Shared Flashcard Set

Details

CEH
Certified Ethical Hacker
122
Computer Networking
Professional
10/30/2013

Additional Computer Networking Flashcards

 


 

Cards

Term
DNS
Definition
Domain Name Server
Term

DNS Record Type:

 

A (Host)

Definition
Maps a name to IP address
Term

DNS Record Type:

 

HINFO/SOA (Start of Authority)

Definition
Essential information such as primary name server for the zone, properties such as expieration, and TTL (Time To Live)
Term

DNS Record Type:

 

SRV (Service)

Definition
Service host name and port number for specific services such as Active Directory
Term

DNS Record Type:

 

PTR (Pointer)

Definition
Used in reverse zone DNS lookups to resolve an IP address to a host name
Term

DNS Record Type:

 

NS (Name Server)

Definition
Identifies name servers in the namespace
Term

DNS Record Type:

 

MX (Mail Exchange)

Definition
E-mail servers
Term

DNS Record Type:

 

CNAME (Canonical Name or Alias)

Definition
Alias for a server, most commonly for www
Term

ICANN

 

(Internet Corporation for Assigned Names and Numbers)

Definition
Overall management of IP address allocation, domain registrants
Term

ARIN

 

(American Registry for Internet Numbers)

Definition
North/South America, sub-Saharan Africa
Term

APNIC

 

(Asia-Pacific Network Information Centre)

Definition
Asia and Pacific
Term

RIPE

 

(Reseaux IP Europeens)

Definition
Europe, Middle East, parts of central Asia, Northern Africa
Term

LACNIC

 

(Latin America and Caribbean Network Information Center)

Definition
Latin America and the Caribbean
Term

AfriNIC

 

(African Network Information Center)

Definition
Africa
Term
Scanning Methodology
Definition

1. Identify Live Systems

2. Discover Open Ports

3. Identify the OS and services

4. Scan for Vulnerabilities

Term

ICMP Message Type :

 

 

0

Definition
Echo Reply -- Expected answer from a live system to a Type 8 ECHO request
Term

ICMP Message Type :

 

3

Definition
Destination Unreachable
Term

ICMP Message Type :

3- Error Codes

Definition

0:    Destination network unreachable

1:     Destination host unreachable

6:     Network unknown

7:    Host unknown

9 :   Network administratively prohibited

10 :    Host administratively prohibited

13:    Communication administratively prohibited (Often a firewall filtering ICMP)

Term

ICMP Message Type :

 

 

4

Definition
Source Quench --- Congestion control
Term

ICMP Message Type :

 

5

Definition

Redirect -- Indicates more than one route to destination, and the optimum route is not the configured default gateway

 

0 :   Redirect Datagram for the network

 

1 :   Redirect Datagram for the host

Term

ICMP Message Type :

 

8

Definition
Echo Request -- A typical ping message
Term

ICMP Message Type :

 

 

11

Definition
Time Exceeded -- Packet took too long to be routed to destination Code 0: TTL expired
Term
What are the Well-Known Ports?
Definition

TCP Ports 0-1023

UDP Ports 0-1023

 

Generally reserved for specific ports, many are obscure, but should still not be selected arbitrarily

Term
What are the Registered Port Numbers?
Definition

TCP Ports 1024-49151

UDP Ports 1024-49151

Term
What are the Unregsitered Port Numbers?
Definition

TCP Ports 49,152 - 65,535

UDP Ports 49,152 - 65,535

Term
What port does FTP use and what is it for?
Definition
FTP uses port number 21 for both TCP and UDP and is used for File Transfer
Term
What port does SSH use and what is its purpose?
Definition
SSH uses port 22 and is for secure, encrypted connections to protect against sniffing - e.g., telnet via SSH prevents plaintext sniffing of telnet credentials
Term
What port does Telnet use and for what purpose?
Definition
Telnet uses port 23 and is for Remote management of an operating system or network device such as a router or pc
Term
What port does SMTP use and for what purpose?
Definition

SMTP uses port 25 to send mail 

 

(Simple Mail Transfer Protocol)

Term
What port does DNS use and for what purpose?
Definition

DNS uses port 53 for both UDP and TCP and is used for DNS zone transfers

 

(Domain Name Server)

Term

What port does DHCP use and for what purpose?

 

Is DHCP used with TCP or UDP?

Definition

DHCP uses UDP port 67 and is used for Automatic IP configuration of DHCP network clients

 

(it picks the IP addresses for you via port 67)

Term

What port does TFTP use and for what purpose?

 

Is TFTP used with TCP or UDP?

