A
Accelerated SYN Defender
reference link 311
Access and Mobility Management Function (AMF) 143
access control list (ACL) table 196
Access Control Lists (ACLs) 60, 65, 311, 466
Access Gateway (aGW) 143
access layer 7
Access Point Name (APN) 142
active attacks 167
DoS attacks 168
MITM attack 167
modification attack 168
Acunetix 434
download link 434
Adaptive Security Appliance (ASA) 151
Address Resolution Protocol (ARP) 49, 59, 240, 273, 289, 382
Advanced Digital Broadcast SA 269
Advanced Encryption Standard (AES) 80, 83
working 84
advanced packet dissection
agent-based tools 126
AH transport mode 102
AH tunnel mode 102
aireplay-ng 333
airmon-ng 333
airodump-ng 333
URL 119
Apache Tribes Heartbeat (ATH) protocol 274
application awareness 110
ARP and ICMP scans 279
ARP poisoning 167, 186, 244-246, 515, 516
defending 188
example 187
generating 188
ARP poisoning/spoofing 60
artificial intelligence (AI) 110
asymmetric encryption 80
protocols 84
attacks
from internet 30
on firewalls 30
on local area networks (LANs) 31
on network routers 32
on routing protocols 32
on servers 31
on wireless networks 32
types 27
attacks, on DNS resources
DNS flooding 412
attacks, on ports and services 205
defending 206
vulnerabilities, testing 205
attacks, on system resources 218
alerts, configuring for avoiding memory leaks 218
CPU-based attacks 219
memory-based attacks 218
memory leaks 218
authentication 89
Challenge Handshake Authentication Protocol (CHAP) 90
encrypted username/password authentication 91
mechanisms 89
username/password 90
username/password, with IP address identification authentication 90
Authentication, Authorization, Accounting (AAA) framework 386
authentication trap, in Juniper
reference link 260
authoritative nameserver 400
Autonomous System (AS) 63, 364
availability 78
B
bandwidth 16
baseline
establishing 270
basic fuzzing
on Linux 152
on Windows 152
basic network scanners 118
Angry IP Scanner 119
Basic Service Set (BSS) 335
Basic Service Set Identifier (BSSID) 335
beacon attacks 358
beacon frames 340
black box testing 140
block cipher 80
Border Gateway Multicast Protocol (BGMP) 147
Border Gateway Protocol (BGP) 30, 259, 364, 389
BGP routing 390
BGP tables 390
configuration, in packet tracer 391
distance vector calculation 389
distance vector calculation (loop horizon) 390
messages, types 390
mitigation 394
neighbor tables 390
operation 389
traffic hijacking 392
Border Gateway Protocol (BGP4) 63
botnets 412
Bridge Protocol Data Unit (BPDU) flooding 54, 55, 184
Broadcast 46
Broadcast domain 49
broadcast frame 48
brute-force attacks 282, 283, 407, 408, 480, 481
brute-force attacks, against HTTP/HTTPS passwords 204
defending 205
performing 204
brute-force attacks, against SNMP passwords 201
defending 203
vulnerabilities, testing 202, 203
brute-force attacks, for password discovery 199
vulnerabilities, testing 199
brute-force fuzzing 155
buffer 447
buffer overflow 447
example 447
Burp 129
download link 434
reference link, for features 438
vulnerability scanning, demonstrating 436-438
Business Support Systems (BSSes) 25
C
Cacti
URL 202
Cain and Abel 344
campus network
structure 7
captive portals 341
central processing unit (CPU) 194, 257
certificate authority (CA) 87
certificates
Certificate, Server Key Exchange, Server Hello Done 107
Certificate Signing Request (CSR) 88
Certification Authorities (CAs) 433
Challenge Handshake Authentication Protocol (CHAP) 90
channel 330
channel bonding 330
CheckPoint firewall 45
Cisco
reference link 200
Cisco Discovery Protocol (CDP) 49
Cisco Discovery Protocol (CDP)/Link Layer Discovery Protocol (LLDP) attacks 290, 294
protecting against 297
cleartext 78
Client Hello packet 105
Client Key Exchange 108
client-server TLS handshake 434
cloud computing services
Infrastructure as a Service (IaaS) 26
Platform as a Service (PaaS) 26
Software as a Service (SaaS) 26
Colasoft Packet Builder 181, 185, 293
