Chapter 17 Common Types of Attacks

So let's talk about some other attacks.  

One is called VLAN hopping.  

So that's where the bad guy tries to redirect your packets to the wrong VLAN. 

How they do this is when your information is sent, it is sent with a tag in it as to where it should be going.  

The bad guy will put a second tag in it to redirect it to the wrong VLAN, so that is VLAN hopping.  

Another thing is called ARP spoofing.  

This is similar to DNS poisoning, but the ARP table keeps track of Mac addresses, not IP addresses.  

So it usually entails an ARP cache poisoning.  

Our cache poisoning is usually part of it, on-path or man-in-the-middle. 

SAC the ARP cache contains IP to Mac address mapping that the device has learned through the art process.  

One of the ways the cache can be poisoned is by pinging a device with a spoofed IP address, and this way an attacker can force the victim to insert an incorrect IP address to Mac address, mapping it into the ARP cache.  

So, they're trying to get into your ARP, but just like when you're sending stuff to spoofed IP, you'll be sending stuff to a spoofed Mac address to a spoof end user. 

And then a rogue DHCP: 

Dynamic Codes Configuration Protocol, that's protocol that issues out IP addresses in the network, so an illegitimate one. 

Will introduce the network to unsuspecting hosts. 

Will send out illegitimate DHCP information such as IP address, subnet mask and default gateway address. 

They can also issue an incorrect DNS server which will lead to the host relying on the attackers DNS server for IP addresses of websites like banks. 

They're trying to steal your information.  

This will lead to phishing attacks. 

So, then another one is called a Rogue Access Point. 

These are access points for Wi-Fi. 

One of two things, either bad guy sneaks in and stashes one, or an employee trying to gain access for Wi-Fi sets one up which should be really, really non-intelligent.  

It might be the correct way to say that. 

But basically, it's an access point that you don't know is on your network.  

Basically, it's like having a window open.  

The bad guys can just climb in. 

And the way you can handle that to mitigate it is to use wireless LAN controllers to manage your AP's because they will communicate using light access point protocols.  

So, there's some authentication there.  

So, you want to use Wireless LAN controllers on your AP system.  

To prevent somebody from just plugging one in and being able to access your network. 

Another one is called the evil twin. 

An evil twin is an AP that is not under control but is used to perform a hijacking attack. 

A hijacking attack is one in which the hacker connects one or more of your user computers to their network for the purpose of peer-to-peer attacks.  

The attack begins with an introduction of an access point that is under the hacker’s control.  

The AP will be set to use the same network SSID that your network uses, and it will be set to require no authentication, which creates an open network.  

Moreover, the AP will be set to use a different channel than the AP that's under your control.  

To understand how this attack works, you have to understand wireless stations.  

They will choose an access point with which to connect.  

It is done with the SID and not by channel. 

The hacker will jam the channel which your AP is transmitting. 

When a station gets disconnected from the AP, it scans the area for another AP with the same SID, and then the stations will find the hacker’s access point and will connect to it. 

So they put theirs in, they jam yours so it can't be found, and then the system looks for the next one and doesn’t. 

It finds yours and yours looks legit and then they steal data that way, and then ransomware.  

That's the cost of malware where they take over your system.  

Generally, they encrypt it.  

You don't have any way to unencrypt it, and you generally have to pay a fee to the bad guys to get your system back.  

This is very, very, very popular today. 

Schools, Governments, state governments, city governments, hospitals are all getting hit with ransomware, where their system gets taken from them, and they pay millions of dollars to get it back.