Definition
TFTP uses UDP port 69 and is a Fast method to transfer files on a local network
Term
What port does HTTP use and for what purpose?
Definition
HTTP uses TCP port 80 and is the Protocol of Web Browsers
Term
What port does POP3 use and for what purpose?
Definition
POP3 uses TCP port 110 and is used to Receive Internet e-mail
Term
What port does RPC use and for what purpose?
Definition

RPC uses TCP port 135 and is used as a Connection to Administer a remote computer

 

(Remote Procedure Call)

Term
What port does NetBIOS use and for what purpose?
Definition
NetBIOS uses TCP and UDP ports 137-139 and is Primarily a Microsoft method to communicate over the network
Term
What port does IMAP use and for what purpose?
Definition
IMAP uses TCP port 143 and us used to Receive internet e-mail and has more flexibility than POP3
Term
What port does SNMP use and for what purpose?
Definition

SNMP uses UDP ports 161 & 162 and is used to Request and receive network device status and error messages

 

(Simple Network Management Protocol)

Term
What port does LDAP use and for what purpose?
Definition
LDAP uses TCP & UDP port 389 and is Required to access Active Directory Services
Term
What port does HTTPS use and for what purpose?
Definition
HTTPS uses TCP port 443 and is used to Secure internet communication to protect data and ensure integrity
Term
What port does SMB use and for what purpose?
Definition

SMB uses TCP port 445 and is Primarily a Windows method to make shared resources available to the network

 

(Server Message Block)

Term
What is SMB (Server Message Block)?
Definition
An application-layer network protocol mainly used for providing shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network
Term

What is the TCP Header Flag SYN?

 

Give the Decimal and Hex Equivalent as well as a Description. 

Definition

SYN means Synchronize

Decimal Equivalent = 2

Hex Equivalent = 0x02

 

Set on intial communication, and specifies negotiation of parameters and sequence numbers

Term

What is the TCP Header Flag ACK?

 

Give the Decimal and Hex Equivalent as well as a Description.

Definition

ACK means Acknowledge

Decimal Equivalent = 16

Hex Equivalent = 0x10

 

Response to inbound SYN flag, and included on all segments after intial SYN

Term

What is the TCP Header Flag SYN/ACK?

 

Give the Decimal and Hex Equivalent as well as a Description.

Definition

SYN/ACK means Synchronization has been Acknowledged

 

Decimal Equivalent = 18

Hex Equivalent = 0x012

 

Add 2 + 16 = 18

Term

What is the TCP Header Flag PSH?

 

Give the Decimal and Hex Equivalent as well as a Description.

Definition

PSH means Push

Decimal Equivalent = 8

Hex Equivalent = 0x08

 

Forces data delivery regardless of buffering

Term

What is the TCP Header Flag RST?

 

Give the Decimal and Hex Equivalent as well as a Description.

Definition

RST means Reset

Decimal Equivalent = 4

Hex Equivalent = 0x04

 

Terminates communcation in both directions

Term

What is the TCP Header Flag URG?

 

Give the Decimal and Hex Equivalent as well as a Description.

Definition

URG means Urgent

Decimal Equivalent = 32

Hex Equivalent = 0x20

 

Data is sent out-of-band

Term

What is the TCP Header Flag FIN?

 

Give the Decimal and Hex Equivalent as well as a Description.

Definition

FIN means Finish

Decimal Equivalent = 1

Hex Equivalent = 0x01

 

Graceful close to communication

Term

What is the TCP Header Flag XMAS?

 

Give the Decimal and Hex Equivalent as well as a Description.

Definition

XMAS means Christmas

Decimal Equivalent = 41

Hex Equivalent = 0x29

 

Called XMAS because the SYN/PUSH/URG flags are all lit (like a christmas tree(very noisy))

Term
What does the nmap switch -sP mean?
Definition
This is a Ping Sweep and is very noisy and easily detectible. Only detects live hosts, and is easily blocked by firewalls including windows firewall
Term
What does the nmap switch -sA mean?
Definition
This is an ACK scan and is used to determine firewall rulesets, whether they are stateful, and which ports are filtered
Term
What does the nmap switch -sT mean?
Definition
This is a TCP Connect Scan and Open ports respond with SYN/ACK, closed ports respond with a RST/ACK
Term
What does the nmap switch -sS mean?
Definition
This is a SYN scan, AKA Stealth or Half-open Scan, and Open ports respond with SYN/ACK and then nmap sends a RST. Closed ports with a RST/ACK
Term
What does the nmap switch -sF mean?
Definition
This is a FIN scan, AKA Inverse scan, If a RST is received, port is closed. If no response, the port is open or filtered. The port is marked filtered if an ICMP unreachable error code is received (type 3 code 1,2,3,9,10, or 13)
Term
What does the nmap switch -sX mean?
Definition
This is an XMAS scan, if a RST is received, the port is closed. If no response the port is open or filtered. The port is marked filtered if an ICMP unreachable error code is received (Type 3 Code 1,2,3,9,10 or 13)
Term
What does the nmap switch -sN mean?
Definition
This is a NULL scan, Responses vary depending on the Operating System. Null scans are designed for UNIX/Linux Operating Systems
Term
What does the nmap switch -sI mean?
Definition
This is an IDLE scan, AKA Side-Channel Scan, Uses spoofed IP address to prompt responses to a scan that are sent back to the spoofed address. This scan can be somewhat complex, look here for specific details : http://nmap.org/book/idlescan.html
Term
What is a Ping Sweep?
Definition