Colasoft Packet Generator 183
collision-free hash 96
Command and Control Center (C2C) 454
Command-line Interface (CLI) 20
Common Internet File System (CIFS) 466
Common Language Runtime (CLR) 485
common protocols, enterprise network
Internet access protocols 270
network protocols 270
organizational applications 270
common vulnerabilities
layer 2-based vulnerabilities 149
layer 3-based vulnerabilities 150
layer 4-based vulnerabilities 150
layer 5-based vulnerabilities 150
layer 6-based vulnerabilities 151
layer 7-based vulnerabilities 151
communication protocol fuzzing
Linux tools 156
Windows tools 156
confidentiality 78
confidentiality, integrity, and availability (CIA) triad 78
Connectionless Network (Address) Protocol (CLNP) 371
Authority Format Identifier (AFI) 371
Network Service Access Point Address (NSAP) 371
Content Addressable Memory (CAM) 292
Content Addressable Memory (CAM) table 196, 381
overflow 290
Context Addressable Memory (CAM) 48
control frames 331
control plane attacks 213
actions, influencing device resources 214
ARP requests 215
encryption 215
fragmentation 216
IP options 215
routing processes 215
cookies 448
cookie tampering 450
core switches 7
corporate network
compromising, via open authentication networks 343-345
Count to Infinity problem 380
solutions 380
CPU-based attacks
defending 219
Cross-Site Scripting (XSS) attacks 111, 443
Crunch 155
crunch tool
reference link 350
cyphertext 78
D
Damn Vulnerable Web Application (DVWA) 435
URL 435
Data, Assets, Applications, and Services (DAAS) 18
database network protocols
countermeasures 485
SQLNet 476
Tabular Data Stream (TDS) 475, 476
databases (DBs) 472
roles 474
types 472
data center switches 7
data encryption
in asymmetric cryptography 84, 85
Data Encryption Standard (DES) 80, 81
working 82
data flow 4
data frames 331
data network 38
protocols 38
data packet analysis 230
defending 217
eavesdropping 385
heavy traffic, protecting against through interface 217
storm control, configuring 217
threshold, configuring 217
delay 16
Demilitarized Zone (DMZ) 141
Denial-of-Service (DoS) 151, 246, 377, 388
Department of Defense (DoD) 38
DHCP starvation 188
defending 189
generating 189
Diffie - Hellman (DH) Group 101
Digital Signature Algorithm (DSA) 86
dig utility 403
Dissector 237
Distance Vector Routing (DVR)
issues, handling 380
Distributed Denial of Service (DDoS) attacks 20, 28, 59, 168, 246, 270, 376-388
distribution layer 7
DNS attack discovery 402
DNS attacks 111
DNS cache poisoning 414
DNS cache snooping 407
DNS components
dnsemum utility 405
DNS enumeration 403
banner grabbing 404
name records, identifying 403
nameserver records and corresponding subdomains, identifying 404, 405
DNS flooding attack 412
DNS footprinting 403
DNS protection 420
DNS protocol 398
authoritative nameserver 401
DNS resolver 401
example 398
root nameserver 401
structure 400
top-level domain nameserver 401
using, to bypass network controls 417, 418
dnsrecon utility 405
DNS record 398
DNS recursive search 402
DNS resolver 399
DNSSEC 406
DNS tunneling 420
DNS zones 398
Document Object Model (DOM) XSS 445, 446
domain 400
Domain Admin (DA) hashes 484
domain enumeration scan 478, 479
Domain Name Service (DNS) 39
Domain Name System (DNS) 224, 263, 272
domain spoofing 414
DOS 516
dsniff package 183
Dual IS-IS 370
Dynamic ARP Inspection (DAI) 188
Dynamic Host Configuration Protocol (DHCP) 164, 289
Dynamic NAT 68
Dynamic Trunking Protocol (DTP) 300
E
EAP
architecture 94
authentication procedure example 95
protocols 93
EAP-AKA 93
EAP Authenticator 94
EAP Peer 94
EAP Server 94
EAP-SIM 93
EAP-TLS 93
EAP-TTLS 93
El Elliptic Curve Cryptography (ECC) 86
Element Managers (EMs) 25
El Gamal 86
email 451
email protocols
combining 452
Internet Message Access Protocol (IMAP(4)) 452
Post Office Protocol (POP(3)) 452
Simple Mail Transfer Protocol (SMTP) 452
email services, protecting from attackers
