• Choose a category
• All
• Classic-Fiction

3. C. A network connected via hubs is called a shared network.

4. A. Port-based security implemented on a switch prevents ARP spoofing.

5. C. Dsniff is a group of hacking tools.

6. C. Packets are created and used to carry data at layer 3.

7. A. Snort is both an intrusion detection system (IDS) and a sniffer.

8. D. A network card must operate in promiscuous mode in order to capture traffic destined to a different MAC address than its own.

9. A. Encryption renders the information captured in a sniffer useless to a hacker.

10. A, B, C. Winsniffer can capture passwords for POP3, SMTP, and HTTP traffic.

Denial of Service and

Session Hijacking

CEH EXAM OBJECTIVES COVERED IN THIS CHAPTER:

✓ Denial of Service

Understand the Types of DoS Attacks

Understand How DDoS Attacks Work

Understand How BOTs/BOTNETS Work

What Is a "Smurf" Attack?

What Is "SYN" Flooding?

Describe the DoS/DDoS Countermeasures

✓ Session Hijacking

Understand Spoofing vs. Hijacking

List the Types of Session Hijacking

Understand Sequence Prediction

■ What Are the Steps in Performing Session Hijacking?

Describe How You Would Prevent Session Hijacking

During a Denial of Service (DoS) attack, a hacker renders a system unusable or significantly slows the system by overloading resources or preventing legitimate users from accessing the system. These attacks can be perpetrated against an individual system or an entire network and are usually successful in their attempts.

Session hijacking is a hacking method that creates a temporary DoS for an end user when an attacker takes over the session. Session Hijacking is used by hackers to take over a current session after the user has established an authenticated session. Session hijacking can also be used to perpetrate a man-in-the-middle attack when the hacker steps between the server and legitimate client and intercepts all traffic.

This chapter explains DoS attacks, Distributed Denial of Service (DDoS) attacks, and the elements of session hijacking, such as spoofing methods, the TCP three-way handshake, sequence number prediction, and how hackers use tools for session hijacking. In addition, the countermeasures for DoS and session hijacking are discussed at the end of this chapter.

Denial of Service

A DoS attack is an attempt by a hacker to flood a user's or an organization's system. As a CEH, you need to be familiar with the types of DoS attacks and to understand how DoS and DDoS attacks work. You should also be familiar with robots (BOTs) and robot networks (BOTNETs), as well as smurf attacks and SYN flooding. Finally, as a CEH, you need to be familiar with various DoS and DDoS countermeasures.

Understand the Types of DoS Attacks

There are two main categories of DoS attacks. DoS attacks can be either sent by a single system to a single target (simple DoS) or sent by many systems to a single target (DDoS).

The goal of DoS isn't to gain unauthorized access to machines or data, but to prevent legitimate users of a service from using it. A DoS attack may do the following:

■ Flood a network with traffic, thereby preventing legitimate network traffic.

■ Disrupt connections between two machines, thereby preventing access to a service.

■ Prevent a particular individual from accessing a service.

■ Disrupt service to a specific system or person.

Different tools use different types of traffic to flood a victim, but the result is the same: A service on the system or the entire system is unavailable to a user because it's kept busy trying to respond to an exorbitant number of requests.

A DoS attack is usually an attack of last resort. It's considered an unsophisticated attack because it doesn't gain the hacker access to any information but rather annoys the target and interrupts their service. DoS attacks can be destructive and have a substantial impact when sent from multiple systems at the same time (DDoS attacks).

Hacking Tools

Ping of Death is an attack that can cause a system to lock up by sending multiple IP packets,