This scan is pretty noisy and many IDS (Intrusion Detection Systems) will detect it. This scan only detectws if the host is up, which is one of the first necessary steps in scanning. The "-n" avoids DNS name resolution for the IP address to accelerate the scan.

 

Side Note: You can add "--packet_trace" to any of these nmap commands to see specific details of the scan in progress

e.g.,:

nmap -sP -n -vv <target>

Term

 

TCP Connect Scan

Definition

Most popular services use TCP. This scan attempts a full connection (SYN, SYN/ACK, ACK) This type of scan is fast and the most reliable, but not stealthy

 

nmap -sT -P0 -v v <target>

 

the -P0 is useful to avoid sending a ping first.

Term

 

UDP Scan

Definition

Scan for services on UDP such as DNS, SNMP, and DHCP (53, 161/162 and 67/68) This type of scan is somewhat slow

 

nmap -sU -P0 -vv <target>

Term

 

List Scan

Definition

Uses reverse lookups for a range of targets. Useful to confirm that scanned hosts are in the intended network

 

nmap -sL -vv <target>

Term
SYN Scan
Definition

(Half-Open Scan) Stealthy because no 3-way handshake takes place. Many IDS only register events on full connections. Closed ports reply with RST. Open ports reply with SYN/ACK and then nmap sends back a RST to tear down the connection.

 

 

nmap -sS -vv <target>

Term
FIN Scan
Definition
Also Stealthy, and more successful against some firewalls that are configured to watch for SYN scans to restricted ports. Unfortunately, most Windows systems will send a RST regardlesss of whether the port is open or closed
Term
XMAS Scan
Definition
FIN, URG, PUSH Flags are all on. XMAS scans work best on Linux but not so much on Windows. Try FIN and XMAS in trial and error to see which one has success
Term
NULL Scan
Definition
Sometimes useful for stateful packet inspection firewall. a NULL header on a packet gives the SPI nothing to inspect so it might pass successfully
Term
ACK Scan
Definition
Circumvent packet filtering firewalls. The firewall has to accept all ACK packets if it does not have a state table to track SYNs.
Term
Boot Sector Virus
Definition
Moves the hard drive boot sector to another location, allowing virus to load first. Removal usually requires fdisk or MBR and then reinstallation of the drive from kown-good backup.
Term
Shell Virus
Definition
Wraps around application code so that it executes prior to the actual legitimate application. Especially dangerous to AV software, because if it is attached to AV it can execute and immediately shutdown the AV software so that the virus continues undetected
Term
Multipartite Virus
Definition
Multiple attack vectors, usually including one or more files and the boot sector
Term
Macro Virus
Definition
Usually infects Microsoft Office template files like Word and Excel. Written with visual basic for applications
Term
Polymorphic Virus
Definition
A virus that constantly changes its signature, making it difficult for AV products to detect. Heuristic detection helps this
Term
Metamorphic Virus
Definition
Similar to Polymorphic, except that it rewrites every time it infects a new file instead of constantly changing
Term
Hoax Virus
Definition
Might not do any real damage, and usually is a prank that could rename a title bar or change an interface item. Also known as a defacement Virus
Term
TCP Wrappers use what TCP port?
Definition
TCP Port 421
Term
What TCP port does the Trojan Doom use?
Definition
TCP Port 666
Term
What TCP port does the Trojan Snipernet use?
Definition
TCP Port 667
Term
What TCP port does the Trojan Tini use?
Definition
TCP Port 7777
Term
What TCP port does the Trojan WinHole use?
Definition
TCP Port 1080& 1081
Term
What TCP port does the Trojan RAT use?
Definition
TCP Port 1095,1097, 1098
Term
What TCP port does the Trojan SpySender use?
Definition
TCP Port 1807
Term
What TCP port does the Trojan Deep Throat use?
Definition
TCP Port 2140, 3150
Term
What TCP port does the Trojan NetBus use?
Definition
TCP Port 12345, 12346
Term
What TCP port does the Trojan Whack a Mole use?
Definition
TCP Port 12362, 12363
Term
What TCP port does the Trojan Back Orifice use?
Definition
TCP Port 31337, 31338
Term
What are the three different types of Rootkits?
Definition

Application-Level

 

Kernel - Level

 