countermeasures 457
input/output (I/O) graph 284
Encapsulating Security Payload (ESP) 102, 103
encapsulation 73
encryption 78
services 79
end-to-end call setup, SIP 492
Enhanced IGRP (EIGRP) 63
eNodeb 143
enterprise network 5
common protocols 270
enterprise networks testing
performing 141
enumeration, IP telephony penetration testing 500
IP telephony SIP servers, identifying 500, 501
NMAP scripts, running 504
potential targets, identifying 502
running vulnerable services, identifying 502, 503
ESP transport mode 103
ESP tunnel mode 103
Ethercap 168
Ethernet 39
Ettercap 344
exploit 132
exploitation tools 131
Metasploit Framework (MSF) 131
Extended Service Set (ESS) 335
Extensible Authentication Protocol (EAP) 93, 352
Extensible Authentication Protocol Transport-Layer Security (EAP-TLS) 352
Extensible Authentication Protocol Tunneled TLS (EAP-TTLS) 353
Exterior BGP (eBGP) 63
Exterior Gateway Protocol (EGP) 364
routing protocol 365
Exterior Routing Gateway (EGP) protocols 63
F
fake MAC addresses
multiple MAC address 294
falsification attacks 373
performing 373
Feistel algorithm 82
fierce utility 404
Firepower Threat Defense (FTD) 151
firewalls
Flexible Authentication via Secure Tunneling EAP (EAP-FAST) 93
flooding 177
examples 177
flood protection, Paloalto networks
reference link 311
forwarding information base (FIB) table 196
fragmentation 58
fragmentation attacks
performing 305
Frame 42
frame control
control frames 331
data frames 331
management frames 331
Free Network Analyzer 225
download link 225
FreeRADIUS
URL 200
frequency bands 329
functional structure, communications devices
control plane 194
data plane 194
forwarding plane 194
management plane 194
fuzzing 140
enterprise networks testing 141
provider networks testing 142, 143
fuzzing network protocols
brute-force or mutation-based fuzzing 155
smart protocol fuzzing 155
fuzzing phases 144
fuzzing data, executing 147
fuzzing data, generating 147
possible inputs, defining 144, 145
results, executing 147
results, viewing 147
target identification 144
fuzzing tools 151
basic fuzzing 152
fuzzing network protocols 155
usernames and passwords, breaking 153
G
Generic Routing Encapsulation (GRE) tunnel header 98
gNodeB 143
Google QUIC (GQUIC) 148
gray box testing 140
guest networks 341
H
handshake protocol 104
hashes
applications 96
hash function 95
HeidiSQL utility 481
hidden SSIDs
HMAC-based OTP (HOTP) 91
HMAC-SHA-1 92
HMAC-SHA-256 92
HMAC-SHA-512 92
honeypot attacks 354
Hot Standby Routing Protocol (HSRP) 32, 65-67
HTTP/1.1 429
HTTP/2 429
reference link 430
HTTP body 426
HTTP client-server architecture 425
browser 425
client 425
web server 425
HTTP data analysis 232
with TCPdump 232
HTTP data packet analysis 231
HTTP header 426
DELETE 429
GET 428
OPTIONS 429
POST 428
PUT 429
reference link 429
HTTP request formation 426, 428
HTTP response codes 428
client hello message 433
client key exchange 433
server hello message 433
HTTP status codes
reference link 428
HTTP version 426
HTTP versions 429
HyperText Transfer Protocol (HTTP) 224, 266, 424
reference link, for history and developments 424
weakness, demonstrating with Wireshark 430
Hypervisor 24
I
IEEE 802.3 45
IEEE 802.11 328
IEEE (Institute of Electrical and Electronics Engineering) 328
IGMP Snooping 48
IGP standard protocols 364
CLNP address 371
Dual IS-IS 370
IS-IS levels 371
IS-IS protocol behavior 369, 370
OSPF protocol behavior 367-369
RIP protocol behavior 365
IKEv2 101
infinity value 380
Infrastructure as a Service (IaaS) 26
initial indicators, packet capture
scanning patterns 270
unknown addresses 270
unknown protocols 270
input vectors 144
integrity 78
Interior BGP (iBGP) 63
Interior Gateway Protocol (IGP) 363
examples 364
routing protocol 365
Interior Gateway Routing Protocol (IGRP) 63
Interior Routing Gateway (IGP) protocols 63
Intermediate System-Intermediate System (IS-IS) 369
characteristics 370
