CEH

stateful packet firewalls – teardrop attacks 459

stateful packet firewalls, 43

stateless protocols in web applications, 312

statements of desired skills, 93

stealing information

IDs in session hijacking, 285

by malware, 181

passwords and usernames, 5

stealth scans, 112–113, 113

Stealth tool, 202

stealth viruses, 187

steel doors, 402

stolen equipment attacks, 18

stolen sessions. See session hijacking

stored XSS Attacks, 291

strcat() function, 267

strcpy() function, 267

Stunnel program, 321

Stuxnet worm, 32

subdomains, 90

subnetting, 35

subordinate CAs, 67

SubSeven program, 196

suicide hackers, 8–9

SuperScan scanner, 136

switched network sniffing, 224

ARP poisoning, 225–226, 226

defenses, 227

MAC flooding, 224–225, 224 , 228–229

MAC spoofing, 226

port mirrors, 227

Switched Port Analyzers (SPAN) ports, 227

switches, 40 – 41

syllable password attacks, 156

symmetric cryptography, 61– 62

SYN packets, 33, 110–111, 111

floods, 263–266, 265–267, 315

sequence numbers, 295, 295

SYN-ACK packets, 33, 110–111, 111

SYSK EY feature, 165 –166

system access, 151–152

active online attacks, 158

authentication, 165–169

covering tracks, 170 –172

distributed network attacks, 162

exam essentials, 173

executing applications, 169 –170

offline attacks, 159–162

passive online attacks, 157–158

passwords. See passwords

review questions, 174 –177

summary, 172 –173

system administrators in social engineering,

240–241

system attacks in footprinting, 88

system fundamentals, 25–26

backups and archiving, 49

exam essentials, 50

firewalls, 43

hexadecimal vs. binary, 35–36

IP subnetting, 35

IPSs and IDSs, 43– 44

MAC addresses, 41– 43

network devices, 39– 41

network security, 44–46, 44 – 45

network topologies, 26–29, 27–29

operating systems, 46–48

OSI model, 30 –33, 31

proxies, 42

review questions, 51–54

summary, 49–50

TCP/IP ports, 37–39

TCP/IP suite, 33–35, 34

System group, 132

system hacking, 16, 83

system logs, 379

system processes in Windows, 131

system viruses, 186

T

tabular objects, 138

Targa tool, 273

Target stores, attack on, 181–182

targets in SQL injection, 336 –337

Targets of Evaluation (TOEs), 10

TCP protocol

flags on packets, 385

scans, 110 –111

services and ports, 132–133

TCP/IP suite, 33–35, 34

ports, 37–39

session hijacking, 295–296, 295

TCPdump tool, 213–214, 218 –221, 218 –220

TCPView tool, 197–198, 198

teardrop attacks, 263

bindex.indd 459 22-07-2014 11:00:57