Version 4.1 - 4.1 Common Attacks Part 3
There are many wireless attacks. I found a really good article that lists Wireless Attacks. I really like the way it groups them into :
Access control attacks
Confidentiality attacks
Integrity attacks
Authentication attacks
Availability attacks
Note that this list comes from 2009 - so it is a bit dated now. But the groupings are very good. Any newer attacks would fall into one or more of the same areas. The thing I like about this list is that it not only gives you the attacks, but also the tools that are used to implement the attack. Know tools like NetStumbler, Ettercap, AirSnort, John the Ripper and L0phtCrack. If you know what these tools are and how they are used, you should be good with any wireless attack questions. I doubt they would go into the symbols for WarChalking - but if you know wireless attacks to that point, move on.
DoS and DDoS attacks are simply ways to deny legitimate users access to resources. The difference between the two is that DDoS is distributed. You should be familiar with these attacks - most of them are pretty well-known. RUDY, SYN flood and Teardrop attacks should be understood (what they are and how they work). The one I find most irritating/amusing is Slowloris.
The reason I consider this so irritating is that from just about every angle - this looks like just legitimate use of a connection. It's just working a lot slower than normal. Think about how you would troubleshoot this - especially if it is in distributed form. Everything from the server end would look fine - it's just the clients that are slowly sending information (which normally send faster requests). Most other DoS attacks are more obvious and overwhelm resources.
The mitigation for DoS and DDoS attacks center on IDS/IPS (Slowloris especially) or on filtering by the upstream provider. Web servers can limit the number of connections by a single IP address. And don't forget the way tcp intercept works to prevent SYN flood attacks. Another thing to keep in mind is that there are also unintentional DoS situations. The "Slashdot effect" or the "Reddit hug of death" can help you remember that part.
Virus and worm outbreaks are massive topics. I doubt they would want you to know all of them individually. I think the most important points about this topic can be found at the Cisco page on Viruses, Worms, Trojans and Bots. Note that a virus needs somebody to do something (click or open something) to kick off. A worm just replicates itself without need of intervention. It should go without saying that everyone should use a good anti-virus program with current signatures. Additional mitigation centers around limiting the extent of damage or "reach" that any outbreak would have at its disposal.
The information on "header attacks" is not very clear. Most of this is because header attacks is a general class of attacks. Most of it centers on header injection and cross site scripting. If you've gone through the OWASP section in 3.15, you should probably already know this material.
Tunneling attacks focus on malicious (or unwanted) content being tunneled through a protocol that is either considered "safe" or is not inspected. You can tunnel things through ICMP, HTTP or SSL (or other protocols). If you've been in networking for a while, you've seen a lot of this. You "ban" a certain type of traffic - only to find that your users are using it anyway - just tunneled in another "allowed" protocol. Doh! Most of the mitigation centers around "deep packet inspection" of traffic.
And with that, I'm going to end the 4.1 section. Keep in mind that all of the 4.x topics are only 10% of the exam. I would expect no more than 3 questions on the 11 subtopics of 4.1. Keep that in mind while you study - since there are a lot of rabbit holes to go down in this section.