Level-1 (L1) 371
Level-2 (L2) 371
Intermediate System to Intermediate System (ISIS) 63
International Standards Organization (ISO) 38
Internet Control Message Protocol (ICMP) 57, 388
Internet Control Message Protocol (ICMP) DDoS 177
Internet Group Management Protocol (IGMP) 48, 273
Internet Header Length (IHL) 57
Internet Key Exchange (IKE) 100
Internet Message Access Protocol (IMAP(4)) 452
Internet Protocol (IP) 40, 289, 363
Internet Protocol version 4 (IPv4) 56
packet fragmentation 58
packet structure 57
Internet Security Association and Key Management Protocol (ISAKMP) 100, 101, 147
Internet Service Providers (ISPs) 18, 63
interprocess communications 41
Intrusion Detection and Prevention Systems (IDPSes) 17, 110
INVITE flooding attack 516
inviteflood tool 516
INVITE message packet 495, 496
iperf 383
iPerf/jPerf client-server application 181
IPFIX 260
IP fragmentation 305
IP phone registration process 493, 494
IPSec 97
anti-replay 97
authentication 97
client to client 100
client to site 99
confidentiality 97
data transfer 100
IKE Phase 1 100
IKE Phase 2 100
integrity 97
modes, of operation 101
services 97
site to site 99
transport mode 102
tunnel establishment 100
tunnel mode 101
IPSec authentication header (AH) protocol 102
IP spoofing 59
IP telephony
best practices 518
operations 490
protocols 490
security 518
IP telephony device
securing 518
IP telephony network
securing 518
IP telephony penetration testing 505, 506
methodology 499
SIP Penetration Testing 500
IP telephony SIP servers
IP version 6 (IPv6) protocols
Dynamic Host Configuration Protocol (DHCP) 272
Multicast DNS (MDNS) 272
Simple Service Discovery Protocol (SSDP) 272
J
JFlow 260
Johnny 154
John the Ripper
reference link 154
Juniper Networks
reference link 200
K
Kali Linux 434
download link 434
main window 116
KARMA attack 357
reference link 357
L
data flow, with redundancy 12, 13
L2 and L3 topologies
L2-based attacks 182
MAC flooding 182
L3-based attacks 186
DHCP starvation 188
layer 2 attacks 290
on switching discovery mechanisms 290
layer 4 protocols
Legion 130
Lightweight Directory Access Protocol (LDAP) 471
Lightweight EAP (LEAP) 93
link aggregation (LAG) 7
link flooding attacks 20
Link Layer Discovery Protocol (LLDP) 49
Link-Local Multicast Name Resolution (LLMNR) 272
Link-type Negotiation Protocol (LNP) 300
Linux
Scapy, installing on 321
Linux PacketSender 177
Linux Scapy 177
LLDP devices
LLDP frame
Local Area Network (LAN) 141, 261, 289, 463
local instance enumeration scan 478
Local Security Authority Subsystem Service (LSASS) service 470
loud MANA attack 357
LUA
advanced packet dissection 238, 239
M
MAC flooding attack 182
defending 184
MAC limiting feature, Juniper Networks
reference link 294
macof 382
Mail Exchange (MX) servers 452
malformed packets 304
sending 322
malicious XSS script 446
MANA attack 357
ManageEngine
URL 202
Management and Orchestration (MANO) 25
Management Frame Protection (MFP) 359
management frames
subtypes 331
management information base (MIB) configuration 259
management plane attacks
brute-force attacks, against HTTP/HTTPS passwords 204
brute-force attacks, against SNMP passwords 201
brute-force attacks for password discovery 198, 199
on management of device 198
on ports and services 205
TCP-SYN attack 206
Man-in-the-Middle (MITM) attacks 55, 167, 224, 321, 476, 515
mechanisms, firewall forward packets
anti-malware 197
anti-spam 197
anti-virus 197
content filtering 197
intrusion detection and prevention (IDP) 197
packet filtering 197
sandboxes 197
stateful inspection 197
voice over IP (VoIP) gateways 197
web application firewalls (WAFs) 197
Media Access Control (MAC) address 41, 261, 289
media layer
securing 519
medium-size enterprise network 274
local security authority 277
session information, checking 278
session information, obtaining 278
SIP server, identifying 276
SIP session 275
TCP traffic 277
TCP traffic types 276
