Question 26- Rouge AP attack and how they work.

Evil Twin Scenario Attack:

Attacker use snooping on Internet Traffic using fake WiFi Access Point. Attacker can spoof both
BSSID and MAC address. This creates and Evil Twin of legitimate pretending Access Point.
Such attack are hard to detect because fake configured and setup access points can shut down
instantly. Attacker can create fake Access Point same with legitimate SSID. For mitigation of
Evil Twin attack it is important to pay attention to signal strength of Access Point, Placing
wireless sniffer across the network can also help to prevent Evil Twin Attack. Make a baseline
between strength of the sniffer and legitimate access point. In case of evil twin attack occurred
sniffer access point signal strength will deviate from baseline.

Kamra Attack –Sophisticated Rouge AP Attack

Rouge AP listen for probe requests from all nearby WIFI client and respond to all probe
requests, a rouge AP is setup by hackers to listen probe request and Rouge AP respond to all
probe requests instead of legitimate AP. This attack De-Authenticate to all legitimate access
points and force to clients to connect with Rouge Access Point. This attack is easy to detect,
wireless IDS can help to mitigate it.
Q. 27 Firmware Question
Attacker can download firmwar from online, after dumping firmware from camera and make
modifications in firmware and can again upload/reflash firmware to camera. This firmwar
modification can make possible through physical access or using wired or wireless connectivity.
Attacker can see hardcode credentials like API token, encryption keys and database credentials.
By making changes in code attackers can also make device proxy for to land network traffic on
backend network. Mitigation can possible through encrypted firmware, by checking hash of
firmware before boot. It is also recommended to prevent from hardcoded credentials, API tokens,
avoid to use crack able passwords, restrict kernel level privileges on firmware.
Q. NO 28 why fragmentation is designed as part of Internet.
Beside fragmentation Addressing is handled by the IP
Layer 2 network has different MTU, like Ethernet, ATM, Frame Relay, Cell Relay, and the
mostly used Ethernet. Ethernet packet size is 1500 bytes and wifi packet contains length of 2300
bytes. Largest packet size provide higher efficiency results. Router in path do not have capability
to reassemble fragmented packets. Destination host needs to store them and wait for all
fragments before passing datagram on to the higher layer.
When fragments received on destination host node, Destination node receives and store these
fragments for a set of time for reassembling and passing datagram to upper layer. These
fragments consumes memory resources at the destination host and attack can exploit this
scenario (e.g buffer overflow attack). IP fragment attacks include Tinny Fragment attacks,
Fragment Overlap Attacks.
Q.29

Application Layer (For Application Layer Security IDS, use of secure protocols instead of
normal protocols like HTTPs instead of HTTP, FTPS instead of FTP, ModSecuity WAF for
protecting online purchase system that will prevent from SQL Injection Attacks, Cross-Site
Scripting Attacks, and mitigation against other application layer vulnerabilities. IDS will also
help to mitigate application layer security threats, Intrusion Detection System (IDS) can
deployed as host based and network based, so deployment of NIDS and HIDS is recommended
to strengthen the security in layers. Manage file permissions, )
Transport Layer:
BCP38 (Best Current Practices) is recommended for mitigation of Transport Layer attacks.
Solution: only let packets exit your network that have legitimate source addresses
Network Layer ( for network security IDS, Firewalls, ACL configuration will help to prevent
from DDoS attacks and other security threat. Tunneling, IPSec,
Physical/Data Link Layer:

Encrypted Protocol medium – SSl , SSH, VPN, Use Cryptographically random ISNs irewalling,
ACLs Still does not prevent against Denial-of-Service attacks

For mitigation of ARP spoofing, static ARP table is recommended to configure, Dynamic
ARP Inspectin (DAI)

DHCP allocate IP address automatically to client on their arp request and provide ip
address for a specific lease time, any client who will request for IP address will be assigned
an IP address with any authentication mechanism, only MAC address can identify the
client and its is easily possible to change MAC addresses, so unauthorized users can send
requests to DHCP server and leased an IP address from DHCP server without any
authentication. For mitigation of unauthorized client IP address lease by DHCP layer 2
authentication mechanism 802.1x can be used and helps to prevent unauthorized client IP
lease efficiently.
Signature Based IDS

IDS – signature
Signature based IDS looks for specific predefined malevolent binary
instruction sequence (attack patterns ) that is known as signature and can be a
byte sequence in network traffic or some events, Signature based Intrusion
detection systems (IDS) required to update frequently, it attack signatures are
presents in IDS database, attack can be detect and mitigate and if attack
signatures are not updated and not attack signature is not available in IDS
attack signature database, attack cannot detect and block. Only already
known attack patterns can detect and mitigate with Signature Based intrusion
detection systems and new attack patterns are not blocked.
•Look for a known binary sequence, or events
•Issues:
•Signatures need to be updated
•Only known issues can be detected