Network Sniffing Module 08

Questions and Answers

What is the process of monitoring all data packets that pass through a given network?

Packet sniffing

What is the primary difference between a hub and a switch in computer networking?

• A hub only sends data to the specified destination port, whereas a switch transmits data to all ports.
• A switch is faster than a hub, but a hub can handle more traffic.
• A hub is more secure than a switch, but a switch provides more flexibility.
• A hub transmits line data to each port and has no line mapping, whereas a switch looks at the MAC address for each frame and sends data to the required port. (correct)

Packet sniffing programs can capture data packets from any network.

False (B)

What technique is used to manipulate the functionality of the switch to see all traffic passing through it?

Packet Sniffing (D)

What is the purpose of ARP spoofing?

ARP spoofing involves sending a fake ARP reply to the target machine, causing all traffic intended for the gateway to be redirected through the attacker's machine.

What is the primary purpose of MAC flooding?

To force a switch to behave like a hub, allowing for packet sniffing. (E)

What is the key difference between passive and active sniffing?

Passive sniffing involves capturing and monitoring traffic without sending any packets, while active sniffing actively injects packets into the network to manipulate the switch and view traffic.

Which of the following protocols are vulnerable to sniffing when passwords are sent in cleartext?

All of the above (E)

What is a Denial-of-Service (DoS) attack?

A DoS attack is designed to overload a target system or network with excessive traffic, making it inaccessible to legitimate users.

How do malicious traffic and regular traffic differ in a DoS attack?

Malicious traffic consumes all available bandwidth, while regular traffic uses a small amount of bandwidth. (A)

What is a Distributed Denial-of-Service (DDoS) attack?

A DDoS attack involves multiple compromised computers, known as zombies or botnets, coordinated by an attacker to overwhelm a single target system.

Which of the following are impacts of DDoS attacks?

Loss of goodwill (A), Financial losses (B), Disabled networks (C)

DDoS attacks primarily focus on consuming network bandwidth and overloading resources.

True (A)

Which of the following are examples of Volumetric DDoS attack techniques?

ICMP flood attack (C), UDP flood attack (E)

Which of the following are examples of Protocol DDoS attack techniques?

All of the above (E)

What is the main goal of an Application Layer DDoS attack?

Application Layer DDoS attacks aim to disrupt a specific service or application by targeting its functionality and consuming its resources, often through exploits like a buffer overflow or by sending excessive requests.

What is a SQL injection attack?

A technique for gaining unauthorized access to a database or retrieving information directly from it by exploiting vulnerabilities in web applications. (C)

What are the primary goals of SQL injection attacks?

Both A and B (D)

SQL injection attacks primarily target databases and not web applications.

False (B)

What are the five categories of attack through SQL injection?

The five categories of attack through SQL injection are Authentication and Authorization Bypass, Information Disclosure, Compromised Data Integrity, Compromised Availability of Data, and Remote Code Execution.

Which of the following server-side technologies are commonly used to create dynamic, data-driven websites and web applications?

All of the above (E)

SQL injection attacks only affect web applications built using specific programming languages.

False (B)

What are the main reasons why SQL injection attacks occur?

Lack of proper input validation (A), Both A and B (D)

How do SQL injection attacks exploit vulnerabilities in web applications?

SQL injection attacks exploit vulnerabilities in web applications by injecting malicious SQL commands into user-supplied data, which is then passed to the database for execution.

HTTP GET requests are more secure than HTTP POST requests because the data is sent in the URL.

False (B)

What is the main purpose of HTTP POST requests?

HTTP POST requests send data to a web server, often for submitting forms or uploading files, using the message body to transmit the data.

Flashcards

Packet Sniffing

Monitoring and capturing network traffic to observe data packets.

Promiscuous Mode

A network interface card (NIC) setting that receives all packets on the network.

Hub-based Network

A network where all devices share a common transmission medium, making sniffing easy.

Switched Network

A network using switches to direct traffic only to intended recipients, making passive sniffing harder.

MAC Address

A unique hardware address identifying a network device.