UDP statistics 274
memory-based attacks 218
alerts, configuring 218
causes, defending 219
message authentication
uses 95
message authentication code (MAC) 95
Message Digest 5 (MD5) 97
SIP server enumeration module 501
Metasploit Framework (MSF) 131
Microsoft network protocols 462
countermeasures 485
Lightweight Directory Access Protocol (LDAP) 471
Network Basic Input Output System (NetBIOS) 462, 463
Server Message Block (SMB) 465-467
misclaiming attack 374
misconfiguration audit 479
mitm_relay tool 470
MLD Snooping 48
modification attack 168
monitor mode 333
Multicast 46
multicast frame 48
Multicast Listener Discovery (MLD) 48
Multiple STP (MST/MSTP) 55
mutation-based fuzzing 155
Mutillidae 435
download link 435
reference link 441
N
National Institute of Standards and Technology (NIST) 78, 83, 97, 164
National Security Agency (NSA) 420
nbtstat utility 464
ncrack 155
Nessus vulnerability scan 504, 505
NetBIOS suffix 464
reference link 464
Netcat 152
Netconf 22
NetFlow 260
NetScanTools 246
download link 246
running, to analyze Google packet generations 248-250
Netsparker 435
Network Access Control (NAC) 224, 279, 316
Network Address Translation (NAT) 60, 109, 269
network analysis tools 118, 125
network analyzers 224
Cain and Abel 225
CloudShark 225
Ettercap 225
Free Network Analyzer 225
Network Miner 225
Packet Monitor (Pktmon) 225
network architecture 4
network-based attack
information gathering, from network 165
information, stealing from network 165
planning 164
users, preventing from using IT resources 166
network-based DoS/DDoS attacks 176
flooding and DoS/DDoS attacks, defending 182
flooding and DoS/DDoS attacks, generating 181
flooding, through scanning attacks 177, 178
protocol attacks 176
random traffic generation flooding 179-181
volumetric attacks 176
Network Basic Input Output System (NetBIOS) 266, 462, 463
Datagram Distribution (NetBIOS-DGM) 463
Name Service (NetBIOS-NS) 463
Session Service (NetBIOS-SSN) 463
network breaches, in Ethernet and LAN switching
CAM table overflow 49
CDP/LLDP attacks 49
fake MAC address 48
network flooding 48
network devices structure and components 194
functional structure 194
physical structure 195
Network Elements (NEs) 38
network forensics tools 136
network function virtualization (NFV) 23-25
Network Interface Card (NIC) 41
network jamming 354
deauthentication attack 355
DOS/DDOS wireless network attacks 354
network layer 224
network management tools 118
Network Mapper (NMAP) 144
network packets 229
network perimeter 17
architecture 18
Demilitarized Zone (DMZ) 18
external zone 18
internal zone 18
Network Service Provider (NSP) 21
network traffic monitoring methods 256
IPFIX 260
NetFlow 260
SNMP 256
Wireshark 263
using 130
Nishang 479
NetBIOS information gathering 465
options 123
port scan 127
scripts, running 504
start window 120
URL 119
nonce 106
non-persistent cookies 448
non-standard IPv6 addresses 180, 181
northbound interface 22
NPING 246
download link 246
nslookup 403
NTP 388
O
Off The Shelf (OTS) hardware 23
one-time passwords (OTPs) 91
one-way hash 96
open authentication wireless networks 341
corporate network, compromising 343-345
OpenFlow 22
Open Shortest Path First (OSPF) 57, 63, 141, 259
Open Source Interconnection (OSI) layer-3 224
open source tools 116
Open Systems Interconnection-Reference Model (OSI-RM) 195
Operations Support Systems (OSSes) 25
Optical Transport Network (OTN) 39
organizational networks
medium-size enterprise network 274-278
small business/home network 271-273
OSI reference model 148
layer 1, physical layer 148
layer 2, data link layer 148
layer 3, network layer 148
layer 4, transport layer 148
layer 5, session layer 149
layer 6, presentation layer 149
layer 7, application layer 149
OSI-RM 38
applications layer 40
architecture 38
datalink layer 39
network layer 40
physical layer 39
presentation layer 40
session layer 40
transport layer 40
OSPF protocol 367
