100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CEH v10 Study Guide | Questions And Answers Latest {} A+ Graded | 100% Verified $13.48   Add to cart

Exam (elaborations)

CEH v10 Study Guide | Questions And Answers Latest {} A+ Graded | 100% Verified

 2 views  0 purchase
  • Course
  • Top Academic Resources 2024/2025
  • Institution
  • Top Academic Resources 2024/2025

CEH v10 Study Guide | Questions And Answers Latest {} A+ Graded | 100% Verified

Preview 3 out of 16  pages

  • August 20, 2024
  • 16
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • Top Academic Resources 2024/2025
  • Top Academic Resources 2024/2025
avatar-seller
oneclass
CEH v10 Study Guide | Questions And Answers Latest {2024- 2025} A+ Graded | 100%
Verified


FTP (File Transfer Protocol) - TCP Port 21.



Telnet - TCP 23



SMTP (Simple Mail Transfer Protocol) - TCP 25



DNS (Domain Name System) - TCP 53

UDP 53



HTTP - TCP 80



RPC (Remote Procedure Call) - Port 135 TCP/UDP



NetBIOS (Network Basic Input/Output System) - tcp/139, udp/137, udp/138 - Network communication
servers for LANs that use NetBIOS



SNMP (Simple Network Management Protocol) - UDP 161 and 162



LDAP (Lightweight Directory Access Protocol) - TCP/UDP 389



Global Catalog Service - TCP/UDP 3268



Volumetric Attacks - Consumes the bandwidth of target network or service.



Fragmentation Attacks - Overwhelms targets ability of re-assembling the fragmented packets

,TCP State-Exhaustion Attacks - Consumes the connection state tables present in the network
infrastructure components such as load-balancers, firewalls, and application servers



Application Layer Attacks - Consumes the application resources or services therby making it unavailable
to other legitimate users.



DoS/DDos Attack Vectors - Volumetric Attacks

Fragmentation Attacks

TCP State Exhaustion Attacks

Application Layer attacks



SYN flood attack - attacker sends multiple SYN packets but never completes the connection with an ACK

-disrupts TCP 3-way handshake

protection:

1) using SYN cookies

2) reduce amount of time a server will wait for an ACK- half-open sessions are flushed from the system's
memory faster



ICMP flood attack - a type of DoS attack in which perpetrators send a large number of ICMP packets
directly or through reflection networks to victims causing it to be overwhelmed and subsequently stop
responding to legitimate TCP/IP requests



Peer-to-Peer Attack - exploits flaws found in the network using the DC++ (Direct Connect), that is used
for sharing between instant message clients.



Phlasing - Permanent DoS, causes irreversible damage to system hardware. It sabotages the system
hardware. Attacker sends fraudulent hardware updates (firmware).



Application-level flood attacks - result in loss of services of a particular network, such as emails, network
resources, the temporary ceasing of applications and services. Attackers exploit weakenesses in
programming source code.

, Session Hijacking - An attack in which the attacker attempts to impersonate the user by using his or her
session token.



cross-site request forgery (XSRF) - An attack that exploits the trust a website has in a user's browser in
an attempt to transmit unauthorized commands to the website.



directory traversal attack - an attack that involves navigating to other directories an gaining access to
files and directories that would otherwise be restricted using ../ to access restricted directories outside
of the webserver root directory.



website defacement - A type of cybervandalism that occurs when a computer hacker intrudes on
another person's website by inserting or substituting codes that expose visitors to the site to misleading
or provocative information. Defacement can range from installing humorous graffiti to sabotaging or
corrupting the site.



HTTP Response Splitting Attack - Involves adding header response data into the input field so the server
can split the responses into two responses



Web Cache Poisoning - attack against the integrity of an intermediate Web cache repository, in which
genuine content cached for an arbitrary URL is replaced with spoofed content.



Injection Flaws - Web app vulnerabilities that allow untrusted data to be interpreted and executed as
part of a command or query



SQL Injection - An attacker issues a SQL command to a web server as part of the URL or as input to a
form on a company's website; web server might pass the command onto the database which then
allows potentially anything to be done to the database



command injection - injection (where the attacker injects commands into the form fields instead of the
expected test entry),



Walker, Matt. CEH Certified Ethical Hacker All-in-One Exam Guide, Third Edition (p. 235). McGraw-Hill
Education. Kindle Edition.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller oneclass. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $13.48. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75632 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$13.48
  • (0)
  Add to cart