Version 4.1 - 4.1 Common Attacks Part 2
Man-in-the-Middle [MitM] attacks are commonly against cryptography. In cryptography, the point of encrypting and decrypting is to keep a message private (and ensure integrity in the case of digital signing). Inserting a malicious device between the two endpoints can completely circumvent this privacy without having to break the encryption or obtain the keys. It's basically an unauthorized proxy. Mutual authentication can sometimes thwart this - but not all encrypted communications are authenticated. Some of the suggested ways to prevent this are: DNSSEC, PKI (using trusted certificates) and Certificate pinning.
In addition to the MitM crypto attacks, this method [MitM] can also be used to eavesdrop on wireless communications. In that case, a rogue AP will attempt to broadcast the same BSSID as the valid AP (sometimes called an Evil Twin). The rogue AP can either just eavesdrop on any clients that associate to it or can send disassociation frames to clients on the valid AP (so they disassociate from the valid AP and re-associate to the rogue AP). As long as users access the Internet, normally they don't even notice (or know) that they are being monitored. And if your traffic is going through the attacker's AP, it can not only be monitored, but also modified. As long as you understand the concept of MitM, you will probably recognize its description in any question.
Replay attacks use valid data to repeat/replay later in a malicious manner. These always remind me of the déjà vu in the Matrix. "A déjà vu is usually a glitch in the Matrix. It happens when they change something." Basically, if a certain amount of data is valid the first time, if you capture it and replay it later (or in a different context), it might work. I say "might" because most systems now prevent or protect against replay.
Common countermeasures for replay attacks are session ids and timestamps. The session ids are so you can't replay this in a different context and timestamps are so that you can't replay this at a different time. This is yet another reason why ntp and time synchronization is so important. In practice, however, think of the speed at which computers now operate. If you can capture the traffic at the source and beat it to the destination, you may be able to hijack the connection. Not exactly something that the average user/hacker could do, but entirely possible.
Spoofing is a vague topic. You can spoof an address, you can spoof a host, you can spoof users. From looking at the study materials, I think they are pointing at spoofing addresses. Mainly, the countermeasure for this relates to filtering RFC 1918 addresses at the network edge (nobody from the Internet should be the source of a private address). DNSSEC will counter spoofing hosts. And strong passwords/PKI would prevent spoofing of users.
Backdoors are simply a way around authentication. There are a couple of types of backdoors. Some are planted/implemented by unauthorized/malicious users - such as through rootkits. Others are created by the software developers (intentionally or unintentionally). Now, why would someone do that? Well, we're looking at the software as a consumer - whereas the developer wants to have some way to get in to the "guts" of the program to debug/fix things during development of the program. [Microsoft used to do this a long time ago - now the backdoors are unintentional.] There are a LOT of backdoor programs/Trojans - so you might want to take a look at the Sans List of Backdoor Trojans and their ports. Note that the list was last updated in 2001. Keeping up with all these programs and their names is a bit daunting - and I doubt that they would ask about any of them. But if they did, it would be the most well-known. So take a look at the list - RAT (Remote Administration Tool), SubSeven, Trinoo, NetBus and Back Orifice are some that are well-known. [Don't forget the Clipper chip.] "Default passwords can function as backdoors if they are not changed by the user."
Bots and botnets are pretty interesting. Norton has a good page on bots and botnets. Not all bots are malicious - some are merely administrative. My first experience with a bot was on IRC (many, many years ago). The bot looked like a regular user, but welcomed everyone entering the channel. When someone asked for help, some helpful information was sent. [Things were actually useful then.] The bots referenced by the blueprint are the malicious type. Those bots reside on many computers and are usually dormant - until the person running the botnet gives a command (uses the botnet). The individual computers are referred to as "zombies" - yeah, like the movies. You should probably know what a C&C (command and control) server is and botnet's frequent integration with IRC. Mitigation is basically - keep your computer up-to-date, run a good antivirus program (with frequent/automated updates) and don't hang out on questionable sites or download/run questionable software.