Library- Level

Term
What is an Application-Level Rootkit?
Definition
Replaces legitimate application or OS files with replacements that include rootkit binaries. In this respect, they are also Trojans.
Term
What does a Kernel-level rootkit do?
Definition
Attack boot sector and critical OS files. Kernel-level OS files are replaced with root-kit infected code. This type is the most threatening and difficult to detect and remove
Term
What is a Library-Level Rootkit?
Definition
Uses system-level calls to conceal themselves
Term
What can you type in Windows Command Prompt to show connections and listening ports?
Definition
netstat -an
Term
What can you see if you can access the SPAN port on a switch?
Definition
all of the network traffic
Term
What kind of Hash does Windows NTLMv2 use?
Definition
MD5 Hash
Term
What is The Onion Network (TOR) for?
Definition
This is a method of concealing identity online. Client software routes internet traffic through routers provided by volunteers and makes it very difficult to trace back
Term
When using Basic Authentication on Web Servers, how is the data sent over the network?
Definition
clear text
Term
What is an example of a Buffer Overflow statement?
Definition
If (I>=300) then exit (1)
Term
what is SQL Injection?
Definition
This effectively allows a hacker to perform operations on a database including changing, extracting, or deleting data.
Term
When you see "../../../" what does this mean?
Definition
Directory Traversal
Term
When starting a SQL Injection attack what would you start the line with?
Definition

' or 1=1, because the evaluation of 1=1 is always true

 

Single quote is the key item to look for in SQL Injection

Term
How many bits is Twofish?
Definition
up to 256-bit key
Term
How many bits is Blowfish?
Definition

32 to 448-bit Key

public domain

very fast

largely replaced by AES

Term

How many bits is IDEA?

 

(International Data Encryption Agency)

Definition

128-bit key

Originally the Pretty Good Privacy (PGP)

Mostly used in Europe

Term
How many bits is Rivest Ciper (RC)?
Definition

RC4 - 40 to 256 bits

Often used in SSL,WEP several vulnerabilities

 

RC5- Variable block size: 32,64, or 128 bits

up to 2040 bit key

generally 64-bit block, 128 bit key, 12 rounds--Brute Force may take up to 90 years on a 72-bit key

 

RC6 - Block size 128 bits

Key size: 128,192, or 256 bits

Interweaves two parallel RC5 encryption processes

Term

How many bits is DES?

 

(Digital Encryption Standard)

Definition

56-bit key

Not considered secure, rarely used

Term
How many bits is 3DES?
Definition

168-bit key

Use up to three keys inmultiple-encryption

Slower than DES but more effective

Term

How many bits is AES?

 

(Advanced Encryption Standard)

Definition

Key lengths 128,192, or 256

Replaces DES & 3DESmore secure and also much faster

Term
What are the Symmetric Algorithms?
Definition

Twofish

Blowfish

IDEA

RC

DES

3DES

AES

Term
What are the Asymmetric Algorithms?
Definition

Diffie-Helman

Elliptic Curce Cyrptosystem (ECC)

RSA(Rivest, Shamir, Aldeman - Foundrs of RSA)

 

Term
What is Diffie-Helman?
Definition
Diffie-Helman is an asymmetric algorithm, with key exchange protocol and used in SSL and IPSec
Term
What is Elliptic Curce Cryptosystem (ECC)?
Definition

Involves points from an elliptical curce and logarithmic calculations

Used for encryption and signatures

Favored for mobile devices (Uses less processing)

 

Side Note: Cracked with 200 PS3 game consoles in July 2009 and 2600 computers running for 17 months in April 2004

Term
What is RSA?
Definition

Basis of public/private keys for encryption and decryption, strong encryption using 2 large prime numbers

 

Key sizes are up to 4096 bits

accepted as the current standard

Term
What are the Hashing Algorithms?
Definition

MD-5

SHA-1

SHA-2

Term
What is a MD5 Hash?
Definition
128 bit key
Term
What is a SHA-1 Hash?
Definition
160 bit Key
Term
What is a SHA-2 Hash?
Definition
Four separate hash function producing outputs of 224, 256, 384, and 512 bits
Term
How many bits does Syskey use?
Definition
128 bit key lengths
Term
Wireless type 802.11a gives what radio frequency, range and bandwidth?
Definition

5GHz frequency

50 meter range

up to 54 Mbps

Term
Wireless type 802.11b gives what radio frequency, range and bandwidth?
Definition

2.4 GHz Frequency

100 meter range

11 Mbps

Term
Wireless type 802.11g gives what radio frequency, range and bandwidth?
Definition

2.4 GHz frequency

100 meter range

54 Mbps

Term
Wireless type 802.11n gives what radio frequency, range and bandwidth?
Definition

2.4 & 5 GHz frequency

100 meter range

108-250 (MIMO) Mbps

Supporting users have an ad free experience!