Security Cs458 Final Exam

Front 1

What kind of info can be revealed with port scanning?

Back 1

* os version

* valid username

Front 2

What tool can be used to identify apps running on a server?

Back 2

nmap

Front 3

In which case is splicing the cable detectable?

* optical cable

* copper cable

Back 3

optical

Front 4

What is inductance? On which medium is it possible?

Back 4

Inductance allows a physically close attacker to
eavesdrop without making physical contact

Front 5

Name 3 tools that attacker can use to let user B on machine Y, act as user A on machine X without password

Back 5

rlogin, rhost, ssh

Front 6

buying www.uwaterlo.ca is an example of ____

Back 6

spoofing

Front 7

How does session hijacking work? (2)

Back 7

1 )TCP protocol sets up state at sender and receiver
end nodes and uses this state while exchanging
packets
• Attacker can hijack such a session and masquerade as
one of the endpoints

2) cookie sniff/steal

Front 8

TCP includes a mechanism that asks a sender
node to _____ if the network is congested. What can an attacker do with it?

Back 8

An attacker could just ignore these requests

Front 9

How can buffer overflow happen in tcpip?

Back 9

the value in the packet’s length field could be
smaller than the packet’s actual length, making buffer overflow possible

Front 10

How does XSS work?

Back 10

Code steals sensitive information (e.g., cookie)
contained in the web page and sends it to attacker

Front 11

How does CSRF attack work?

Back 11

Code performs malicious action at some web site
(e.g., user’s bank) if user is currently logged in there
• http://www.bank.com/transferMoneyToAttacker

Front 12

Name 5 ways of DoS

Back 12

* cutting wire or jamming wireless signal

* flooding a node by overloading its internet capacity or processing capacity

* ping attack

* smurf attack

* SYN attack

Front 13

What's a smurf attack?

Back 13

Spoof (source) address of sender end node in ping
packet by setting it to victim’s address
• Broadcast ping packet to all nodes in a LAN

Front 14

What is SYN flood attack?

Back 14

DoS attack where Attacker sends many SYNs, but no ACKs

Front 15

Name two ways of modifying packets to cause DoS

Back 15

• Send packet fragments that cannot be reassembled properly
• Craft packets such that they are all hashed into
the same bucket in a hash table

Front 16

What is blackhole attack?

Back 16

Malicious router announces low cost for victim
destination and discards any traffic destined for victim

Front 17

Other name for blackhole attack?

Back 17

Packet drop attack

Front 18

How does DNS attack work?

Back 18

• DNS cache poisoning can lead to packets being routed to the wrong host

Front 19

In a DDoS attack, Attacker breaks into machines using ______ and installs malicious software
• Machine becomes a ____ and waits for attack
command from attacker
• A network of bots is called a ______

Back 19

* Trojan, buffer overflow,. . .

* zombie/bot

* botnet

Front 20

What is fast flux?

Back 20

• A single host name maps to hundreds of addresses of infected machines

Front 21

How does Domain generation algorithm make it harder to shut down botnets?

Back 21

Domain Generation Algorithm
• Infected machine generates a large set (50,000 in the case
of Conficker) of domain names that changes every day
• It contacts a random subset of these names for updates
• To control the botnet, authorities would have to take
control of 50,000 different domain names each day

Front 22

How did Storm Worm defend itself?

Back 22

As a self-defence mechanism, it ran DDoS attacks
against Internet addresses that scanned for it

Front 23

What is the difference between privileged and sandboxed application?

Back 23

Sandboxed: The application will run with restricted access that is intended to protect your computer and personal information