Question and Answer (2026/2027) |
Detailed Rationales
• Permutation Scanning -✓✓ All comprised computers share a common psuedo-
random permutation of the IP address space
• Signpost Scanning -✓✓ Uses the communication patterns of the comprised
computer to find a new target
• Hit List Scanning -✓✓ A portion of a list of targets is supplied to a comprised
computer
• Subnet Spoofing -✓✓ Generate random addresses within a given address space
• Random Spoofing -✓✓ Generate 32-bit numbers and stamp packets with them
• Fixed Spoofing -✓✓ The spoofed address is the address of the target
• Server Application -✓✓ The attack is targeted to a specific application on a
server
• Network Access -✓✓ The attack is used to overload or crash the communication
mechanism of a network
• Infrastructure -✓✓ The motivation of this attack is a crucial service of a global
internet operation, for example core router
• DoS Bug (Amplification Attack) -✓✓ Design flaw allowing one machine to
disrupt a service
• DoS Flood (Amplification Attack) -✓✓ Command botnets to generate flood of
requests
• UDP-based NTP -✓✓ -Particularly vulnerable to amplification attacks
-Small command can generate a large response
,-Vulnerable to source IP spoofing
-Difficult to ensure computers only communicate with legitimate NTP servers
• IP Header Format -✓✓ -Connectionless
-Unreliable
-No authentication
• SYN Flood -✓✓ A type of DoS where an attacker sends a large amount of SYN
request packets to a server in an attempt to deny service.
• SYN Flood Mitigations -✓✓ Syn Cookies - remove state from server, but incur
performance overhead
• Crowdturfers -✓✓ - Crowdsource to create, verify, and manage fake accounts
- Solve CAPTCHAs
• Penetration Testing -✓✓ Footprinting, Scanning, Enumeration, Gaining Access,
Escalating Privileged, Pilfering (steal data), Covering Tracks, Creating Backdoors
• NS Record -✓✓ Points to other server
• A Record -✓✓ Contains IP Address
• MX -✓✓ Address in charge of handling email
• TXT -✓✓ Generic text; distribute site public keys
• DNS vulnerabilities -✓✓ - Users/hosts trust the host-address mapping provided
by DNS
- Interception of requests or compromise of DNS servers
- Few use DNSsec
- Cache poisining
• Cache Poisoning -✓✓ Corrupting an Internet server's DNS table by replacing an
Internet address with that of another, rogue address. When a Web user seeks the
page with that address, the request is redirected by the rogue entry in the table to a
different address. At that point, a worm, spyware, Web browser hijacking program,
,or other malware can be downloaded to the user's computer from the rogue
location.
• DNSsec -✓✓ - Authenticity of DNS answer origin
- Integrity of reply
- Authenticity of denial of existence
- Uses public key crypto to sign responses
• TCP Problems -✓✓ - Network packets pass untrusted hosts
- TCP state easily obtained by eavesdropping
- IP info not protected
• Open Shortest Path First (OSPF) -✓✓ An interior gateway routing protocol
developed for IP networks based on the shortest path first or link-state algorithm.
Looks for the lowest cost path within nodes.
• Border Gateway Protocol (BGP) -✓✓ A core routing protocol that bases routing
decisions on the network path and rules.
Protocol designed to exchange routing and reachability information among
autonomous systems (AS).
• Botminer -✓✓ - Botnet can have different infection life cycles and they can
change protocols and structure of the command-and-control
- C-Plane monitor for C&C traffic
- A-Plane monitor malicious instances
• Defense in Depth -✓✓ Prevention, Detection, Survival
• Shamir's Scheme Simulation -✓✓ - Add or delete shares without affecting others
- Easy to create new shares without changing secret
- Easy to create hierarchical schemes
- Information theoretic security
• Byzantine Fault Tolerance -✓✓ - A fault is the cause of an error that leads to a
system failure
- Fault tolerance can be achieved through failure masking
, • DNS Reputation -✓✓ - Prejudge, Profile, Stereotype
• DNS Black List -✓✓ White - Complete Trust
Black - No trust
Grey - Not directly involved in spamming but associated with spam-like behaviors
Yellow - known to produce spam and non-spam email
NoBL - trustworthy
• DNSBL Domain Info -✓✓ - Botnets use short lived domains
- Spyware use anonymously registered domains
- Adware uses disposable domains
• Data Poisining -✓✓ Attacker injects data to cause machine-learning to produce
the raw model
• Syntactic Worm Signature -✓✓ Automatic signature generators look for invariant
parts of polymorphic worms
Vulnerable to Noise Injection Attack
• Noise Injection Attacks -✓✓ Worm also sends out fake anomalous flows
Fake invariants
• Misleading Worm Singature -✓✓ Completely can completely control the process
the process of generating and collecting the training data and ascertain the
authenticity and integrity of the dataset
If training data is obtained in open environment always risk
• Polygraph -✓✓ Signature generation of polymorphic worms
Signatures: Conjuction, Token-subsequence, Bayes
• Model Evasion (Exploratory Attack) -✓✓ Attacker learns about the decision
boundary of the model to bypass it
• SaaS -✓✓ Use provider's applications running on a cloud infrastructure
(knowledge tree)