • Sequence number
  • Synchronization bits (URG, ACK, SYN, FIN, RST)

Synchronization Bits

• URG (1 bit): Marks traffic as urgent
• ACK (1 bit): Acknowledges the attempt to synchronize communications
• SYN (1 bit): Synchronizes sequence numbers
• FIN (1 bit): No more data from sender
• RST (1 bit): Resets the connection

Subnetting and CIDR

• Subnetting is dividing a network into smaller portions
• Variable Length Subnet Mask (VLSM) is used to define the network and node portions of an IP address
• The subnet mask is a 32-bit number that divides the 32-bit IP address into network and node portions

IPv6

• IPv6 uses 128-bit addresses
• IPv6 addresses are written in hexadecimal format
• IPv6 uses the CIDE format for subnetting
• The loopback address for IPv6 is ::/128
• IPv6 link/machine-local addresses start with fe80::

Wi-Fi Security

• WEP (Wired Equivalent Privacy) uses the stream cipher RC4 to secure data
• WPA (Wi-Fi Protected Access) uses Temporal Key Integrity Protocol (TKIP)
• WPA2 uses the Advanced Encryption Standard (AES) in Counter Mode with CBC-MAC Protocol (CCMP)
• WPA3 requires attackers to interact with your Wi-Fi for every password guess

Other Wireless Protocols

• ANT+: Used for sensor data in applications such as bio-sensors and exercise tracking
• ZigBee: Used for residential applications of wireless devices
• Z-Wave: Used for home automation
• Bluetooth: Used for short-distance radio communication
• Low-energy options are available in Bluetooth 5.2

Description

Test your knowledge of network basics, including IP addresses, MAC addresses, and other essential concepts for analyzing network traffic.