Essay on Ceh Cheat Sheet

3903 Words Aug 20th, 2012 16 Pages
Footprinting

The phases of an attack

1. Reconnaissance Information gathering, physical and social engineering, locate network range 2. Scanning - Enumerating Live hosts, access points, accounts and policies, vulnerability assessment 3. Gaining Access Breech systems, plant malicious code, backdoors 4. Maintaining Access Rootkits, unpatched systems 5. Clearing Tracks IDS evasion, log manipulation, decoy traffic

Information Gathering

1. Unearth initial information What/ Who is the target? 2. Locate the network range What is the attack surface? 3. Ascertain active machines What hosts are alive? 4. Open ports / access points How can they be accessed? 5. Detect operating systems What platform are they? 6. Uncover
…show more content…
They are extremely difficult to prevent from being attempted. The best defense is a well designed network that is hard to overwhelm.

DoS Methods Buffer Overflows Crashes applications or services Smurf Spoofed traffic sent to the broadcast address of a network Fraggle UDP version of the Smurf, usually bouncing Chargen traffic off Echo ports Ping of Death Packet larger than the 64k limit Teardrop Offset values modified to cause fragments to overlap during reassembly, results in short packet Unnamed Offset values modified to cause gaps between fragments, results in long packets Syn Flood SYN flags sent to open ports, no completion of the hansdshake Land Traffic sent to a victim spoofing itselft as the source, results in ACK storms Winnuke Sends TCP traffic with the URG flag set, causes CPU utilization to peak

Dos Tools Jolt2 Floods with invalid traffic results in 100% CPU utilization Land and La Tierra Executes teardrop and land attacks Targa Provides a menu of several DoS attacks Blast20 Also considered to be a web server load tester Crazy Pinger ICMP flooder UDP Flood UDP flooder written by Foundstone

DDos Attacks
Botnets - Command and Control Center

Related Documents