advantages 367
behavior 367
Ostinato 247
download link 247
OWASP categories
reference link 438
download link 435
P
packet 230
data flow, at network level 230
example 44
structure 41
Packet 42
packet analysis 224
usage aspects 224
packet analysis tools 224
packet capture 270
initial indicators 270
Packet Data Network (PDN) Gateway (pGW) 143
packet dissection 237
packet generation 246
packETH 185
packet injection 337
performing, with Scapy module 337-339
packet loss 16
Packet Monitor (Pktmon) 225
download link 225
packet replaying 246
Paessler Router Traffic Grapher (PRTG) 318
URL 202
Pair-Wise Master Key (PMK) 346
Pair-Wise Transient Key (PTK) 347
passive attacks 169
Password Authentication Protocol (PAP) 90
password dictionary 153
payload 132
PBKDF2 function 346
peer 95
perimeter firewalls 110
persistent-based cookies 448
Person-in-the-Middle (PITM) attacks 356
phishing 455
physical structure, communications devices 195
firewall architecture 197
LAN switch architecture 195
security device architecture 197
ping of death 304
ping scans
for network discovery 302, 303
purposes 302
ping worm 177
results 178
plaintext 78
planes 376
control plane 376
data plane 376
management plane 377
Platform as a Service (PaaS) 26
PMK caching 350
PMKID attack 350
PMK Security Association (PMKSA) 350
Point-To-Point Protocol (PPP) 90
Port Address Translation (PAT) 68
port redundancy 7
port security feature, Cisco switches
reference link 294
Port Translation 68
Post Office Protocol (POP) 270
Post Office Protocol (POP(3)) 452
PowerUPSQL module 472
Preamble (PA) 45
Preferred Name List (PNL) 357
Pre-Shared Key (PSK) 346
Pretty Good Privacy (PGP) 80
private DNS 402
Protected Extensible Authentication Protocol (PEAP) 93, 352
Protocol Data Unit (PDU) 42, 261
protocol discovery tools 118, 127
NMAP 127
Protocol Hierarchy tool 266
packets 267
STUN 269
suspicious protocols, identifying 266
provider networks testing
proxy servers, functions
authentication 426
caching 426
filtering 426
load balancing 426
logging 426
public DNS 402
public key cryptography 84
public key infrastructure (PKI) 87
authentication 87
confidentiality 87
integrity 87
Pyshark 136
for deep network analysis 233-237
installing 233
Python
for deep network analysis 233-237
Q
Quality of Service (QoS) 20
quality of service (QoS) table 196
Qualys Guard 435
Quick UDP Internet Connections (QUIC) 68, 72, 148, 266
R
RC5 81
RC6 81
Real-Time Transport Protocol (RTP) 496
reference link 497
reconnaissance and information gathering 169
network broadcasts, listening 169-174
single device/port-mirror, listening on 175, 176
record protocol 104
recursive DNS search 399
reflection attack 377
probing phase 377
triggering phase 377
Remote Authentication Dial In User Service (RADIUS) 94, 110, 199
Remote Code Execution (RCE) 441
Remote Procedure Call (RPC) 149
Request for Comments (RFC) 260
responder utility 456
RESTful 22
Retransmission Timer Timeout (RTO) 72
RFC1321 97
RFC1334 90
RFC 2138 110
RFC2284 93
RFC 2401 97
RFC2407 101
RFC 2408 101
RFC 2409 101
RFC3748 93
RFC4186 93
RFC4187 93
RFC4226 91
RFC 4301 97
RFC 4306 101
RFC5216 93
RFC5281 93
RFC5448 93
RFC6238 92
RFC7458 93
RFMon (Radio Frequency Monitor) 333
Rijndael algorithm 83
risks 27
Rivest-Shamir-Adleman (RSA) 80, 86
root nameserver 400
reference link 401
router falsification 373
routers
configuring 386
lockout feature, setting 387, 388
routing
issues 60
Routing Engine (RE) 150
Routing Information Protocol (RIP) 63, 365
behavior 365
configuration, analyzing 366
working 365
routing poison 380
routing protocols
Exterior Routing Gateway (EGP) 63
Interior Routing Gateway (IGP) 63
routing table poisoning 381
definition 378
entries 378
information 378
in router 379
routing vulnerabilities
for attacks, on routing tables 68
for DoS/DDoS 68
router resources, attacking 68
S
sandboxes 110
scanning patterns 279
ARP and ICMP scans 279
TCP scans 280
Scapy 185
