Derek has stumbled upon a wireless network and wants to assess its security. However, he does not find enough traffic for a good capture. He intends to use AirSnort on the captured traffic to crack the WEP key and does not know the IP address range or the AP. How can he generate traffic on the network so that he can capture enough packets to crack the WEP key?
A. Use any ARP requests found in the capture
B. Derek can use a session replay on the packets captured
C. Derek can use KisMAC as it needs two USB devices to generate traffic
D. Use Ettercap to discover the gateway and ICMP ping flood tool to generate traffic
By forcing the network to answer to a lot of ICMP messages you can gather enough packets to crack the WEP key.
Why do you need to capture five to ten million packets in order to crack WEP with AirSnort?
A. All IVs are vulnerable to attack
B. Air Snort uses a cache of packets
C. Air Snort implements the FMS attack and only encrypted packets are counted
D. A majority of weak IVs transmitted by access points and wireless cards are not filtered by contemporary wireless manufacturers
Since the summer of 2001,WEP cracking has been a trivial but time consuming process. A few tools,AirSnort perhaps the most famous,that implement the Fluhrer-Mantin-Shamir (FMS) attack were released to the security community — who until then were aware of the problems with WEP but did not have practical penetration testing tools. Although simple to use,these tools require a very large number of packets to be gathered before being able to crack a WEP key. The AirSnort web site estimates the total number of packets at five to ten million,but the number actually required may be higher than you think.
Sally is a network admin for a small company. She was asked to install wireless accesspoints in the building. In looking at the specifications for the access-points, she sees that all of them offer WEP. Which of these are true about WEP?
Select the best answer.
A. Stands for Wireless Encryption Protocol
B. It makes a WLAN as secure as a LAN
C. Stands for Wired Equivalent Privacy
D. It offers end to end security
Explanations: WEP is intended to make a WLAN as secure as a LAN but because a WLAN is not constrained by wired,this makes access much easier. Also,WEP has flaws that make it less secure than was once thought.WEP does not offer end-to-end security. It only attempts to protect the wireless portion of the network.
Joe Hacker is going wardriving. He is going to use PrismStumbler and wants it to go to a GPS mapping software application. What is the recommended and well-known GPS mapping package that would interface with PrismStumbler?
Select the best answer.
D. Microsoft Mappoint
Explanations: GPSDrive is a Linux GPS mapping package. It recommended to be used to send PrismStumbler data to so that it can be mapped. GPSMap is a generic term and not a real software package. WinPcap is a packet capture library for Windows. It is used to capture packets and deliver them to other programs for analysis. As it is for Windows,it isn’t going to do what Joe Hacker is wanting to do. Microsoft Mappoint is a Windows application. PrismStumbler is a Linux application. Thus,these two are not going to work well together.
Virus Scrubbers and other malware detection program can only detect items that they are aware of. Which of the following tools would allow you to detect unauthorized changes or modifications of binary files on your system by unknown malware?
A. System integrity verification tools
B. Anti-Virus Software
C. A properly configured gateway
D. There is no way of finding out until a new updated signature file is released
Programs like Tripwire aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g.,daily) basis,Tripwire can notify system administrators of corrupted or tampered files,so damage control measures can be taken in a timely manner.
What are the main drawbacks for anti-virus software?
A. AV software is difficult to keep up to the current revisions.
B. AV software can detect viruses but can take no action.
C. AV software is signature driven so new exploits are not detected.
D. Itos relatively easy for an attacker to change the anatomy of an attack to bypass AV systems
E. AV software isnot available on all major operating systems platforms.
F. AV software is very machine (hardware) dependent.
Although there are functions like heuristic scanning and sandbox technology,the Antivirus program is still mainly depending of signature databases and can only find already known viruses.
What is the best means of prevention against viruses?
A. Assign read only permission to all files on your system.
B. Remove any external devices such as floppy and USB connectors.
C. Install a rootkit detection tool.
D. Install and update anti-virus scanner.
Although virus scanners only can find already known viruses this is still the best defense,together with users that are informed about risks with the internet.
Melissa is a virus that attacks Microsoft Windows platforms.
To which category does this virus belong?
B. Boot Sector infector
The Melissa macro virus propagates in the form of an email message containing an infected Word document as an attachment.
The Slammer Worm exploits a stack-based overflow that occurs in a DLL implementing the Resolution Service.
Which of the following Database Server was targeted by the slammer worm?
W32.Slammer is a memory resident worm that propagates via UDP Port 1434 and exploits a vulnerability in SQL Server 2000 systems and systems with MSDE 2000 that have not applied the patch released by Microsoft Security Bulletin MS02-039.
Which of the following is one of the key features found in a worm but not seen in a virus?
A. The payload is very small,usually below 800 bytes.
B. It is self replicating without need for user intervention.
C. It does not have the ability to propagate on its own.
D. All of them cannot be detected by virus scanners.
A worm is similar to a virus by its design,and is considered to be a sub-class of a virus. Worms spread from computer to computer,but unlike a virus,it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system,which allows it to travel unaided.