web bug === 1) Why could a user utilize a web bug to trace whether his e-mail has been read or whether his web page Ans: 在信件裡面放一個1x1像素的外部圖片，當收件人打開信件時，就會向圖片所在server發出請求，以此記錄下收件人已打開信件，web page也是相同原理 2) By inserting a web bug to a web page, a user can obtain what information from the computer whose browser is displaying the web page? (意指 我可以從 要引用我照片的人 取得哪些資訊) Ans: 1. IP addr of 請求者 2. 請求內容的時間 3. type of web browser 4. 上次set的cookies是否還存在 HTTP cookies === 3) What are the functions of HTTP cookies? Ans: 1. authenticating, 2. tracking, 3. 保存用戶特定資料，如購物用的購物車 XSS === 4) List two ways that a malicious user could use to have a web browser execute her/his code (P.S. This code could be written in JavaScript). Ans: 1. 直接透過script tag 來執行javascript 2. 透過Hyperlinks 與 criteria配合SCRIPT，當victim click超連結時，server回傳頁面與惡意程式碼並執行 5) When a web server application does not execute what examination(檢查), then an XSS vulnerability may be created? Ans: 沒有根據user 的input 進行檢查篩選，如script的html tag 就要讓他無效化 6) Who are the most common victims to XSS? Ans: 1. CGI scripts, 2. search engincs. 3. interactive bulletin boards, 7) To complete a successful CSRF attack, what 3 preconditions(前提) must be satisfied? Ans: 1. attacker了解victim目前在哪些網站上被認證過 2. 目標網站對登入沒有二次認證 3. victim具有目標網站的auth cookie且未過期 SQL === 8) major responsibility of creating SQL vulnerability on a web service? Ans: application programs used by the web service to create SQL queries DOS/DDOS === 9) (1) What are the two DoS/DDoS attack categories? (2) For each category, list at least two DoS/DDoS attacks that belong to it. Ans: Flood Attack: * TCP SYN Flood Attack * UDP Flood Attack Low and slow: Malformed Packet: * Ping of Death Attack * TearDrop Attack * Land Attack 10) What network services are utilized by attackers to launch a Smurf flood attack? Ans: ICMP echo request service. 11) IP spoofing is frequently used in network attacks to hide the attack sources. Could every kind of DoS/DDoS attacks use this approach to hide the hosts that generate the DoS/DDoS attack packets? Ans: TCP SYN Floods不一定依賴IP欺騙來隱藏攻擊的來源。攻擊者可以使用其真實的IP地址。 12) In order to launch a DoS/DDoS attack, an attacker always needs to send plenty of attack IP packeis to the chosen target host. Is the above claim correct? Give your rcasons. Ans: NO , Malformed(畸形)packet attack 可以送少量的packet 13) List two countermeasures of DoS/DDoS Attacks. Ans: Disable unnecessary network services. Backtracking attack paths，在上游的路由器安裝filters，儘早過濾掉attack流量。 14) List 3 kinds of information that a rootkit want to hide. Ans： running processes files system data