installing, on Linux 321
installing, on Windows 321
packets, sending 322
sequence numbers, collecting 323, 324
TCP port scanning 323
using, for packet injection 337-339
SDN controller 23
SDN domain 23
Secured Shell (SSH) 382
Secured Socket Layer (SSL) 103
Secure File Transfer Protocol (S-FTP) 109
Secure Hash Algorithm 1 (SHA1) 97
Secure Real-Time Transport Protocol (SRTP) 109, 497
Secure Shell (SSH) 109, 141, 260
Secure SIP (SIPS) 109
Secure Socket Layer (SSL) 430
Secure Socket Layer/Transport Layer Security (SSL/TLS) 87
secure wireless architecture
implementing 358
security best practices, routers
AAA framework 386
centralized monitoring and security operations 387
NetFlow 387
password management 387
secure management plane configuration 387
security breaches, on SDN network 23
Security Operations Centers (SOCs) 416
seed 91
Segment 42
SendIGMP 247
download link 247
Server Hello Done 107
Server Key Exchange 107
Server Message Block (SMB) 266, 465, 466
dialects 466
Service Principal Names (SPNs) 478
service provider network 5
Service Set Identifier (SSID) 335
Serving Gateway (sGW) 143
session-based cookies 448
session hijacking 448
via XSS 449
Session Initiation Protocol (SIP) 39, 91, 149, 274
Session Management Function (SMF) 143
Session Traversal Utilities for NAT (STUN) 267-269
SFlow 260
signaling layer
securing 519
signaling protocols
reference link 491
Simple Mail Transfer Protocol (SMTP) 149, 452
Simple Network Management Protocol (SNMP) 141, 194, 256, 274, 382
SNMP manager 257
SNMP polling 257
SNMP traps 257
SIP 491
end-to-end call setup 492
response codes 492
sipcrack tool 513
sipdump tool 512
SIP methods
ACK 492
BYE 492
INVITE 492
OPTIONS 492
reference link 492
REGISTER 492
SUBSCRIBE 492
sipvicious 514
Skinny Client Control Protocol (SCCP) 344
small business/home network 271
IP version 6 (IPv6) 272
TCP statistics 273
traffic 272
UDP statistics 273
smart protocol fuzzing 155
SMB authentication 466
SMB client-server architecture 466
smb_relay tool 470
sniffing wireless networks 333
SNMP testing tools
for Linux 203
for Windows 202
SNMP tools 126
authentication failures 260
communication events 259
configuration change 259
environmental changes 259
reference link 260
routing events 259
traffic alerts 260
SNMPv3
reference link 203
SNMP vulnerabilities
testing 202
softphone 498
Software as a Service (SaaS) 26
software-defined networking (SDN) 21
example 22
Software-Defined - Wide Area Network (SD-WAN) 22
southbound interface 22
Spanning Tree Protocol (STP) 31, 52, 53
SPDY 429
Spike tool 156
example 157
split horizon 380
SQL DB 476
misconfiguration audit 479
SQL server exploitation 479
SQL servers enumeration, in domain 477
login page, compromising via 439, 440
reference link 441
SQLmap 435
URL 435
SQLNet 476
SQLNet.ora 476
SQL scanner 479
SQL server exploitation 479
SQL servers enumeration
domain enumeration scan 478, 479
in domain 477
local instance enumeration scan 478
TCP/UDP port scan 477
stages 132
stateful inspection 110
STAtion (STA) MAC 335
STP/RSTP attack
BPDU flooding 184
generating 185
root role attack 184
Topology Change Notification (TCN) attack 184
stream cipher 80
Stream Control Transport Protocol (SCTP) 68
stress testing tools 133
Windows tools 134
STUNT BANANA 514
supplicant 94
suspicious patterns 279
scanning patterns 279
switch port
access mode 299
automatic mode 299
trunk mode 299
Switch-Port Analyzer (SPAN) 165
switch spoofing attacks 52
symmetric encryption 80
Advanced Encryption Standard (AES) 83, 84
Data Encryption Standard (DES) 81, 82
protocols 81
Triple-DES 83
Synchronous Digital Hierarchy (SDH) 39
Synchronous Optical Network (SONet) 39
SYN Cookie Protection, Juniper networks
reference link 311
SYN flooding attacks 306
System Logging Protocol (Syslog) 198
T
Tabular Data Stream (TDS) 475, 476
TACACS+ 199
Tactics, Techniques, and Procedures (TTP) 434
TCN attack 55
TCP connection termination
