From 030f2dfcd62a430b1e689e607a88b85fc311fba5 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Tue, 21 Jan 2020 22:39:39 +0000 Subject: [PATCH 1/7] ANSWERED: Explain MAC flooding attack. --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 53820e5..bac9bfc 100644 --- a/README.md +++ b/README.md @@ -5471,6 +5471,9 @@ HTTP Header Injection vulnerabilities occur when user input is insecurely includ
Explain MAC flooding attack
+ +MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of Ethernet frames with different fake source MAC address. +
From ef65b8e1fff2af8b6d49dc88af410f2e3ebd0cf8 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Tue, 21 Jan 2020 22:42:35 +0000 Subject: [PATCH 2/7] ANSWERED: What is Cache Poisoned Denial of Service? --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index bac9bfc..cc9d3f9 100644 --- a/README.md +++ b/README.md @@ -5486,6 +5486,9 @@ MAC address flooding attack (CAM table flooding attack) is a type of network att
What is Cache Poisoned Denial of Service?
+ +CPDoS or Cache Poisoned Denial of Service. It poisons the CDN cache. By manipulating certain header requests, the attacker forces the origin server to return a Bad Request error which is stored in the CDN’s cache. Thus, every request that comes after the attack will get an error page. +
## Puppet From f0614eadd2fce4dfa71d8c1b6691c0fc5b7dd140 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Tue, 21 Jan 2020 22:43:36 +0000 Subject: [PATCH 3/7] ANSWERED: Explain what is Buffer Overflow --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index cc9d3f9..a81886c 100644 --- a/README.md +++ b/README.md @@ -5454,6 +5454,10 @@ HTTP Header Injection vulnerabilities occur when user input is insecurely includ
Explain what is Buffer Overflow
+ +A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations. + +
##### Containers From 3ea1236c2da7b2d8b849df84064e5a97df687b8d Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Tue, 21 Jan 2020 22:44:29 +0000 Subject: [PATCH 4/7] DELETED Duplicate "Buffer Overflow" Question. --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index a81886c..aa7d6b4 100644 --- a/README.md +++ b/README.md @@ -5404,9 +5404,6 @@ You can test by using a stored procedure, so the application must be sanitize th Explain "Format String Vulnerability"
-
-Explain "Buffer Overflow"
-
Explain DMZ
From 017b29cb99ea0c3862038c0834e6733b95006f85 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Tue, 21 Jan 2020 22:47:24 +0000 Subject: [PATCH 5/7] ANSWERED: What can you tell me about Spectre? --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index aa7d6b4..b297df7 100644 --- a/README.md +++ b/README.md @@ -5394,6 +5394,9 @@ You can test by using a stored procedure, so the application must be sanitize th
What can you tell me about Spectre?
+ +Spectre is an attack method which allows a hacker to “read over the shoulder” of a program it does not have access to. Using code, the hacker forces the program to pull up its encryption key allowing full access to the program +
From 0e3905472910e1d9f3c1894554b7102b15ab526f Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Tue, 21 Jan 2020 22:48:30 +0000 Subject: [PATCH 6/7] ANSWERED: What can you tell me about Stuxnet? --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index b297df7..8498cba 100644 --- a/README.md +++ b/README.md @@ -5390,6 +5390,10 @@ You can test by using a stored procedure, so the application must be sanitize th
What can you tell me about Stuxnet?
+ +Stuxnet is a computer worm that was originally aimed at Iran’s nuclear facilities and has since mutated and spread to other industrial and energy-producing facilities. The original Stuxnet malware attack targeted the programmable logic controllers (PLCs) used to automate machine processes. It generated a flurry of media attention after it was discovered in 2010 because it was the first known virus to be capable of crippling hardware and because it appeared to have been created by the U.S. National Security Agency, the CIA, and Israeli intelligence. + +
From 00d5d412c82cd5e42451f5ef213bfbceb0dd2358 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Tue, 21 Jan 2020 22:51:39 +0000 Subject: [PATCH 7/7] ANSWERED: What is DNS Spoofing? How to prevent it? --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 8498cba..c623b44 100644 --- a/README.md +++ b/README.md @@ -5386,6 +5386,14 @@ You can test by using a stored procedure, so the application must be sanitize th
What is DNS Spoofing? How to prevent it?
+ +DNS spoofing occurs when a particular DNS server’s records of “spoofed” or altered maliciously to redirect traffic to the attacker. This redirection of traffic allows the attacker to spread malware, steal data, etc. + +**Prevention** +- Use encrypted data transfer protocols - Using end-to-end encryption vian SSL/TLS will help decrease the chance that a website / its visitors are compromised by DNS spoofing. +- Use DNSSEC - DNSSEC, or Domain Name System Security Extensions, uses digitally signed DNS records to help determine data authenticity. +- Implement DNS spoofing detection mechanisms - it’s important to implement DNS spoofing detection software. Products such as XArp help product against ARP cache poisoning by inspecting the data that comes through before transmitting it. +