ARP Spoofing

A technique to manipulate the Address Resolution Protocol (ARP) to redirect network traffic.

MAC Flooding

Overloading a switch with fake MAC addresses to make it act like a hub.

Passive Sniffing

Capturing network traffic without actively injecting data.

Active Sniffing

Capturing network traffic by actively injecting data or manipulating network traffic flows.

Denial-of-Service (DoS) attack

Overloading a system to prevent legitimate users from accessing it.

Distributed Denial-of-Service (DDoS) attack

A DoS attack from multiple compromised systems (a botnet).

Volumetric Attack

Consuming network bandwidth by flooding it with traffic.

Protocol Attack

Consuming network resources like connection tables.

Application Layer Attack

Exhaustion of application resources through excessive requests.

SQL Injection

Injecting malicious SQL code into user input fields to execute commands.

SQL injection attack

Exploiting weaknesses in web applications to manipulate SQL queries.

Authentication Bypass

Gaining access to a system without valid credentials using SQL injection.

Information Disclosure

Retrieving sensitive data from a database using SQL injection.

Authentication

The process of verifying a user's identity.

Authorization

Granting access privileges to a user.

HTTP POST Request

A method for sending data to a server, typically containing user input and credentials.

SQL Query

A request to a database server to perform an operation.

SQL Injection query

A malicious input injected to manipulate database queries.

Study Notes

Module 08: Sniffing

• Packet sniffing is monitoring and capturing all data packets passing through a network using software or hardware.
• It lets attackers observe and access network traffic.
• Packet sniffing collects sensitive information like Telnet passwords, email traffic, syslog traffic, router configurations, web traffic, DNS traffic, FTP passwords, chat sessions, and account information.
• In hub-based networks, sniffing is easy as all traffic passes through all connected devices.
• Modern networks use switches, making sniffing more complex. Switches examine MAC addresses to direct traffic.
• Attackers can manipulate switches to see all traffic.
• Sniffers capture data only from the subnet.
• Promiscuous mode on Network Interface Cards (NICs) allows capturing all data packets.
• Passive sniffing monitors traffic without sending packets (hubs).
• Active sniffing injects packets (switches), often using ARP spoofing or MAC flooding.
• ARP spoofing sends fake ARP replies to redirect traffic through the attacker's machine.
• MAC flooding overwhelms the switch's table to make it act as a hub.

Module 10: Denial-of-Service

• Denial-of-service (DoS) attacks limit legitimate users' access by overloading resources.
• Attackers can flood a victim system with non-legitimate requests to exhaust resources.
• Flooding can involve excessive traffic.
• Examples include flooding IRC, TCP/IP stack with corrupt packets, or infinite-loop attacks.
• DoS aims to deny service rather than gain access to data.
• DoS attacks can be categorized as volumetric, protocol, or application layer attacks.

Module 15: SQL Injection

• SQL injection exploits unsanitized input vulnerabilities.
• Attackers inject malicious SQL queries to manipulate the database or retrieve data.
• SQL is used by database servers for commands like INSERT, UPDATE, and SELECT.
• Unsanitized input allows attackers to execute arbitrary SQL code by injecting malicious queries.
• SQL injection attacks can compromise database integrity, availability, and authorization.
• Authorization bypass allows access to accounts without valid credentials.
• Information disclosure retrieves sensitive information from the database.
• Compromised data integrity alters data or inserts harmful content.
• Compromised availability deletes or corrupts database information.
• Remote code execution allows control of the server.
• Server-side technologies like ASP.NET and databases often have vulnerabilities that can result in SQL injection attacks.
• HTTP POST requests transmit data in the message body, which can also contain embedded SQL queries.
• Proper validation of input values from users is vital to prevent SQL injection vulnerabilities.

Description

Explore the intricacies of packet sniffing in this quiz, which covers the techniques used to monitor and capture network traffic. Learn about the vulnerabilities of hub-based versus switch-based networks and the methods attackers employ, such as ARP spoofing and promiscuous mode. Test your understanding of how sensitive information can be collected through sniffing.