with FIN 312
download link 225
HTTP data analysis 232
TCPdump for Linux 136
TCP flag combination attacks 316
TCP/IP 38
architecture 38
TCP ports 147
TCP port scanning
with Scapy 323
TCP protocols
HTTP 272
POP 272
TLS 272
TCP RST and FIN attacks
protecting against 315
TCP-RST flag 313
TCP scans 280
TCP sequence attacks 321
TCP SYN attacks 206
vulnerabilities, testing 207-212
TCP traffic, medium-size enterprise network
DCE/RPC 276
HTTP traffic flow 276
Kerberos 277
LDAP 277
Line Printer Daemon (LPD) protocol 277
Tabular Data Stream (TDS) 277
TLS 277
TCP/UDP port scan 477
teardrop attacks 305
Temporal Key Integrity Protocol (TKIP) 346
TestSSL 435
download link 435
theHarvester 129
time-based one-time password (TOTP) 92
Time to Live (TTL) 57
TLSv1 104
TLSv1.1 104
TLSv1.2 104
TLSv1.3 104
top-level domain nameserver 400
Topology Change Notification (TCN) 54, 184
traffic generation
Transmission Control Protocol (TCP) 260, 289
Transport Control Protocol (TCP) 22, 68, 69, 141, 289
congestion control 70
flow control 70
full-duplex data transfer 70
reliability 70
Transport Layer Security (TLS) 22, 103, 266, 430
authentication 104
confidentiality 104
integrity 104
Trixbox 498
truncate function 92
trusted zone 18
TShark for Windows 136
TTP hacking tools
Acunetix 434
Burp Suite 434
Damn Vulnerable Web Application (DVWA) 435
Kali Linux 434
Mutillidae 435
Netsparker 435
Nikto 435
OWASP ZAP 435
Qualys Guard 435
SQLmap 435
TestSSL 435
Type 1 Hypervisor 24
Type 2 Hypervisor 24
Type field 331
Type, Length, and Value (TLV) 297, 298
U
UDP flooding attacks 305
UDP protocols
Encapsulation Security Payload (ESP) 272
ISAKMP 272
NetBIOS Name Service 272
QUIC 272
Unicast 46
unicast frame 48
unknown destination frame 48
User Datagram Protocol (UDP) 68, 69, 141, 260, 289
usernames and passwords, breaking
in Linux 155
in Windows 154
User Plane Function (UPF) 143
V
Virtual Local Area Networks (VLANs) 49, 141, 517
on core switches 10
on DC switches 10
virtual machines (VMs) 23
Virtual Private Networks (VPNs) 97, 98, 142
Virtual Router Redundancy Protocol (VRRP) 32, 65-67
Virtual System Simulator (VSS) Monitoring 267
VLAN ACLs (VACLs) 388
VLAN flooding 299
performing 301
protecting against 301
VLAN mechanism
VMware 45
call setup 495
VoIP communication 490
media 491
signaling 491
working 491
VoIP/IP Telephony (IPT) 274
volumetric attacks 176
vulnerability analysis tools 128
vulnerability database 146
vulnerability scanning 479 406
DNS cache snooping 407
DNSSEC 406
W
WAN-VRF interface 258
Web Application Firewalls (WAFs) 111, 446
web applications, protecting from attackers
countermeasures 457
Web Proxy Auto-Discover (WPAD) 456
white box testing 140
Wide Area Network (WAN) 5, 32, 141
Windows
Scapy, installing on 321
Windows Internet Name Service (WINS) 462
Wired Equivalent Privacy (WEP) 345
Wireless Intrusion Prevention Systems (WIPSs) 359
Wireless LAN Controllers (WLCs) 343
Wireless Network Interface Card (WNIC) 333
wireless networks (Wi-Fi) 142
wireless packets
dumping 336
sniffing, on target AP 335
wireless standards 328
Wireshark 136, 177, 224, 263, 333, 430, 344
captured packets view 234
download link 224
Endpoints 263
GUI 227
packet capture 270
Protocol Hierarchy tool 266-269
traffic analysis window 227
traffic filter 228
WLAN_channels
reference link 329
WLAN encryptions 345
enterprise management RadiusX protocols, attacking 352, 353
Wi-Fi Protected Access (WPA/WPA2) 346, 347
WPA2, cracking by capturing PMKID 350-352
WPA/WPA2, cracking by capturing four-way handshake 348-350
wordlist 153
reference link 153
WPA 346
WPA2 346
WPAv1 346
Y
yersinia
installing 189
Z
Zabbix
URL 202
Zero Day Initiative (ZDI)
URL 158
Zero-Trust architecture 18
zone file 398
Z Real-Time Transport Protocol (ZRTP) 497
Index
As this ebook edition doesn't have fixed pagination, the page numbers below are hyperlinked for reference only, based on the printed edition of this book.